TianoCore EDK2 master
Loading...
Searching...
No Matches
VariablePolicySmmDxe.c
1
9#include <Library/BaseLib.h>
10#include <Library/UefiLib.h>
11#include <Library/DebugLib.h>
12#include <Library/SafeIntLib.h>
13#include <Library/UefiBootServicesTableLib.h>
14#include <Library/BaseMemoryLib.h>
15#include <Library/MemoryAllocationLib.h>
16
17#include <Protocol/VariablePolicy.h>
18#include <Protocol/MmCommunication2.h>
19
20#include <Guid/VarCheckPolicyMmi.h>
21
22#include "Variable.h"
23
24EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol;
25EFI_MM_COMMUNICATION2_PROTOCOL *mMmCommunication;
26
27VOID *mMmCommunicationBuffer;
28UINTN mMmCommunicationBufferSize;
29EFI_LOCK mMmCommunicationLock;
30
40STATIC
41EFI_STATUS
42InternalMmCommunicate (
43 IN OUT VOID *CommBuffer,
44 IN OUT UINTN *CommSize
45 )
46{
47 EFI_STATUS Status;
48
49 if ((CommBuffer == NULL) || (CommSize == NULL)) {
50 return EFI_INVALID_PARAMETER;
51 }
52
53 Status = mMmCommunication->Communicate (mMmCommunication, CommBuffer, CommBuffer, CommSize);
54 return Status;
55}
56
67STATIC
68EFI_STATUS
69EFIAPI
70ProtocolDisableVariablePolicy (
71 VOID
72 )
73{
74 EFI_STATUS Status;
75 EFI_MM_COMMUNICATE_HEADER *CommHeader;
76 VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
77 UINTN BufferSize;
78
79 // Check the PCD for convenience.
80 // This would also be rejected by the lib, but why go to MM if we don't have to?
81 if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {
82 return EFI_WRITE_PROTECTED;
83 }
84
85 AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
86
87 // Set up the MM communication.
88 BufferSize = mMmCommunicationBufferSize;
89 CommHeader = mMmCommunicationBuffer;
90 PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data;
91 CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid);
92 CommHeader->MessageLength = BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
93 PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
94 PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
95 PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_DISABLE;
96
97 Status = InternalMmCommunicate (CommHeader, &BufferSize);
98 DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __func__, Status));
99
100 ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
101
102 return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result;
103}
104
116STATIC
117EFI_STATUS
118EFIAPI
119ProtocolIsVariablePolicyEnabled (
120 OUT BOOLEAN *State
121 )
122{
123 EFI_STATUS Status;
124 EFI_MM_COMMUNICATE_HEADER *CommHeader;
125 VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
126 VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *CommandParams;
127 UINTN BufferSize;
128
129 if (State == NULL) {
130 return EFI_INVALID_PARAMETER;
131 }
132
133 AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
134
135 // Set up the MM communication.
136 BufferSize = mMmCommunicationBufferSize;
137 CommHeader = mMmCommunicationBuffer;
138 PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data;
139 CommandParams = (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *)(PolicyHeader + 1);
140 CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid);
141 CommHeader->MessageLength = BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
142 PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
143 PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
144 PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_IS_ENABLED;
145
146 Status = InternalMmCommunicate (CommHeader, &BufferSize);
147 DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __func__, Status));
148
149 if (!EFI_ERROR (Status)) {
150 Status = PolicyHeader->Result;
151 *State = CommandParams->State;
152 }
153
154 ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
155
156 return Status;
157}
158
174STATIC
175EFI_STATUS
176EFIAPI
177ProtocolRegisterVariablePolicy (
178 IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
179 )
180{
181 EFI_STATUS Status;
182 EFI_MM_COMMUNICATE_HEADER *CommHeader;
183 VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
184 VOID *PolicyBuffer;
185 UINTN BufferSize;
186 UINTN RequiredSize;
187
188 if (NewPolicy == NULL) {
189 return EFI_INVALID_PARAMETER;
190 }
191
192 // First, make sure that the required size does not exceed the capabilities
193 // of the MmCommunication buffer.
