Re: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY
Reviewed-by: jiewen@intel.com > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Star > Zeng > Sent: Tuesday, March 6, 2018 10:28 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Zeng, Star > Subject: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY > > With this flag, the LockBox can be restored in S3 resume only. > The LockBox can not be restored after SmmReadyToLock in normal boot > and after EndOfS3Resume in S3 resume. > It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE. > > Cc: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Star Zeng > --- > MdeModulePkg/Include/Library/LockBoxLib.h | 14 +- > .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.c | 4 +- > .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.c | 227 > - > .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf | 10 +- > 4 files changed, 247 insertions(+), 8 deletions(-) > > diff --git a/MdeModulePkg/Include/Library/LockBoxLib.h > b/MdeModulePkg/Include/Library/LockBoxLib.h > index db7fd05def58..80beb4d0f880 100644 > --- a/MdeModulePkg/Include/Library/LockBoxLib.h > +++ b/MdeModulePkg/Include/Library/LockBoxLib.h > @@ -2,7 +2,7 @@ >This library is only intended to be used by DXE modules that need save >confidential information to LockBox and get it by PEI modules in S3 phase. > > -Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved. > +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -62,9 +62,17 @@ SetLockBoxAttributes ( >); > > // > -// With this flag, this LockBox can be restored to this Buffer with > RestoreAllLockBoxInPlace() > +// With this flag, this LockBox can be restored to this Buffer > +// with RestoreAllLockBoxInPlace() > // > -#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 > +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 > +// > +// With this flag, this LockBox can be restored in S3 resume only. > +// This LockBox can not be restored after SmmReadyToLock in normal boot > +// and after EndOfS3Resume in S3 resume. > +// It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE. > +// > +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY BIT1 > > /** >This function will update confidential information to lockbox. > diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > index b75f81e69e04..9b6f0bedbd4f 100644 > --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > @@ -1,6 +1,6 @@ > /** @file > > -Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. > +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -241,7 +241,7 @@ SetLockBoxAttributes ( >// Basic check >// >if ((Guid == NULL) || > - ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) { > + ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) { > return EFI_INVALID_PARAMETER; >} > > diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > index 4960df755534..af75a4cb9cd1 100644 > --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > @@ -1,6 +1,6 @@ > /** @file > > -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. > +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -20,6 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include > +#include > +#include > +#include > > #include "SmmLockBoxLibPrivate.h" > > @@ -31,6 +35,11 @@ SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext; > LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE > (mLockBoxQueue); > > BOOLEAN mSmmConfigurationTableInstalled = FALSE; > +VOID *mRegistrationSmmEndOfDxe = NULL; > +VOID *mRegistrationSmmReadyToLock = NULL; > +VOID *mRegistration
[edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY
With this flag, the LockBox can be restored in S3 resume only. The LockBox can not be restored after SmmReadyToLock in normal boot and after EndOfS3Resume in S3 resume. It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE. Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng --- MdeModulePkg/Include/Library/LockBoxLib.h | 14 +- .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.c | 4 +- .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.c | 227 - .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf | 10 +- 4 files changed, 247 insertions(+), 8 deletions(-) diff --git a/MdeModulePkg/Include/Library/LockBoxLib.h b/MdeModulePkg/Include/Library/LockBoxLib.h index db7fd05def58..80beb4d0f880 100644 --- a/MdeModulePkg/Include/Library/LockBoxLib.h +++ b/MdeModulePkg/Include/Library/LockBoxLib.h @@ -2,7 +2,7 @@ This library is only intended to be used by DXE modules that need save confidential information to LockBox and get it by PEI modules in S3 phase. -Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions @@ -62,9 +62,17 @@ SetLockBoxAttributes ( ); // -// With this flag, this LockBox can be restored to this Buffer with RestoreAllLockBoxInPlace() +// With this flag, this LockBox can be restored to this Buffer +// with RestoreAllLockBoxInPlace() // -#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 +// +// With this flag, this LockBox can be restored in S3 resume only. +// This LockBox can not be restored after SmmReadyToLock in normal boot +// and after EndOfS3Resume in S3 resume. +// It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE. +// +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY BIT1 /** This function will update confidential information to lockbox. diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c index b75f81e69e04..9b6f0bedbd4f 100644 --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c @@ -1,6 +1,6 @@ /** @file -Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions @@ -241,7 +241,7 @@ SetLockBoxAttributes ( // Basic check // if ((Guid == NULL) || - ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) { + ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) { return EFI_INVALID_PARAMETER; } diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c index 4960df755534..af75a4cb9cd1 100644 --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c @@ -1,6 +1,6 @@ /** @file -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions @@ -20,6 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include +#include +#include +#include #include "SmmLockBoxLibPrivate.h" @@ -31,6 +35,11 @@ SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext; LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue); BOOLEAN mSmmConfigurationTableInstalled = FALSE; +VOID *mRegistrationSmmEndOfDxe = NULL; +VOID *mRegistrationSmmReadyToLock = NULL; +VOID *mRegistrationEndOfS3Resume = NULL; +BOOLEAN mSmmLockBoxSmmReadyToLock = FALSE; +BOOLEAN mSmmLockBoxDuringS3Resume = FALSE; /** This function return SmmLockBox context from SMST. @@ -64,6 +73,128 @@ InternalGetSmmLockBoxContext ( } /** + Notification for SMM ReadyToLock protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxSmmReadyToLockNotify ( + IN CONST EFI_GUID *Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + mSmmLockBoxSmmReadyToLock = TRUE; + return EFI_SUCCESS; +} + +/** + Main entry point for an SMM handler dispatch or communicate-based callback. + + @param[in] DispatchHandle The unique h