subject:"\[edk2\-devel\] \[PATCH 3\/3\] MdeModulePkg\: Add Standalone MM Lockbox Driver."

Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

2024-05-08 Thread Wu, Jiaxin

Reviewed-by: Jiaxin Wu 

> -Original Message-
> From: Xie, Yuanhao 
> Sent: Tuesday, May 7, 2024 2:09 PM
> To: devel@edk2.groups.io
> Cc: Liming Gao ; Wu, Jiaxin
> ; Ni, Ray ; Xie, Yuanhao
> 
> Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.
> 
> The Lockbox Driver allows sensitive data to be securely stored in a
> designated area, thus protected against unauthorized access.
> 
> This patch adds a Standalone MM Lockbox Driver with main modifications:
> 1. Separating shared code between the Standalone MM driver and the
> DXE MM Driver.
> 2. Utilizing services from the SMM Services Table (gSmst) as opposed to
>  relying on Boot Services.
> 
> Cc: Liming Gao 
> Cc: Jiaxin Wu 
> Cc: Ray Ni 
> 
> Signed-off-by: Yuanhao Xie 
> ---
>  MdeModulePkg/MdeModulePkg.dsc |  
> 1 +
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.c| 84
> ++
> ++
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.inf  | 56
> 
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.uni  | 14 ++
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> mExtra.uni | 14 ++
>  5 files changed, 169 insertions(+)
> 
> diff --git a/MdeModulePkg/MdeModulePkg.dsc
> b/MdeModulePkg/MdeModulePkg.dsc
> index 6bed9205ea..f0f02f180f 100644
> --- a/MdeModulePkg/MdeModulePkg.dsc
> +++ b/MdeModulePkg/MdeModulePkg.dsc
> @@ -500,6 +500,7 @@
> 
> MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCode
> RouterSmm.inf
> 
> MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCode
> RouterStandaloneMm.inf
>MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
> +
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.inf
> 
> MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAlloc
> ationProfileLib.inf
> 
> MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemo
> ryAllocationProfileLib.inf
> 
> MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemo
> ryAllocationLib.inf
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.c
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.c
> new file mode 100644
> index 00..503be7efa8
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.c
> @@ -0,0 +1,84 @@
> +/** @file
> +  LockBox MM driver.
> +
> +Copyright (c) 2024, Intel Corporation. All rights reserved.
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +#include "SmmLockBoxCommon.h"
> +
> +/**
> +  This function is an abstraction layer for implementation specific Mm buffer
> validation routine.
> +
> +  @param Buffer  The buffer start address to be checked.
> +  @param Length  The buffer length to be checked.
> +
> +  @retval TRUE  This buffer is valid per processor architecture and not 
> overlap
> with SMRAM.
> +  @retval FALSE This buffer is not valid per processor architecture or 
> overlap
> with SMRAM.
> +**/
> +BOOLEAN
> +IsBufferOutsideMmValid (
> +  IN EFI_PHYSICAL_ADDRESS  Buffer,
> +  IN UINT64Length
> +  )
> +{
> +  return MmIsBufferOutsideMmValid (Buffer, Length);
> +}
> +
> +/**
> +  Entry Point for LockBox MM driver.
> +
> +  @param[in] ImageHandle  Image handle of this driver.
> +  @param[in] SystemTable  A Pointer to the EFI System Table.
> +
> +  @retval EFI_SUCEESS
> +  @return Others  Some error occurs.
> +**/
> +EFI_STATUS
> +EFIAPI
> +SmmLockBoxStandaloneMmEntryPoint (
> +  IN EFI_HANDLE   ImageHandle,
> +  IN EFI_MM_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +  EFI_STATUS  Status;
> +  EFI_HANDLE  DispatchHandle;
> +  VOID*Registration;
> +
> +  //
> +  // Register LockBox communication handler
> +  //
> +  Status = gMmst->MmiHandlerRegister (
> +SmmLockBoxHandler,
> +&gEfiSmmLockBoxCommunicationGuid,
> +&DispatchHandle
> +);
> +  ASSERT_EFI_ERROR (Status);
> +
> +  //
> +  // Register SMM Ready To Lock Protocol notification
> +  //
> +  Status = gMmst->MmRegisterProtocolNotify (
> +&gEfiSmmReadyToLockProtocolGuid,
> +SmmReadyToLockEventNotify,
> +&Registration
> +);
> +  ASSERT_EFI_ERROR (Status);
> +  return Status;
> +}
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.inf
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.inf
> new file mode 100644
> index 00..544c87790c
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/

Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

2024-05-07 Thread Ni, Ray

Reviewed-by: Ray Ni 

Thanks,
Ray

From: Xie, Yuanhao 
Sent: Tuesday, May 7, 2024 14:09
To: devel@edk2.groups.io 
Cc: Liming Gao ; Wu, Jiaxin ; 
Ni, Ray ; Xie, Yuanhao 
Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

The Lockbox Driver allows sensitive data to be securely stored in a
designated area, thus protected against unauthorized access.

This patch adds a Standalone MM Lockbox Driver with main modifications:
1. Separating shared code between the Standalone MM driver and the
DXE MM Driver.
2. Utilizing services from the SMM Services Table (gSmst) as opposed to
 relying on Boot Services.