194 RequiredSize = OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data) + sizeof (VAR_CHECK_POLICY_COMM_HEADER);
195 Status = SafeUintnAdd (RequiredSize, NewPolicy->Size, &RequiredSize);
196 if (EFI_ERROR (Status) || (RequiredSize > mMmCommunicationBufferSize)) {
197 DEBUG ((
198 DEBUG_ERROR,
199 "%a - Policy too large for buffer! %r, %d > %d \n",
200 __func__,
201 Status,
202 RequiredSize,
203 mMmCommunicationBufferSize
204 ));
205 return EFI_OUT_OF_RESOURCES;
206 }
207
208 AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
209
210 // Set up the MM communication.
211 BufferSize = mMmCommunicationBufferSize;
212 CommHeader = mMmCommunicationBuffer;
213 PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data;
214 PolicyBuffer = (VOID *)(PolicyHeader + 1);
215 CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid);
216 CommHeader->MessageLength = BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
217 PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
218 PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
219 PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_REGISTER;
220
221 // Copy the policy into place. This copy is safe because we've already tested above.
222 CopyMem (PolicyBuffer, NewPolicy, NewPolicy->Size);
223
224 Status = InternalMmCommunicate (CommHeader, &BufferSize);
225 DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __func__, Status));
226
227 ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
228
229 return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result;
230}
231
247STATIC
248EFI_STATUS
249DumpVariablePolicyHelper (
250 IN UINT32 PageRequested,
251 OUT UINT32 *TotalSize,
252 OUT UINT32 *PageSize,
253 OUT BOOLEAN *HasMore,
254 OUT UINT8 **Buffer
255 )
256{
257 EFI_STATUS Status;
258 EFI_MM_COMMUNICATE_HEADER *CommHeader;
259 VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
260 VAR_CHECK_POLICY_COMM_DUMP_PARAMS *CommandParams;
261 UINTN BufferSize;
262
263 if ((TotalSize == NULL) || (PageSize == NULL) || (HasMore == NULL) || (Buffer == NULL)) {
264 return EFI_INVALID_PARAMETER;
265 }
266
267 // Set up the MM communication.
268 BufferSize = mMmCommunicationBufferSize;
269 CommHeader = mMmCommunicationBuffer;
270 PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data;
271 CommandParams = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS *)(PolicyHeader + 1);
272 CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid);
273 CommHeader->MessageLength = BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
274 PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
275 PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
276 PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_DUMP;
277
278 CommandParams->PageRequested = PageRequested;
279
280 Status = InternalMmCommunicate (CommHeader, &BufferSize);
281 DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __func__, Status));
282
283 if (!EFI_ERROR (Status)) {
284 Status = PolicyHeader->Result;
285 *TotalSize = CommandParams->TotalSize;
286 *PageSize = CommandParams->PageSize;
287 *HasMore = CommandParams->HasMore;
288 *Buffer = (UINT8 *)(CommandParams + 1);
289 }
290
291 return Status;
292}
293
309STATIC
310EFI_STATUS
311EFIAPI
312ProtocolDumpVariablePolicy (
313 OUT UINT8 *Policy OPTIONAL,
314 IN OUT UINT32 *Size
315 )
316{
317 EFI_STATUS Status;
318 UINT8 *Source;
319 UINT8 *Destination;
320 UINT32 PolicySize;
321 UINT32 PageSize;
322 BOOLEAN HasMore;
323 UINT32 PageIndex;
324
325 if ((Size == NULL) || ((*Size > 0) && (Policy == NULL))) {
326 return EFI_INVALID_PARAMETER;
327 }
328
329 AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
330
331 // Repeat this whole process until we either have a failure case or get the entire buffer.
332 do {
333 // First, we must check the zero page to determine the buffer size and
334 // reset the internal state.
