edk2[19063] OvmfPkg: QemuFlashFvbServicesRuntimeDxe: adhere to -D SMM_REQUIRE

lersek Mon, 30 Nov 2015 10:50:26 -0800

Revision: 19063
          http://sourceforge.net/p/edk2/code/19063
Author:   lersek
Date:     2015-11-30 18:48:54 +0000 (Mon, 30 Nov 2015)
Log Message:
-----------
OvmfPkg: QemuFlashFvbServicesRuntimeDxe: adhere to -D SMM_REQUIRE


When the user requires "security" by passing -D SMM_REQUIRE, and
consequently by setting PcdSmmSmramRequire, enforce flash-based variables.

Furthermore, add two ASSERT()s to catch if the wrong module were pulled
into the build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <[email protected]>
Reviewed-by: Jordan Justen <[email protected]>

Modified Paths:
--------------
    trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
    trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf
    trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c
    trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c
    trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c

Modified: 
trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
===================================================================
--- trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf 
2015-11-30 18:48:50 UTC (rev 19062)
+++ trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf 
2015-11-30 18:48:54 UTC (rev 19063)
@@ -85,6 +85,8 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
 
+[FeaturePcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
 
 [Depex]
   TRUE

Modified: trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf
===================================================================
--- trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf        
2015-11-30 18:48:50 UTC (rev 19062)
+++ trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf        
2015-11-30 18:48:54 UTC (rev 19063)
@@ -84,6 +84,8 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
 
+[FeaturePcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
 
 [Depex]
   TRUE

Modified: trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c
===================================================================
--- trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c       
2015-11-30 18:48:50 UTC (rev 19062)
+++ trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c       
2015-11-30 18:48:54 UTC (rev 19063)
@@ -17,6 +17,7 @@
 #include <Guid/EventGroup.h>
 #include <Library/DebugLib.h>
 #include <Library/DevicePathLib.h>
+#include <Library/PcdLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiRuntimeLib.h>
 #include <Protocol/DevicePath.h>
@@ -34,6 +35,8 @@
   EFI_HANDLE                         FwbHandle;
   EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface;
 
+  ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
+
   //
   // Find a handle with a matching device path that has supports FW Block
   // protocol

Modified: trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c
===================================================================
--- trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c       
2015-11-30 18:48:50 UTC (rev 19062)
+++ trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c       
2015-11-30 18:48:54 UTC (rev 19063)
@@ -15,6 +15,7 @@
 **/
 
 #include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
 #include <Library/SmmServicesTableLib.h>
 #include <Protocol/DevicePath.h>
 #include <Protocol/SmmFirmwareVolumeBlock.h>
@@ -29,6 +30,8 @@
   EFI_HANDLE FvbHandle;
   EFI_STATUS Status;
 
+  ASSERT (FeaturePcdGet (PcdSmmSmramRequire));
+
   //
   // There is no SMM service that can install multiple protocols in the SMM
   // protocol database in one go.

Modified: trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
===================================================================
--- trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c       
2015-11-30 18:48:50 UTC (rev 19062)
+++ trunk/edk2/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c       
2015-11-30 18:48:54 UTC (rev 19063)
@@ -245,6 +245,7 @@
   mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize;
 
   if (!QemuFlashDetected ()) {
+    ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
     return EFI_WRITE_PROTECTED;
   }
 


------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

edk2[19063] OvmfPkg: QemuFlashFvbServicesRuntimeDxe: adhere to -D SMM_REQUIRE

Reply via email to