From: Laszlo Ersek <[email protected]> The trigger to actually save the boot script is the installation of EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL, to be performed by any DXE driver. Installation of the protocol also locks down SMM (as its name indicates) and (in theory) prevents further LockBox access.
We cannot install this protocol before BdsLibBootViaBootOption() is called (eg. in OVMF's PlatformBdsPolicyBehavior()), because BdsLibBootViaBootOption() calls EFI_ACPI_S3_SAVE_PROTOCOL.S3Save(), which needs LockBox access. We also can't install the protocol after BdsLibBootViaBootOption() returns, simply because control is never returned to us. Therefore modify our EFI_ACPI_S3_SAVE_PROTOCOL implementation so that the boot script is prepared and installed internally to S3Save(). (The boot script must contain at least one opcode, otherwise S3BootScriptLib runs into an assertion failure. We add a harmless (no-op) "information" opcode.) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <[email protected]> Reviewed-by: Jordan Justen <[email protected]> --- OvmfPkg/AcpiS3SaveDxe/AcpiS3Save.c | 49 +++++++++++++++++++++++++++++++++ OvmfPkg/AcpiS3SaveDxe/AcpiS3SaveDxe.inf | 4 ++- 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AcpiS3SaveDxe/AcpiS3Save.c b/OvmfPkg/AcpiS3SaveDxe/AcpiS3Save.c index 80f12eb..684ddb7 100644 --- a/OvmfPkg/AcpiS3SaveDxe/AcpiS3Save.c +++ b/OvmfPkg/AcpiS3SaveDxe/AcpiS3Save.c @@ -28,6 +28,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Guid/AcpiS3Context.h> #include <Guid/Acpi.h> #include <Protocol/AcpiS3Save.h> +#include <Protocol/S3SaveState.h> +#include <Protocol/DxeSmmReadyToLock.h> #include <IndustryStandard/Acpi.h> #include "AcpiS3Save.h" @@ -407,6 +409,48 @@ LegacyGetS3MemorySize ( } /** + Save the S3 boot script. + + Note that we trigger DxeSmmReadyToLock here -- otherwise the script wouldn't + be saved actually. Triggering this protocol installation event in turn locks + down SMM, so no further changes to LockBoxes or SMRAM are possible + afterwards. +**/ +STATIC +VOID +EFIAPI +SaveS3BootScript ( + VOID + ) +{ + EFI_STATUS Status; + EFI_S3_SAVE_STATE_PROTOCOL *BootScript; + EFI_HANDLE Handle; + STATIC CONST UINT8 Info[] = { 0xDE, 0xAD, 0xBE, 0xEF }; + + Status = gBS->LocateProtocol (&gEfiS3SaveStateProtocolGuid, NULL, + (VOID **) &BootScript); + ASSERT_EFI_ERROR (Status); + + // + // Despite the opcode documentation in the PI spec, the protocol + // implementation embeds a deep copy of the info in the boot script, rather + // than storing just a pointer to runtime or NVS storage. + // + Status = BootScript->Write(BootScript, EFI_BOOT_SCRIPT_INFORMATION_OPCODE, + (UINT32) sizeof Info, + (EFI_PHYSICAL_ADDRESS)(UINTN) &Info); + ASSERT_EFI_ERROR (Status); + + Handle = NULL; + Status = gBS->InstallProtocolInterface (&Handle, + &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE, + NULL); + ASSERT_EFI_ERROR (Status); +} + + +/** Prepares all information that is needed in the S3 resume boot path. Allocate the resources or prepare informations and save in ACPI variable set for S3 resume boot path @@ -511,6 +555,11 @@ S3Ready ( Status = SetLockBoxAttributes (&gEfiAcpiS3ContextGuid, LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE); ASSERT_EFI_ERROR (Status); + // + // Save the boot script too. Note that this requires/includes emitting the + // DxeSmmReadyToLock event, which in turn locks down SMM. + // + SaveS3BootScript (); return EFI_SUCCESS; } diff --git a/OvmfPkg/AcpiS3SaveDxe/AcpiS3SaveDxe.inf b/OvmfPkg/AcpiS3SaveDxe/AcpiS3SaveDxe.inf index 169e400..159cdb8 100644 --- a/OvmfPkg/AcpiS3SaveDxe/AcpiS3SaveDxe.inf +++ b/OvmfPkg/AcpiS3SaveDxe/AcpiS3SaveDxe.inf @@ -62,6 +62,8 @@ gEfiLegacyBiosProtocolGuid # PROTOCOL ALWAYS_CONSUMED gEfiLegacyRegion2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED gFrameworkEfiMpServiceProtocolGuid # PROTOCOL SOMETIMES_CONSUMED + gEfiS3SaveStateProtocolGuid # PROTOCOL ALWAYS_CONSUMED + gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL ALWAYS_CONSUMED [FeaturePcd] gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdPlatformCsmSupport ## CONSUMES @@ -73,4 +75,4 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable [Depex] - gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid + gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid AND gEfiS3SaveStateProtocolGuid -- 1.8.5.2 ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
