Security enhancement to SMM Base thunk drivers: Framework SMM drivers can't be loaded after SMRAM is locked.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10316 6f19259b-4bc3-4df7-8a09-765794883524
2010-03-26 08:41:06 +00:00
parent 123e0cacd0
commit 8edfbe027c
4 changed files with 104 additions and 9 deletions
--- a/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.c
+++ b/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.c
@@ -44,6 +44,7 @@ EFI_HANDLE                         mSmmBaseHandle = NULL;
 EFI_SMM_BASE2_PROTOCOL             *mSmmBase2 = NULL;
 EFI_SMM_COMMUNICATION_PROTOCOL     *mSmmCommunication = NULL;
 EFI_SMM_BASE_HELPER_READY_PROTOCOL *mSmmBaseHelperReady = NULL;
+BOOLEAN                            mAtRuntime = FALSE;

 /**
  Determine if in SMM mode.
@@ -133,7 +134,7 @@ SmmBaseRegister (
  IN      BOOLEAN                   LegacyIA32Binary
  )
 {
-  if (LegacyIA32Binary) {
+  if (mAtRuntime || LegacyIA32Binary) {
    return EFI_UNSUPPORTED;
  }

@@ -166,6 +167,10 @@ SmmBaseUnregister (
  IN      EFI_HANDLE                ImageHandle
  )
 {
+  if (mAtRuntime) {
+    return EFI_UNSUPPORTED;
+  }
+
  mCommunicationData.FunctionData.Function = SmmBaseFunctionUnregister;
  mCommunicationData.FunctionData.Args.UnRegister.ImageHandle = ImageHandle;

@@ -308,6 +313,10 @@ SmmBaseSmmAllocatePool (
  OUT     VOID                      **Buffer
  )
 {
+  if (mAtRuntime) {
+    return EFI_UNSUPPORTED;
+  }
+
  mCommunicationData.FunctionData.Function = SmmBaseFunctionAllocatePool;
  mCommunicationData.FunctionData.Args.AllocatePool.PoolType = PoolType;
  mCommunicationData.FunctionData.Args.AllocatePool.Size = Size;
@@ -336,6 +345,10 @@ SmmBaseSmmFreePool (
  IN      VOID                      *Buffer
  )
 {
+  if (mAtRuntime) {
+    return EFI_UNSUPPORTED;
+  }
+
  mCommunicationData.FunctionData.Function = SmmBaseFunctionFreePool;
  mCommunicationData.FunctionData.Args.FreePool.Buffer = Buffer;

@@ -408,6 +421,24 @@ EFI_SMM_BASE_PROTOCOL  mSmmBase = {
  SmmBaseGetSmstLocation
 };

+/**
+  Notification function on Exit Boot Services Event.
+
+  This function sets a flag indicating it is in Runtime phase.
+
+  @param  Event        Event whose notification function is being invoked
+  @param  Context      Pointer to the notification function's context
+**/
+VOID
+EFIAPI
+SmmBaseExitBootServicesEventNotify (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  mAtRuntime = TRUE;
+}
+
 /**
  Entry Point for SMM Base Protocol on SMM Base2 Protocol Thunk driver.

@@ -449,6 +480,19 @@ SmmBaseThunkMain (
  Status = gBS->LocateProtocol (&gEfiSmmBaseHelperReadyProtocolGuid, NULL, (VOID **) &mSmmBaseHelperReady);
  ASSERT_EFI_ERROR (Status);

+  //
+  // Create event notification on Exit Boot Services event.
+  //
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_NOTIFY,
+                  SmmBaseExitBootServicesEventNotify,
+                  NULL,
+                  &gEfiEventExitBootServicesGuid,
+                  &Event
+                  );
+  ASSERT_EFI_ERROR (Status);
+
  //
  // Create event on SetVirtualAddressMap() to convert mSmmCommunication from a physical address to a virtual address
  //