Move the memory allocation and variable set to BdsEntry, use VariableLock protocol to lock the L”PerfDataMemAddr” variable and prevent malware to update it.

Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14386 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-23 02:56:41 +00:00
parent d0cec2da21
commit f6c07313d1
6 changed files with 76 additions and 58 deletions
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/Bds.h
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/Bds.h
@@ -35,6 +35,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Guid/LegacyDevOrder.h>
 #include <Guid/BdsHii.h>
 #include <Guid/ConnectConInEvent.h>
+#include <Guid/Performance.h>
 #include <Protocol/GenericMemoryTest.h>
 #include <Protocol/FormBrowser2.h>
 #include <Protocol/HiiConfigAccess.h>
@@ -66,7 +67,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/CapsuleLib.h>
 #include <Library/HiiLib.h>
 #include <Library/DevicePathLib.h>
-#include <Library/PcdLib.h>
 #include <Library/UefiHiiServicesLib.h>

 #include <Library/GenericBdsLib.h>
--- a/IntelFrameworkModulePkg/Universal/BdsDxe/BdsEntry.c
+++ b/IntelFrameworkModulePkg/Universal/BdsDxe/BdsEntry.c
@@ -450,6 +450,54 @@ BdsFormalizeEfiGlobalVariable (

 }

+/**
+
+  Allocate a block of memory that will contain performance data to OS.
+
+**/
+VOID
+BdsAllocateMemoryForPerformanceData (
+  VOID
+  )
+{
+  EFI_STATUS                    Status;
+  EFI_PHYSICAL_ADDRESS          AcpiLowMemoryBase;
+  EDKII_VARIABLE_LOCK_PROTOCOL  *VariableLock;
+
+  AcpiLowMemoryBase = 0x0FFFFFFFFULL;
+
+  //
+  // Allocate a block of memory that will contain performance data to OS.
+  //
+  Status = gBS->AllocatePages (
+                  AllocateMaxAddress,
+                  EfiReservedMemoryType,
+                  EFI_SIZE_TO_PAGES (PERF_DATA_MAX_LENGTH),
+                  &AcpiLowMemoryBase
+                  );
+  if (!EFI_ERROR (Status)) {
+    //
+    // Save the pointer to variable for use in S3 resume.
+    //
+    Status = gRT->SetVariable (
+               L"PerfDataMemAddr",
+               &gPerformanceProtocolGuid,
+               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+               sizeof (EFI_PHYSICAL_ADDRESS),
+               &AcpiLowMemoryBase
+               );
+    ASSERT_EFI_ERROR (Status);
+    //
+    // Mark L"PerfDataMemAddr" variable to read-only if the Variable Lock protocol exists
+    //
+    Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock);
+    if (!EFI_ERROR (Status)) {
+      Status = VariableLock->RequestToLock (VariableLock, L"PerfDataMemAddr", &gPerformanceProtocolGuid);
+      ASSERT_EFI_ERROR (Status);
+    }
+  }
+}
+
 /**

  Service routine for BdsInstance->Entry(). Devices are connected, the
@@ -479,6 +527,10 @@ BdsEntry (
  PERF_END (NULL, "DXE", NULL, 0);
  PERF_START (NULL, "BDS", NULL, 0);

+  PERF_CODE (
+    BdsAllocateMemoryForPerformanceData ();
+  );
+
  //
  // Initialize the global system boot option and driver option
  //