Mallicious code may use SmmFaultTolerantWriteHandler() to update some flash area directly, like Variable region, so return EFI_ACCESS_DENIED after End Of Dxe in SmmFaultTolerantWriteHandler().

And add code to prevent InfoSize overflow. Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14312 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-24 09:33:48 +00:00
parent 7aa54c140c
commit f07268bd0f
3 changed files with 63 additions and 5 deletions
--- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
+++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
@@ -4,7 +4,7 @@
 #   depends on the full functionality SMM FVB protocol that support read, write/erase 
 #   flash access.
 #
-# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@@ -59,6 +59,7 @@
  gEfiSmmFirmwareVolumeBlockProtocolGuid           ## CONSUMES
  gEfiSmmFaultTolerantWriteProtocolGuid            ## PRODUCES
  gEfiSmmAccess2ProtocolGuid                       ## CONSUMES
+  gEfiSmmEndOfDxeProtocolGuid                      ## CONSUMES

 [FeaturePcd]
  gEfiMdeModulePkgTokenSpaceGuid.PcdFullFtwServiceEnable