335 PolicySize = 0;
336 PageSize = 0;
337 HasMore = FALSE;
338 Status = DumpVariablePolicyHelper (0, &PolicySize, &PageSize, &HasMore, &Source);
339 if (EFI_ERROR (Status)) {
340 break;
341 }
342
343 // If we're good, we can at least check the required size now.
344 if (*Size < PolicySize) {
345 *Size = PolicySize;
346 Status = EFI_BUFFER_TOO_SMALL;
347 break;
348 }
349
350 // On further thought, let's update the size either way.
351 *Size = PolicySize;
352 // And get ready to ROCK.
353 Destination = Policy;
354
355 // Keep looping and copying until we're either done or freak out.
356 for (PageIndex = 1; !EFI_ERROR (Status) && HasMore && PageIndex < MAX_UINT32; PageIndex++) {
357 Status = DumpVariablePolicyHelper (PageIndex, &PolicySize, &PageSize, &HasMore, &Source);
358 if (!EFI_ERROR (Status)) {
359 CopyMem (Destination, Source, PageSize);
360 Destination += PageSize;
361 }
362 }
363
364 // Next, we check to see whether
365 } while (Status == EFI_TIMEOUT);
366
367 ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
368
369 // There's currently no use for this, but it shouldn't be hard to implement.
370 return Status;
371}
372
381STATIC
382EFI_STATUS
383EFIAPI
384ProtocolLockVariablePolicy (
385 VOID
386 )
387{
388 EFI_STATUS Status;
389 EFI_MM_COMMUNICATE_HEADER *CommHeader;
390 VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
391 UINTN BufferSize;
392
393 AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
394
395 // Set up the MM communication.
396 BufferSize = mMmCommunicationBufferSize;
397 CommHeader = mMmCommunicationBuffer;
398 PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data;
399 CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid);
400 CommHeader->MessageLength = BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
401 PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
402 PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
403 PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_LOCK;
404
405 Status = InternalMmCommunicate (CommHeader, &BufferSize);
406 DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __func__, Status));
407
408 ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
409
410 return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result;
411}
412
460STATIC
461EFI_STATUS
462InternalProtocolGetVariablePolicyInfo (
463 IN UINT32 Command,
464 IN CONST CHAR16 *VariableName,
465 IN CONST EFI_GUID *VendorGuid,
466 IN OUT UINTN *VariablePolicyVariableNameBufferSize, OPTIONAL
467 OUT VOID *VariablePolicy,
468 OUT CHAR16 *VariablePolicyVariableName OPTIONAL
469 )
470{
471 EFI_STATUS Status;
472 CHAR16 *OutputVariableName;
473 EFI_MM_COMMUNICATE_HEADER *CommHeader;
474 VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
475 VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS *CommandParams;
476 UINTN AllowedOutputVariableNameSize;
477 UINTN BufferSize;
478 UINTN VariableNameSize;
479
480 if ((VariableName == NULL) || (VendorGuid == NULL) || (VariablePolicy == NULL)) {
481 return EFI_INVALID_PARAMETER;
482 }
483
484 switch (Command) {
485 case VAR_CHECK_POLICY_COMMAND_GET_INFO:
486 case VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO:
487 break;
488 default:
489 return EFI_INVALID_PARAMETER;
490 }
491
492 AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
493
494 VariableNameSize = StrnSizeS (
495 VariableName,
496 (VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE - VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END)
497 );
498 if (VariableNameSize >= (VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE - VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END)) {
