subject:"\[edk2\] \[PATCH 1\/7\] MdeModulePkg LockBoxLib\: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3

Re: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY

2018-03-06 Thread Yao, Jiewen

Reviewed-by: jiewen@intel.com

> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Star
> Zeng
> Sent: Tuesday, March 6, 2018 10:28 PM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen ; Zeng, Star 
> Subject: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support
> LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY
> 
> With this flag, the LockBox can be restored in S3 resume only.
> The LockBox can not be restored after SmmReadyToLock in normal boot
> and after EndOfS3Resume in S3 resume.
> It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE.
> 
> Cc: Jiewen Yao 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng 
> ---
>  MdeModulePkg/Include/Library/LockBoxLib.h  |  14 +-
>  .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.c   |   4 +-
>  .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.c   | 227
> -
>  .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf |  10 +-
>  4 files changed, 247 insertions(+), 8 deletions(-)
> 
> diff --git a/MdeModulePkg/Include/Library/LockBoxLib.h
> b/MdeModulePkg/Include/Library/LockBoxLib.h
> index db7fd05def58..80beb4d0f880 100644
> --- a/MdeModulePkg/Include/Library/LockBoxLib.h
> +++ b/MdeModulePkg/Include/Library/LockBoxLib.h
> @@ -2,7 +2,7 @@
>This library is only intended to be used by DXE modules that need save
>confidential information to LockBox and get it by PEI modules in S3 phase.
> 
> -Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
> 
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions
> @@ -62,9 +62,17 @@ SetLockBoxAttributes (
>);
> 
>  //
> -// With this flag, this LockBox can be restored to this Buffer with
> RestoreAllLockBoxInPlace()
> +// With this flag, this LockBox can be restored to this Buffer
> +// with RestoreAllLockBoxInPlace()
>  //
> -#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE  BIT0
> +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0
> +//
> +// With this flag, this LockBox can be restored in S3 resume only.
> +// This LockBox can not be restored after SmmReadyToLock in normal boot
> +// and after EndOfS3Resume in S3 resume.
> +// It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE.
> +//
> +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY   BIT1
> 
>  /**
>This function will update confidential information to lockbox.
> diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
> b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
> index b75f81e69e04..9b6f0bedbd4f 100644
> --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
> +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
> @@ -1,6 +1,6 @@
>  /** @file
> 
> -Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
> 
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions
> @@ -241,7 +241,7 @@ SetLockBoxAttributes (
>// Basic check
>//
>if ((Guid == NULL) ||
> -  ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {
> +  ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE |
> LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) {
>  return EFI_INVALID_PARAMETER;
>}
> 
> diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
> b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
> index 4960df755534..af75a4cb9cd1 100644
> --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
> +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
> @@ -1,6 +1,6 @@
>  /** @file
> 
> -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
> 
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions
> @@ -20,6 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY
> KIND, EITHER EXPRESS OR IMPLIED.
>  #include 
>  #include 
>  #include 
> +#include 
> +#include 
> +#include 
> +#include 
> 
>  #include "SmmLockBoxLibPrivate.h"
> 
> @@ -31,6 +35,11 @@ SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext;
>  LIST_ENTRY   mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE
> (mLockBoxQueue);
> 
>  BOOLEAN  mSmmConfigurationTableInstalled = FALSE;
> +VOID *mRegistrationSmmEndOfDxe = NULL;
> +VOID *mRegistrationSmmReadyToLock = NULL;
> +VOID *mRegistration

[edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY

2018-03-06 Thread Star Zeng

With this flag, the LockBox can be restored in S3 resume only.
The LockBox can not be restored after SmmReadyToLock in normal boot
and after EndOfS3Resume in S3 resume.
It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE.

Cc: Jiewen Yao 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng 
---
 MdeModulePkg/Include/Library/LockBoxLib.h  |  14 +-
 .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.c   |   4 +-
 .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.c   | 227 -
 .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf |  10 +-
 4 files changed, 247 insertions(+), 8 deletions(-)

diff --git a/MdeModulePkg/Include/Library/LockBoxLib.h 
b/MdeModulePkg/Include/Library/LockBoxLib.h
index db7fd05def58..80beb4d0f880 100644
--- a/MdeModulePkg/Include/Library/LockBoxLib.h
+++ b/MdeModulePkg/Include/Library/LockBoxLib.h
@@ -2,7 +2,7 @@
   This library is only intended to be used by DXE modules that need save
   confidential information to LockBox and get it by PEI modules in S3 phase.
 
-Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions
@@ -62,9 +62,17 @@ SetLockBoxAttributes (
   );
 
 //
-// With this flag, this LockBox can be restored to this Buffer with 
RestoreAllLockBoxInPlace()
+// With this flag, this LockBox can be restored to this Buffer
+// with RestoreAllLockBoxInPlace()
 //
-#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE  BIT0
+#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0
+//
+// With this flag, this LockBox can be restored in S3 resume only.
+// This LockBox can not be restored after SmmReadyToLock in normal boot
+// and after EndOfS3Resume in S3 resume.
+// It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE.
+//
+#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY   BIT1
 
 /**
   This function will update confidential information to lockbox.
diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c 
b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
index b75f81e69e04..9b6f0bedbd4f 100644
--- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
+++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c
@@ -1,6 +1,6 @@
 /** @file
 
-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions
@@ -241,7 +241,7 @@ SetLockBoxAttributes (
   // Basic check
   //
   if ((Guid == NULL) ||
-  ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {
+  ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | 
LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) {
 return EFI_INVALID_PARAMETER;
   }
 
diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c 
b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
index 4960df755534..af75a4cb9cd1 100644
--- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
+++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
@@ -1,6 +1,6 @@
 /** @file
 
-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions
@@ -20,6 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
 
 #include "SmmLockBoxLibPrivate.h"
 
@@ -31,6 +35,11 @@ SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext;
 LIST_ENTRY   mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE 
(mLockBoxQueue);
 
 BOOLEAN  mSmmConfigurationTableInstalled = FALSE;
+VOID *mRegistrationSmmEndOfDxe = NULL;
+VOID *mRegistrationSmmReadyToLock = NULL;
+VOID *mRegistrationEndOfS3Resume = NULL;
+BOOLEAN  mSmmLockBoxSmmReadyToLock = FALSE;
+BOOLEAN  mSmmLockBoxDuringS3Resume = FALSE;
 
 /**
   This function return SmmLockBox context from SMST.
@@ -64,6 +73,128 @@ InternalGetSmmLockBoxContext (
 }
 
 /**
+  Notification for SMM ReadyToLock protocol.
+
+  @param[in] Protocol   Points to the protocol's unique identifier.
+  @param[in] Interface  Points to the interface instance.
+  @param[in] Handle The handle on which the interface was installed.
+
+  @retval EFI_SUCCESS   Notification runs successfully.
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxSmmReadyToLockNotify (
+  IN CONST EFI_GUID  *Protocol,
+  IN VOID*Interface,
+  IN EFI_HANDLE  Handle
+  )
+{
+  mSmmLockBoxSmmReadyToLock = TRUE;
+  return EFI_SUCCESS;
+}
+
+/**
+  Main entry point for an SMM handler dispatch or communicate-based callback.
+
+  @param[in] DispatchHandle  The unique h

Re: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY

[edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY

2 matches

Site Navigation

Mail list logo

Footer information