The variable driver doesn't distinguish "non-volatile non-authenticated"
variables from "volatile non-authenticated" variables, when checking
individual variable sizes against the permitted maximum.
PcdMaxVariableSize covers both kinds.
This prevents volatile non-authenticated variables from carrying large
data between UEFI drivers, despite having no flash impact. One example is
EFI_TLS_CA_CERTIFICATE_VARIABLE, which platforms might want to create as
volatile on every boot: the certificate list can be several hundred KB in
size.
Introduce PcdMaxVolatileVariableSize to represent the limit on individual
volatile non-authenticated variables. The default value is zero, which
makes Variable/RuntimeDxe fall back to PcdMaxVariableSize (i.e. the
current behavior). This is similar to the PcdMaxAuthVariableSize fallback.
Whenever the size limit is enforced, consult MaxVolatileVariableSize as
the last option, after checking
- MaxAuthVariableSize for VARIABLE_ATTRIBUTE_AT_AW,
- and MaxVariableSize for EFI_VARIABLE_NON_VOLATILE.
EFI_VARIABLE_HARDWARE_ERROR_RECORD is always handled separately; it always
takes priority over the three cases listed above.
Introduce the GetMaxVariableSize() helper to consider
PcdMaxVolatileVariableSize, in addition to
GetNonVolatileMaxVariableSize(). GetNonVolatileMaxVariableSize() is
currently called at three sites, and two of those need to start using
GetMaxVariableSize() instead:
- VariableServiceInitialize() [VariableSmm.c]: the SMM comms buffer must
accommodate all kinds of variables,
- VariableCommonInitialize() [Variable.c]: the preallocated scratch space
must also accommodate all kinds of variables,
- InitNonVolatileVariableStore() [Variable.c] can continue using
GetNonVolatileMaxVariableSize().
Don't modify the ReclaimForOS() function as it is specific to non-volatile
variables and should ignore PcdMaxVolatileVariableSize.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gary Lin <glin@suse.com>
Tested-by: Gary Lin <glin@suse.com>
[lersek@redhat.com: set MaxVolatileVariableSize where Star suggested]
Reviewed-by: Star Zeng <star.zeng@intel.com>
Introduce the MorLockInitAtEndOfDxe() hook, in order to allow
MorLockInit() to delay / queue operations until EndOfDxe. (Or, if the
platform never signals EndOfDxe, until ReadyToBoot.)
Call MorLockInitAtEndOfDxe() whenever we set "mEndOfDxe" to TRUE:
- in VariableRuntimeDxe:
- in the OnReadyToBoot() function,
- in the OnEndOfDxe() function;
- in VariableSmm:
- on the SMM_VARIABLE_FUNCTION_READY_TO_BOOT SMI request,
- in the SmmEndOfDxeCallback() function.
For now, implement MorLockInitAtEndOfDxe() as a no-op in both
VariableRuntimeDxe and VariableSmm.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=290
Current SmmVariableGetStatistics() in VariableSmm.c is always
checking input InfoSize against the first variable info,
it is incorrect.
For instance, there are three variables.
BootOrder
Boot0000
Boot0001
If the input InfoEntry is holding the second variable info (Boot0000)
and InfoSize is sizeof (VARIABLE_INFO_ENTRY) + StrSize (L"Boot0000"),
current code will return EFI_BUFFER_TOO_SMALL, but it should return
the third variable info (Boot0001).
This patch is to refine the code logic.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Current code in SmmVariableHandler() checks CommBufferSize
buffer to make sure it points to outside SMRAM in
"case SMM_VARIABLE_FUNCTION_GET_STATISTICS".
But after eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd,
CommBufferSize buffer points to SMRAM that was used by
SMM core to cache CommSize from SmmCommunication protocol,
then the check will fail definitely and GET_STATISTICS
feature breaks.
In fact, do not need check CommBufferSize buffer at all
even before eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd.
Before eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd,
CommBufferSize buffer pointed to gSmmCorePrivate->BufferSize
that is outside SMRAM, the check will success definitely;
after eaae7b33b1cf6b9f21db1636f219c2b6a8d88afd,
CommBufferSize buffer points to local variable BufferSize
(in SMRAM) in SmmEntryPoint(), the check is not needed
definitely.
The patch is to remove the check.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Instead of comparing a GUID with gZeroGuid via the CompareGuid API, the
commit uses the IsZeroGuid API to check if the given GUID is a zero GUID.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Feng Tian <feng.tian@Intel.com>
Since the variable check service has be separated to VarCheckLib
from Variable driver, so update Variable driver to consume the
separated VarCheckLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18286 6f19259b-4bc3-4df7-8a09-765794883524
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the
mZeroGuid defined in Universal/Variable/RuntimeDxe is redundant.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17840 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Merge from Auth Variable driver in SecurityPkg to Variable drive in
MdeModulePkg. Then the merged Variable driver in MdeModulePkg will
link to AuthVariableLib and TpmMeasurementLib.
AuthVariableLibNull and TpmMeasurementLibNull in MdeModulePkg
could be used for non auth variable support.
AuthVariableLib and DxeTpmMeasurementLib in SecurityPkg
may be used for auth variable support.
Why to do:
1. Remove code duplication and reduce maintenance effort.
After auth variable service separated from Auth Variable driver in SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg
will be almost same with Variable driver in MdeModulePkg. Now it is to
merge them.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17765 6f19259b-4bc3-4df7-8a09-765794883524
As the drivers and library do not reference gEfiSmmAccess2ProtocolGuid explicitly now
after SmmMemLib introduced.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16760 6f19259b-4bc3-4df7-8a09-765794883524
for trying to reclaim variable space at EndOfDxe.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16687 6f19259b-4bc3-4df7-8a09-765794883524
and follow UEFI spec to check UEFI defined variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16579 6f19259b-4bc3-4df7-8a09-765794883524
Add the variable name size check in the RequestToLock wrapper.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14377 6f19259b-4bc3-4df7-8a09-765794883524
Add code in BdsDxe driver to call the protocol to mark the read-only variables defined in the UEFI Spec.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14372 6f19259b-4bc3-4df7-8a09-765794883524
2. Add check to ensure CommBufferPayloadSize not exceed mVariableBufferPayloadSize or is enough to hold function structure in VariableSmm and FtwSmm.
3. Align FtwGetLastWrite() in FaultTolerantWriteSmmDxe.c to FtwGetLastWrite() in FaultTolerantWrite.c.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14325 6f19259b-4bc3-4df7-8a09-765794883524
2. Refine the debug message.
3. Add check to make sure the input VariableName is A Null-terminated string.
4. Use local variable to hold StrSize (VariableName) to avoid duplicated StrSize calculation.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14317 6f19259b-4bc3-4df7-8a09-765794883524