499 Status = EFI_INVALID_PARAMETER;
500 goto Done;
501 }
502
503 if ((VariablePolicyVariableName != NULL) && (VariablePolicyVariableNameBufferSize == NULL)) {
504 return EFI_INVALID_PARAMETER;
505 goto Done;
506 }
507
508 BufferSize = mMmCommunicationBufferSize;
509 CommHeader = mMmCommunicationBuffer;
510
511 Status = SafeUintnSub (
512 VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE,
513 VariableNameSize,
514 &AllowedOutputVariableNameSize
515 );
516 if (EFI_ERROR (Status)) {
517 Status = EFI_INVALID_PARAMETER;
518 goto Done;
519 }
520
521 if (VariablePolicyVariableNameBufferSize != NULL) {
522 AllowedOutputVariableNameSize = MIN (AllowedOutputVariableNameSize, *VariablePolicyVariableNameBufferSize);
523 } else {
524 AllowedOutputVariableNameSize = 0;
525 }
526
527 PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data;
528 CommandParams = (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS *)(PolicyHeader + 1);
529
530 CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid);
531 CommHeader->MessageLength = BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
532 PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
533 PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
534 PolicyHeader->Command = Command;
535
536 ZeroMem ((VOID *)&CommandParams->OutputPolicyEntry, sizeof (CommandParams->OutputPolicyEntry));
537 CopyGuid (&CommandParams->InputVendorGuid, VendorGuid);
538 Status = SafeUintnToUint32 (VariableNameSize, &CommandParams->InputVariableNameSize);
539 if (EFI_ERROR (Status)) {
540 Status = EFI_INVALID_PARAMETER;
541 goto Done;
542 }
543
544 Status = SafeUintnToUint32 (AllowedOutputVariableNameSize, &CommandParams->OutputVariableNameSize);
545 if (EFI_ERROR (Status)) {
546 Status = EFI_INVALID_PARAMETER;
547 goto Done;
548 }
549
550 if (AllowedOutputVariableNameSize > 0) {
551 Status = StrnCpyS (
552 CommandParams->InputVariableName,
553 AllowedOutputVariableNameSize / sizeof (CHAR16),
554 VariableName,
555 (UINTN)CommandParams->InputVariableNameSize / sizeof (CHAR16)
556 );
557 ASSERT_EFI_ERROR (Status);
558 }
559
560 Status = InternalMmCommunicate (CommHeader, &BufferSize);
561 if (Status == EFI_SUCCESS) {
562 CopyMem (
563 VariablePolicy,
564 (VOID *)&CommandParams->OutputPolicyEntry,
565 (Command == VAR_CHECK_POLICY_COMMAND_GET_INFO) ?
566 sizeof (CommandParams->OutputPolicyEntry.VariablePolicy) :
567 sizeof (CommandParams->OutputPolicyEntry.LockOnVarStatePolicy)
568 );
569
570 if (VariablePolicyVariableNameBufferSize == NULL) {
571 if (VariablePolicyVariableName != NULL) {
572 Status = EFI_INVALID_PARAMETER;
573 }
574
575 goto Done;
576 }
577
578 if (PolicyHeader->Result == EFI_BUFFER_TOO_SMALL) {
579 *VariablePolicyVariableNameBufferSize = (UINTN)CommandParams->OutputVariableNameSize;
580 goto Done;
581 }
582
583 if (PolicyHeader->Result == EFI_SUCCESS) {
584 if (CommandParams->OutputVariableNameSize > 0) {
585 Status = SafeUintnAdd (
586 ((UINTN)CommandParams + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END),
587 (UINTN)CommandParams->InputVariableNameSize,
588 (UINTN *)&OutputVariableName
589 );
590 if (EFI_ERROR (Status)) {
591 Status = EFI_BAD_BUFFER_SIZE;
592 goto Done;
593 }
594
595 Status = StrnCpyS (
596 VariablePolicyVariableName,
597 *VariablePolicyVariableNameBufferSize / sizeof (CHAR16),
598 OutputVariableName,
599 (UINTN)CommandParams->OutputVariableNameSize
600 );
601 ASSERT_EFI_ERROR (Status);
602 *VariablePolicyVariableNameBufferSize = (UINTN)CommandParams->OutputVariableNameSize;
603 } else {
604 // A variable policy variable name is not present. Return values according to interface.
