From 1c837cd545b6b91c41f1fbebf84b54cb7ccf499e Mon Sep 17 00:00:00 2001 From: jljusten Date: Tue, 19 Jul 2011 20:47:28 +0000 Subject: MdeModulePkg: Add SMM LockBox This includes: * LockBox protocol definition * LockBoxLib library interface definition * SmmLockBox GUID * LockBoxNullLib library implementation * 2 SmmLockBoxLib library implementations * SmmLockBox SMM driver Signed-off-by: jljusten Reviewed-by: mdkinney Reviewed-by: geekboy15a Reviewed-by: jyao1 Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12029 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Include/Guid/SmmLockBox.h | 73 ++++++++++++++++ MdeModulePkg/Include/Library/LockBoxLib.h | 133 ++++++++++++++++++++++++++++++ MdeModulePkg/Include/Protocol/LockBox.h | 31 +++++++ 3 files changed, 237 insertions(+) create mode 100644 MdeModulePkg/Include/Guid/SmmLockBox.h create mode 100644 MdeModulePkg/Include/Library/LockBoxLib.h create mode 100644 MdeModulePkg/Include/Protocol/LockBox.h (limited to 'MdeModulePkg/Include') diff --git a/MdeModulePkg/Include/Guid/SmmLockBox.h b/MdeModulePkg/Include/Guid/SmmLockBox.h new file mode 100644 index 000000000..8422847c5 --- /dev/null +++ b/MdeModulePkg/Include/Guid/SmmLockBox.h @@ -0,0 +1,73 @@ +/** @file + SmmLockBox guid header file. + +Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _SMM_LOCK_BOX_GUID_H_ +#define _SMM_LOCK_BOX_GUID_H_ + +#define EFI_SMM_LOCK_BOX_COMMUNICATION_GUID \ + {0x2a3cfebd, 0x27e8, 0x4d0a, {0x8b, 0x79, 0xd6, 0x88, 0xc2, 0xa3, 0xe1, 0xc0}} + +// +// Below data structure is used for communication between PEI/DXE to SMM. +// + +#define EFI_SMM_LOCK_BOX_COMMAND_SAVE 0x1 +#define EFI_SMM_LOCK_BOX_COMMAND_UPDATE 0x2 +#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE 0x3 +#define EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES 0x4 +#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE 0x5 + +typedef struct { + UINT32 Command; + UINT32 DataLength; + UINT64 ReturnStatus; +} EFI_SMM_LOCK_BOX_PARAMETER_HEADER; + +typedef struct { + EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header; + GUID Guid; + PHYSICAL_ADDRESS Buffer; + UINT64 Length; +} EFI_SMM_LOCK_BOX_PARAMETER_SAVE; + +typedef struct { + EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header; + GUID Guid; + UINT64 Offset; + PHYSICAL_ADDRESS Buffer; + UINT64 Length; +} EFI_SMM_LOCK_BOX_PARAMETER_UPDATE; + +typedef struct { + EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header; + GUID Guid; + PHYSICAL_ADDRESS Buffer; + UINT64 Length; +} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE; + +typedef struct { + EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header; + GUID Guid; + UINT64 Attributes; +} EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES; + +typedef struct { + EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header; +} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE; + +extern EFI_GUID gEfiSmmLockBoxCommunicationGuid; + +#endif diff --git a/MdeModulePkg/Include/Library/LockBoxLib.h b/MdeModulePkg/Include/Library/LockBoxLib.h new file mode 100644 index 000000000..db7fd05de --- /dev/null +++ b/MdeModulePkg/Include/Library/LockBoxLib.h @@ -0,0 +1,133 @@ +/** @file + This library is only intended to be used by DXE modules that need save + confidential information to LockBox and get it by PEI modules in S3 phase. + +Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _LOCK_BOX_LIB_H_ +#define _LOCK_BOX_LIB_H_ + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ); + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ); + +// +// With this flag, this LockBox can be restored to this Buffer with RestoreAllLockBoxInPlace() +// +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ); + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ); + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ); + +#endif diff --git a/MdeModulePkg/Include/Protocol/LockBox.h b/MdeModulePkg/Include/Protocol/LockBox.h new file mode 100644 index 000000000..a3533c536 --- /dev/null +++ b/MdeModulePkg/Include/Protocol/LockBox.h @@ -0,0 +1,31 @@ +/** @file + LockBox protocol header file. + This is used to resolve dependency problem. The LockBox implementation + install this to broadcast that LockBox API is ready. The driver who will + use LockBox at its ENTRYPOINT should add this dependency. + +Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _LOCK_BOX_PROTOCOL_H_ +#define _LOCK_BOX_PROTOCOL_H_ + +/// +/// Global ID for the EFI LOCK BOX Protocol. +/// +#define EFI_LOCK_BOX_PROTOCOL_GUID \ + { 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }} + +extern EFI_GUID gEfiLockBoxProtocolGuid; + +#endif -- cgit v1.2.3