Reviewed-by: Ray Ni <ray...@intel.com>
Thanks,
Ray
________________________________
From: Xie, Yuanhao <yuanhao....@intel.com>
Sent: Tuesday, May 7, 2024 14:09
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Liming Gao <gaolim...@byosoft.com.cn>; Wu, Jiaxin <jiaxin...@intel.com>;
Ni, Ray <ray...@intel.com>; Xie, Yuanhao <yuanhao....@intel.com>
Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.
The Lockbox Driver allows sensitive data to be securely stored in a
designated area, thus protected against unauthorized access.
This patch adds a Standalone MM Lockbox Driver with main modifications:
1. Separating shared code between the Standalone MM driver and the
DXE MM Driver.
2. Utilizing services from the SMM Services Table (gSmst) as opposed to
relying on Boot Services.
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Jiaxin Wu <jiaxin...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao....@intel.com>
---
MdeModulePkg/MdeModulePkg.dsc | 1
+
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c | 84
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf | 56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni | 14
++++++++++++++
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni | 14
++++++++++++++
5 files changed, 169 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 6bed9205ea..f0f02f180f 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -500,6 +500,7 @@
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterStandaloneMm.inf
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
+ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAllocationProfileLib.inf
MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationProfileLib.inf
MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
new file mode 100644
index 0000000000..503be7efa8
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c
@@ -0,0 +1,84 @@
+/** @file
+ LockBox MM driver.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiSmm.h>
+#include <Library/StandaloneMmDriverEntryPoint.h>
+#include <Library/MmServicesTableLib.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/StandaloneMmMemLib.h>
+#include <Library/LockBoxLib.h>
+
+#include <Protocol/SmmReadyToLock.h>
+#include <Protocol/SmmCommunication.h>
+#include <Protocol/LockBox.h>
+#include <Guid/SmmLockBox.h>
+
+#include "SmmLockBoxCommon.h"
+
+/**
+ This function is an abstraction layer for implementation specific Mm buffer
validation routine.
+
+ @param Buffer The buffer start address to be checked.
+ @param Length The buffer length to be checked.
+
+ @retval TRUE This buffer is valid per processor architecture and not
overlap with SMRAM.
+ @retval FALSE This buffer is not valid per processor architecture or overlap
with SMRAM.
+**/
+BOOLEAN
+IsBufferOutsideMmValid (
+ IN EFI_PHYSICAL_ADDRESS Buffer,
+ IN UINT64 Length
+ )
+{
+ return MmIsBufferOutsideMmValid (Buffer, Length);
+}
+
+/**
+ Entry Point for LockBox MM driver.
+
+ @param[in] ImageHandle Image handle of this driver.
+ @param[in] SystemTable A Pointer to the EFI System Table.
+
+ @retval EFI_SUCEESS
+ @return Others Some error occurs.
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxStandaloneMmEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_MM_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE DispatchHandle;
+ VOID *Registration;
+
+ //
+ // Register LockBox communication handler
+ //
+ Status = gMmst->MmiHandlerRegister (
+ SmmLockBoxHandler,
+ &gEfiSmmLockBoxCommunicationGuid,
+ &DispatchHandle
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // Register SMM Ready To Lock Protocol notification
+ //
+ Status = gMmst->MmRegisterProtocolNotify (
+ &gEfiSmmReadyToLockProtocolGuid,
+ SmmReadyToLockEventNotify,
+ &Registration
+ );
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+}
diff --git
a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
new file mode 100644
index 0000000000..544c87790c
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf
@@ -0,0 +1,56 @@
+## @file
+# LockBox MM driver.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SmmLockBoxStandaloneMm
+ MODULE_UNI_FILE = SmmLockBoxStandaloneMm.uni
+ FILE_GUID = a83a87a0-8a3e-482d-86c8-84a139f6ded0
+ MODULE_TYPE = MM_STANDALONE
+ VERSION_STRING = 1.0
+ PI_SPECIFICATION_VERSION = 0x00010032
+ ENTRY_POINT = SmmLockBoxStandaloneMmEntryPoint
+
+#
+# The following information is for reference only and not required by the
build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ SmmLockBoxStandaloneMm.c
+ SmmLockBoxCommon.c
+ SmmLockBoxCommon.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ StandaloneMmPkg/StandaloneMmPkg.dec
+
+[LibraryClasses]
+ MmServicesTableLib
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ LockBoxLib
+ MemLib
+ StandaloneMmDriverEntryPoint
+
+[Guids]
+ gEfiSmmLockBoxCommunicationGuid ## PRODUCES ## GUID # SmiHandlerRegister
+
+[Protocols]
+ gEfiSmmReadyToLockProtocolGuid ## NOTIFY
+ gEfiLockBoxProtocolGuid ## PRODUCES
+
+[Depex]
+ TRUE
+
+[UserExtensions.TianoCore."ExtraFiles"]
+ SmmLockBoxStandaloneMm.uni
diff --git
a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni
new file mode 100644
index 0000000000..7f6218102f
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni
@@ -0,0 +1,14 @@
+// /** @file
+// LockBox MM driver.
+//
+// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "LockBox MM driver."
+
+#string STR_MODULE_DESCRIPTION #language en-US "LockBox MM driver."
+
diff --git
a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni
b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni
new file mode 100644
index 0000000000..a5443ca5f9
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni
@@ -0,0 +1,14 @@
+// /** @file
+// SmmLockBox Localized Strings and Content
+//
+// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"MM Lock Box Driver"
+
+
--
2.39.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118655): https://edk2.groups.io/g/devel/message/118655
Mute This Topic: https://groups.io/mt/105955701/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