605 *VariablePolicyVariableNameBufferSize = 0;
606 }
607 }
608 }
609
610Done:
611 ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
612
613 return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result;
614}
615
658STATIC
659EFI_STATUS
660EFIAPI
661ProtocolGetVariablePolicyInfo (
662 IN CONST CHAR16 *VariableName,
663 IN CONST EFI_GUID *VendorGuid,
664 IN OUT UINTN *VariablePolicyVariableNameBufferSize, OPTIONAL
665 OUT VARIABLE_POLICY_ENTRY *VariablePolicy,
666 OUT CHAR16 *VariablePolicyVariableName OPTIONAL
667 )
668{
669 return InternalProtocolGetVariablePolicyInfo (
670 VAR_CHECK_POLICY_COMMAND_GET_INFO,
671 VariableName,
672 VendorGuid,
673 VariablePolicyVariableNameBufferSize,
674 VariablePolicy,
675 VariablePolicyVariableName
676 );
677}
678
724STATIC
725EFI_STATUS
726EFIAPI
727ProtocolGetLockOnVariableStateVariablePolicyInfo (
728 IN CONST CHAR16 *VariableName,
729 IN CONST EFI_GUID *VendorGuid,
730 IN OUT UINTN *VariableLockPolicyVariableNameBufferSize, OPTIONAL
731 OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy,
732 OUT CHAR16 *VariableLockPolicyVariableName OPTIONAL
733 )
734{
735 return InternalProtocolGetVariablePolicyInfo (
736 VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO,
737 VariableName,
738 VendorGuid,
739 VariableLockPolicyVariableNameBufferSize,
740 VariablePolicy,
741 VariableLockPolicyVariableName
742 );
743}
744
757STATIC
758EFI_STATUS
759InitMmCommonCommBuffer (
760 IN OUT UINTN *BufferSize,
761 OUT VOID **LocatedBuffer
762 )
763{
764 EFI_STATUS Status;
765
766 Status = EFI_SUCCESS;
767
768 // Make sure that we're working with good pointers.
769 if ((BufferSize == NULL) || (LocatedBuffer == NULL)) {
770 return EFI_INVALID_PARAMETER;
771 }
772
773 // Allocate the runtime memory for the comm buffer.
774 *LocatedBuffer = AllocateRuntimePool (*BufferSize);
775 if (*LocatedBuffer == NULL) {
776 Status = EFI_OUT_OF_RESOURCES;
777 *BufferSize = 0;
778 }
779
780 EfiInitializeLock (&mMmCommunicationLock, TPL_NOTIFY);
781
782 return Status;
783}
784
792STATIC
793VOID
794EFIAPI
795VariablePolicyVirtualAddressCallback (
796 IN EFI_EVENT Event,
797 IN VOID *Context
798 )
799{
800 EfiConvertPointer (0, (VOID **)&mMmCommunication);
801 EfiConvertPointer (0, (VOID **)&mMmCommunicationBuffer);
802}
803
814EFI_STATUS
815EFIAPI
816VariablePolicySmmDxeMain (
817 IN EFI_HANDLE ImageHandle,
818 IN EFI_SYSTEM_TABLE *SystemTable
819 )
820{
821 EFI_STATUS Status;
822 BOOLEAN ProtocolInstalled;
823 BOOLEAN VirtualAddressChangeRegistered;
824 EFI_EVENT VirtualAddressChangeEvent;
825
826 Status = EFI_SUCCESS;
827 ProtocolInstalled = FALSE;
828 VirtualAddressChangeRegistered = FALSE;
829
830 // Update the minimum buffer size.
831 mMmCommunicationBufferSize = VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE;
832 // Locate the shared comm buffer to use for sending MM commands.
833 Status = InitMmCommonCommBuffer (&mMmCommunicationBufferSize, &mMmCommunicationBuffer);
834 if (EFI_ERROR (Status)) {
835 DEBUG ((DEBUG_ERROR, "%a - Failed to locate a viable MM comm buffer! %r\n", __func__, Status));
836 ASSERT_EFI_ERROR (Status);
837 return Status;
838 }
839
840 // Locate the MmCommunication protocol.
841 Status = gBS->LocateProtocol (&gEfiMmCommunication2ProtocolGuid, NULL, (VOID **)&mMmCommunication);
842 if (EFI_ERROR (Status)) {
843 DEBUG ((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol! %r\n", __func__, Status));
844 ASSERT_EFI_ERROR (Status);
845 return Status;
846 }
847
848 // Configure the VariablePolicy protocol structure.
