MdeModulePkg: Add SMM LockBox

This includes:
* LockBox protocol definition
* LockBoxLib library interface definition
* SmmLockBox GUID
* LockBoxNullLib library implementation
* 2 SmmLockBoxLib library implementations
* SmmLockBox SMM driver

Signed-off-by: jljusten
Reviewed-by: mdkinney
Reviewed-by: geekboy15a
Reviewed-by: jyao1
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12029 6f19259b-4bc3-4df7-8a09-765794883524

MdeModulePkg/Include/Guid/SmmLockBox.h

@@ -0,0 +1,73 @@
+/** @file
+  SmmLockBox guid header file.
+
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions
+of the BSD License which accompanies this distribution.  The
+full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _SMM_LOCK_BOX_GUID_H_
+#define _SMM_LOCK_BOX_GUID_H_
+
+#define EFI_SMM_LOCK_BOX_COMMUNICATION_GUID \
+  {0x2a3cfebd, 0x27e8, 0x4d0a, {0x8b, 0x79, 0xd6, 0x88, 0xc2, 0xa3, 0xe1, 0xc0}}
+
+//
+// Below data structure is used for communication between PEI/DXE to SMM.
+//
+
+#define EFI_SMM_LOCK_BOX_COMMAND_SAVE                 0x1
+#define EFI_SMM_LOCK_BOX_COMMAND_UPDATE               0x2
+#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE              0x3
+#define EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES       0x4
+#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE 0x5
+
+typedef struct {
+  UINT32                         Command;
+  UINT32                         DataLength;
+  UINT64                         ReturnStatus;
+} EFI_SMM_LOCK_BOX_PARAMETER_HEADER;
+
+typedef struct {
+  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  Header;
+  GUID                               Guid;
+  PHYSICAL_ADDRESS                   Buffer;
+  UINT64                             Length;
+} EFI_SMM_LOCK_BOX_PARAMETER_SAVE;
+
+typedef struct {
+  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  Header;
+  GUID                               Guid;
+  UINT64                             Offset;
+  PHYSICAL_ADDRESS                   Buffer;
+  UINT64                             Length;
+} EFI_SMM_LOCK_BOX_PARAMETER_UPDATE;
+
+typedef struct {
+  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  Header;
+  GUID                               Guid;
+  PHYSICAL_ADDRESS                   Buffer;
+  UINT64                             Length;
+} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE;
+
+typedef struct {
+  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  Header;
+  GUID                               Guid;
+  UINT64                             Attributes;
+} EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES;
+
+typedef struct {
+  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  Header;
+} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE;
+
+extern EFI_GUID gEfiSmmLockBoxCommunicationGuid;
+
+#endif

