sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg Variable: Reuse scratch data area(at the end of volatile variable store)

Browse Source 
as serialization runtime buffer to reduce SMRAM consumption for SMM variable driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17059 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Star Zeng 2015-03-17 06:41:40 +00:00 committed by lzeng14
parent 856236cad7
commit ba9d087b8f
4 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -55,14 +55,6 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
// //
VOID *mHashCtx = NULL; VOID *mHashCtx = NULL;
//
// The serialization of the values of the VariableName, VendorGuid and Attributes
// parameters of the SetVariable() call and the TimeStamp component of the
// EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value
// i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data)
//
UINT8 *mSerializationRuntimeBuffer = NULL;
// //
// Requirement for different signature type which have been defined in UEFI spec. // Requirement for different signature type which have been defined in UEFI spec.
// These data are used to peform SignatureList format check while setting PK/KEK variable. // These data are used to peform SignatureList format check while setting PK/KEK variable.
@ -182,15 +174,6 @@ AutenticatedVariableServiceInitialize (
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
//
// Prepare runtime buffer for serialized data of time-based authenticated
// Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).
//
mSerializationRuntimeBuffer = AllocateRuntimePool (PcdGet32 (PcdMaxVariableSize) + sizeof (EFI_GUID) + sizeof (UINT32) + sizeof (EFI_TIME));
if (mSerializationRuntimeBuffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
// //
// Check "AuthVarKeyDatabase" variable's existence. // Check "AuthVarKeyDatabase" variable's existence.
// If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@ -2267,11 +2250,21 @@ VerifyTimeBasedPayload (
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize; PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
// //
// Construct a buffer to fill with (VariableName, VendorGuid, Attributes, TimeStamp, Data). // Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes
// parameters of the SetVariable() call and the TimeStamp component of the
// EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value
// i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data)
// //
NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) + NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) +
sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16); sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16);
NewData = mSerializationRuntimeBuffer; //
// Here is to reuse scratch data area(at the end of volatile variable store)
// to reduce SMRAM consumption for SMM variable driver.
// The scratch buffer is enough to hold the serialized data and safe to use,
// because it will be used at here to do verification only first
// and then used in UpdateVariable() for a time based auth variable set.
//
NewData = (UINT8 *) GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase));
Buffer = NewData; Buffer = NewData;
Length = StrLen (VariableName) * sizeof (CHAR16); Length = StrLen (VariableName) * sizeof (CHAR16);

1
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
View File

@ -351,6 +351,5 @@ extern UINT8 *mPubKeyStore;
extern UINT8 *mCertDbStore; extern UINT8 *mCertDbStore;
extern UINT32 mPubKeyNumber; extern UINT32 mPubKeyNumber;
extern VOID *mHashCtx; extern VOID *mHashCtx;
extern UINT8 *mSerializationRuntimeBuffer;
#endif #endif

17
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
View File

@ -194,6 +194,23 @@ FindVariable (
IN BOOLEAN IgnoreRtCheck IN BOOLEAN IgnoreRtCheck
); );
/**
Gets the pointer to the end of the variable storage area.
This function gets pointer to the end of the variable storage
area, according to the input variable store header.
@param VarStoreHeader Pointer to the Variable Store Header.
@return Pointer to the end of the variable storage area.
**/
VARIABLE_HEADER *
GetEndPointer (
IN VARIABLE_STORE_HEADER *VarStoreHeader
);
/** /**
This code gets the pointer to the variable data. This code gets the pointer to the variable data.

1
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
View File

@ -247,7 +247,6 @@ VariableClassAddressChangeEvent (
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase); EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal); EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
EfiConvertPointer (0x0, (VOID **) &mHashCtx); EfiConvertPointer (0x0, (VOID **) &mHashCtx);
EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache); EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
EfiConvertPointer (0x0, (VOID **) &mPubKeyStore); EfiConvertPointer (0x0, (VOID **) &mPubKeyStore);
EfiConvertPointer (0x0, (VOID **) &mCertDbStore); EfiConvertPointer (0x0, (VOID **) &mCertDbStore);