849 mVariablePolicyProtocol.Revision = EDKII_VARIABLE_POLICY_PROTOCOL_REVISION;
850 mVariablePolicyProtocol.DisableVariablePolicy = ProtocolDisableVariablePolicy;
851 mVariablePolicyProtocol.IsVariablePolicyEnabled = ProtocolIsVariablePolicyEnabled;
852 mVariablePolicyProtocol.RegisterVariablePolicy = ProtocolRegisterVariablePolicy;
853 mVariablePolicyProtocol.DumpVariablePolicy = ProtocolDumpVariablePolicy;
854 mVariablePolicyProtocol.LockVariablePolicy = ProtocolLockVariablePolicy;
855 mVariablePolicyProtocol.GetVariablePolicyInfo = ProtocolGetVariablePolicyInfo;
856 mVariablePolicyProtocol.GetLockOnVariableStateVariablePolicyInfo = ProtocolGetLockOnVariableStateVariablePolicyInfo;
857
858 // Register all the protocols and return the status.
859 Status = gBS->InstallMultipleProtocolInterfaces (
860 &ImageHandle,
861 &gEdkiiVariablePolicyProtocolGuid,
862 &mVariablePolicyProtocol,
863 NULL
864 );
865 if (EFI_ERROR (Status)) {
866 DEBUG ((DEBUG_ERROR, "%a - Failed to install protocol! %r\n", __func__, Status));
867 goto Exit;
868 } else {
869 ProtocolInstalled = TRUE;
870 }
871
872 // Normally, we might want to register a callback
873 // to lock the interface, but this is integrated
874 // into the existing callbacks in VaraiableSmm.c
875 // and VariableDxe.c.
876
877 //
878 // Register a VirtualAddressChange callback for the MmComm protocol and Comm buffer.
879 Status = gBS->CreateEventEx (
880 EVT_NOTIFY_SIGNAL,
881 TPL_NOTIFY,
882 VariablePolicyVirtualAddressCallback,
883 NULL,
884 &gEfiEventVirtualAddressChangeGuid,
885 &VirtualAddressChangeEvent
886 );
887 if (EFI_ERROR (Status)) {
888 DEBUG ((DEBUG_ERROR, "%a - Failed to create VirtualAddressChange event! %r\n", __func__, Status));
889 goto Exit;
890 } else {
891 VirtualAddressChangeRegistered = TRUE;
892 }
893
894Exit:
895 //
896 // If we're about to return a failed status (and unload this driver), we must first undo anything that
897 // has been successfully done.
898 if (EFI_ERROR (Status)) {
899 if (ProtocolInstalled) {
900 gBS->UninstallProtocolInterface (&ImageHandle, &gEdkiiVariablePolicyProtocolGuid, &mVariablePolicyProtocol);
901 }
902
903 if (VirtualAddressChangeRegistered) {
904 gBS->CloseEvent (VirtualAddressChangeEvent);
905 }
906 }
907
908 return Status;
909}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
StrnSizeS
UINTN EFIAPI StrnSizeS(IN CONST CHAR16 *String, IN UINTN MaxSize)
Definition: SafeString.c:176
StrnCpyS
RETURN_STATUS EFIAPI StrnCpyS(OUT CHAR16 *Destination, IN UINTN DestMax, IN CONST CHAR16 *Source, IN UINTN Length)
Definition: SafeString.c:310
CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CopyMemWrapper.c:41
CopyGuid
GUID *EFIAPI CopyGuid(OUT GUID *DestinationGuid, IN CONST GUID *SourceGuid)
Definition: MemLibGuid.c:39
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38
AllocateRuntimePool
VOID *EFIAPI AllocateRuntimePool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:410