MdeModulePkg/Include/Library/LockBoxLib.h

@@ -0,0 +1,133 @@
+/** @file
+  This library is only intended to be used by DXE modules that need save
+  confidential information to LockBox and get it by PEI modules in S3 phase.
+
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions
+of the BSD License which accompanies this distribution.  The
+full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _LOCK_BOX_LIB_H_
+#define _LOCK_BOX_LIB_H_
+
+/**
+  This function will save confidential information to lockbox.
+
+  @param Guid       the guid to identify the confidential information
+  @param Buffer     the address of the confidential information
+  @param Length     the length of the confidential information
+
+  @retval RETURN_SUCCESS            the information is saved successfully.
+  @retval RETURN_INVALID_PARAMETER  the Guid is NULL, or Buffer is NULL, or Length is 0
+  @retval RETURN_ALREADY_STARTED    the requested GUID already exist.
+  @retval RETURN_OUT_OF_RESOURCES   no enough resource to save the information.
+  @retval RETURN_ACCESS_DENIED      it is too late to invoke this interface
+  @retval RETURN_NOT_STARTED        it is too early to invoke this interface
+  @retval RETURN_UNSUPPORTED        the service is not supported by implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+SaveLockBox (
+  IN  GUID                        *Guid,
+  IN  VOID                        *Buffer,
+  IN  UINTN                       Length
+  );
+
+/**
+  This function will set lockbox attributes.
+
+  @param Guid       the guid to identify the confidential information
+  @param Attributes the attributes of the lockbox
+
+  @retval RETURN_SUCCESS            the information is saved successfully.
+  @retval RETURN_INVALID_PARAMETER  attributes is invalid.
+  @retval RETURN_NOT_FOUND          the requested GUID not found.
+  @retval RETURN_ACCESS_DENIED      it is too late to invoke this interface
+  @retval RETURN_NOT_STARTED        it is too early to invoke this interface
+  @retval RETURN_UNSUPPORTED        the service is not supported by implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+SetLockBoxAttributes (
+  IN  GUID                        *Guid,
+  IN  UINT64                      Attributes
+  );
+
+//
+// With this flag, this LockBox can be restored to this Buffer with RestoreAllLockBoxInPlace()
+//
+#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE  BIT0
+
+/**
+  This function will update confidential information to lockbox.
+
+  @param Guid   the guid to identify the original confidential information
+  @param Offset the offset of the original confidential information
+  @param Buffer the address of the updated confidential information
+  @param Length the length of the updated confidential information
+
+  @retval RETURN_SUCCESS            the information is saved successfully.
+  @retval RETURN_INVALID_PARAMETER  the Guid is NULL, or Buffer is NULL, or Length is 0.
+  @retval RETURN_NOT_FOUND          the requested GUID not found.
+  @retval RETURN_BUFFER_TOO_SMALL   the original buffer to too small to hold new information.
+  @retval RETURN_ACCESS_DENIED      it is too late to invoke this interface
+  @retval RETURN_NOT_STARTED        it is too early to invoke this interface
+  @retval RETURN_UNSUPPORTED        the service is not supported by implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+UpdateLockBox (
+  IN  GUID                        *Guid,
+  IN  UINTN                       Offset,
+  IN  VOID                        *Buffer,
+  IN  UINTN                       Length
+  );
+
+/**
+  This function will restore confidential information from lockbox.
+
+  @param Guid   the guid to identify the confidential information
+  @param Buffer the address of the restored confidential information
+                NULL means restored to original address, Length MUST be NULL at same time.
+  @param Length the length of the restored confidential information
+
+  @retval RETURN_SUCCESS            the information is restored successfully.
+  @retval RETURN_INVALID_PARAMETER  the Guid is NULL, or one of Buffer and Length is NULL.
+  @retval RETURN_WRITE_PROTECTED    Buffer and Length are NULL, but the LockBox has no 
+                                    LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.
+  @retval RETURN_BUFFER_TOO_SMALL   the Length is too small to hold the confidential information.
+  @retval RETURN_NOT_FOUND          the requested GUID not found.
+  @retval RETURN_NOT_STARTED        it is too early to invoke this interface
+  @retval RETURN_ACCESS_DENIED      not allow to restore to the address
+  @retval RETURN_UNSUPPORTED        the service is not supported by implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+RestoreLockBox (
+  IN  GUID                        *Guid,
+  IN  VOID                        *Buffer, OPTIONAL
+  IN  OUT UINTN                   *Length  OPTIONAL
+  );
+
+/**
+  This function will restore confidential information from all lockbox which have RestoreInPlace attribute.
+
+  @retval RETURN_SUCCESS            the information is restored successfully.
+  @retval RETURN_NOT_STARTED        it is too early to invoke this interface
+  @retval RETURN_UNSUPPORTED        the service is not supported by implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+RestoreAllLockBoxInPlace (
+  VOID
+  );
+
+#endif

MdeModulePkg/Include/Protocol/LockBox.h

@@ -0,0 +1,31 @@
+/** @file
+  LockBox protocol header file.
+  This is used to resolve dependency problem. The LockBox implementation
+  install this to broadcast that LockBox API is ready. The driver who will
+  use LockBox at its ENTRYPOINT should add this dependency.
+
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions
+of the BSD License which accompanies this distribution.  The
+full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _LOCK_BOX_PROTOCOL_H_
+#define _LOCK_BOX_PROTOCOL_H_
+
+///
+/// Global ID for the EFI LOCK BOX Protocol.
+///
+#define EFI_LOCK_BOX_PROTOCOL_GUID \
+  { 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }}
+
+extern EFI_GUID gEfiLockBoxProtocolGuid;
+
+#endif