Cc: Liming Gao 
Cc: Jiaxin Wu 
Cc: Ray Ni 

Signed-off-by: Yuanhao Xie 
---
 MdeModulePkg/MdeModulePkg.dsc |  1 
+
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c| 84 

 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf  | 56 

 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni  | 14 
++
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni | 14 
++
 5 files changed, 169 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 6bed9205ea..f0f02f180f 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -500,6 +500,7 @@
   
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf
   
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterStandaloneMm.inf
   MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
+  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
   
MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAllocationProfileLib.inf
   
MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationProfileLib.inf
   
MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c 
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
new file mode 100644
index 00..503be7efa8
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
@@ -0,0 +1,84 @@
+/** @file
+  LockBox MM driver.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+
+#include "SmmLockBoxCommon.h"
+
+/**
+  This function is an abstraction layer for implementation specific Mm buffer 
validation routine.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid per processor architecture and not 
overlap with SMRAM.
+  @retval FALSE This buffer is not valid per processor architecture or overlap 
with SMRAM.
+**/
+BOOLEAN
+IsBufferOutsideMmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64Length
+  )
+{
+  return MmIsBufferOutsideMmValid (Buffer, Length);
+}
+
+/**
+  Entry Point for LockBox MM driver.
+
+  @param[in] ImageHandle  Image handle of this driver.
+  @param[in] SystemTable  A Pointer to the EFI System Table.
+
+  @retval EFI_SUCEESS
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxStandaloneMmEntryPoint (
+  IN EFI_HANDLE   ImageHandle,
+  IN EFI_MM_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS  Status;
+  EFI_HANDLE  DispatchHandle;
+  VOID*Registration;
+
+  //
+  // Register LockBox communication handler
+  //
+  Status = gMmst->MmiHandlerRegister (
+SmmLockBoxHandler,
+&gEfiSmmLockBoxCommunicationGuid,
+&DispatchHandle
+);
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Register SMM Ready To Lock Protocol notification
+  //
+  Status = gMmst->MmRegisterProtocolNotify (
+&gEfiSmmReadyToLockProtocolGuid,
+SmmReadyToLockEventNotify,
+&Registration
+);
+  ASSERT_EFI_ERROR (Status);
+  return Status;
+}
diff --git 
a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf 
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
new file mode 100644
index 00..544c87790c
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
@@ -0,0 +1,56 @@
+## @file
+#  LockBox MM driver.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = SmmLockBoxStandalo

[edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

2024-05-06 Thread Yuanhao Xie

The Lockbox Driver allows sensitive data to be securely stored in a
designated area, thus protected against unauthorized access.

This patch adds a Standalone MM Lockbox Driver with main modifications:
1. Separating shared code between the Standalone MM driver and the
DXE MM Driver.
2. Utilizing services from the SMM Services Table (gSmst) as opposed to
 relying on Boot Services.

Cc: Liming Gao 
Cc: Jiaxin Wu 
Cc: Ray Ni 

Signed-off-by: Yuanhao Xie 
---
 MdeModulePkg/MdeModulePkg.dsc |  1 
+
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c| 84 

 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf  | 56 

 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni  | 14 
++
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni | 14 
++
 5 files changed, 169 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 6bed9205ea..f0f02f180f 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -500,6 +500,7 @@
   
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf
   
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterStandaloneMm.inf
   MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
+  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
   
MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAllocationProfileLib.inf
   
MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationProfileLib.inf
   
MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c 
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
new file mode 100644
index 00..503be7efa8
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
@@ -0,0 +1,84 @@
+/** @file
+  LockBox MM driver.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+
+#include "SmmLockBoxCommon.h"
+
+/**
+  This function is an abstraction layer for implementation specific Mm buffer 
validation routine.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid per processor architecture and not 
overlap with SMRAM.
+  @retval FALSE This buffer is not valid per processor architecture or overlap 
with SMRAM.
+**/
+BOOLEAN
+IsBufferOutsideMmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64Length
+  )
+{
+  return MmIsBufferOutsideMmValid (Buffer, Length);
+}
+
+/**
+  Entry Point for LockBox MM driver.
+
+  @param[in] ImageHandle  Image handle of this driver.
+  @param[in] SystemTable  A Pointer to the EFI System Table.
+
+  @retval EFI_SUCEESS
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxStandaloneMmEntryPoint (
+  IN EFI_HANDLE   ImageHandle,
+  IN EFI_MM_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS  Status;
+  EFI_HANDLE  DispatchHandle;
+  VOID*Registration;
+
+  //
+  // Register LockBox communication handler
+  //
+  Status = gMmst->MmiHandlerRegister (
+SmmLockBoxHandler,
+&gEfiSmmLockBoxCommunicationGuid,
+&DispatchHandle
+);
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Register SMM Ready To Lock Protocol notification
+  //
+  Status = gMmst->MmRegisterProtocolNotify (
+&gEfiSmmReadyToLockProtocolGuid,
+SmmReadyToLockEventNotify,
+&Registration
+);
+  ASSERT_EFI_ERROR (Status);
+  return Status;
+}
diff --git 
a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf 
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
new file mode 100644
index 00..544c87790c
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
@@ -0,0 +1,56 @@
+## @file
+#  LockBox MM driver.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = SmmLockBoxStandaloneMm
+  MODULE_UNI_FILE= SmmLockBoxStandaloneMm.uni
+  FILE_GUID  = a83a87a0-8a3e-482d-86c8-84a139f6ded0
+  MODULE_TYPE= MM_STANDALONE
+  VERSION_STRING = 1.0
+  PI_SPECIFICATION_VERSION   = 0x00

Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

[edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

3 matches

Site Navigation

Mail list logo

Footer information