ReleaseLockOnlyAtBootTime
VOID ReleaseLockOnlyAtBootTime(IN EFI_LOCK *Lock)
Definition: VariableDxe.c:130
AcquireLockOnlyAtBootTime
VOID AcquireLockOnlyAtBootTime(IN EFI_LOCK *Lock)
Definition: VariableDxe.c:108
NULL
#define NULL
Definition: Base.h:319
CONST
#define CONST
Definition: Base.h:259
STATIC
#define STATIC
Definition: Base.h:264
MIN
#define MIN(a, b)
Definition: Base.h:1007
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
IN
#define IN
Definition: Base.h:279
OFFSET_OF
#define OFFSET_OF(TYPE, Field)
Definition: Base.h:758
OUT
#define OUT
Definition: Base.h:284
ASSERT_EFI_ERROR
#define ASSERT_EFI_ERROR(StatusParameter)
Definition: DebugLib.h:462
DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434
PcdGetBool
#define PcdGetBool(TokenName)
Definition: PcdLib.h:401
SafeUintnAdd
RETURN_STATUS EFIAPI SafeUintnAdd(IN UINTN Augend, IN UINTN Addend, OUT UINTN *Result)
Definition: SafeIntLib32.c:338
SafeUintnToUint32
RETURN_STATUS EFIAPI SafeUintnToUint32(IN UINTN Operand, OUT UINT32 *Result)
Definition: SafeIntLib32.c:177
SafeUintnSub
RETURN_STATUS EFIAPI SafeUintnSub(IN UINTN Minuend, IN UINTN Subtrahend, OUT UINTN *Result)
Definition: SafeIntLib32.c:384
Exit
VOID EFIAPI Exit(IN EFI_STATUS Status)
Definition: ApplicationEntryPoint.c:83
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_EVENT
VOID * EFI_EVENT
Definition: UefiBaseType.h:37
EFI_HANDLE
VOID * EFI_HANDLE
Definition: UefiBaseType.h:33
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
gBS
EFI_BOOT_SERVICES * gBS
Definition: UefiBootServicesTableLib.c:17
EfiInitializeLock
EFI_LOCK *EFIAPI EfiInitializeLock(IN OUT EFI_LOCK *Lock, IN EFI_TPL Priority)
Definition: UefiLib.c:405
EfiConvertPointer
EFI_STATUS EFIAPI EfiConvertPointer(IN UINTN DebugDisposition, IN OUT VOID **Address)
Definition: RuntimeLib.c:561
ProtocolIsVariablePolicyEnabled
EFI_STATUS EFIAPI ProtocolIsVariablePolicyEnabled(OUT BOOLEAN *State)
Definition: VariableDxe.c:516
_EDKII_VARIABLE_POLICY_PROTOCOL
Definition: VariablePolicy.h:261
_EFI_MM_COMMUNICATION2_PROTOCOL
Definition: MmCommunication2.h:63
_VAR_CHECK_POLICY_COMM_DUMP_PARAMS
Definition: VarCheckPolicyMmi.h:28
_VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS
Definition: VarCheckPolicyMmi.h:40
_VAR_CHECK_POLICY_COMM_HEADER
Definition: VarCheckPolicyMmi.h:17
_VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS
Definition: VarCheckPolicyMmi.h:24
EFI_LOCK
Definition: UefiLib.h:58
EFI_MM_COMMUNICATE_HEADER
Definition: MmCommunication.h:21
EFI_MM_COMMUNICATE_HEADER::Data
UINT8 Data[1]
Definition: MmCommunication.h:33
EFI_MM_COMMUNICATE_HEADER::HeaderGuid
EFI_GUID HeaderGuid
Definition: MmCommunication.h:25
EFI_MM_COMMUNICATE_HEADER::MessageLength
UINTN MessageLength
Definition: MmCommunication.h:29
EFI_SYSTEM_TABLE
Definition: UefiSpec.h:2028
GUID
Definition: Base.h:213
VARIABLE_LOCK_ON_VAR_STATE_POLICY
Definition: VariablePolicy.h:57
VARIABLE_POLICY_ENTRY
Definition: VariablePolicy.h:32