Reviewed-by: Jiaxin Wu <jiaxin...@intel.com> > -----Original Message----- > From: Xie, Yuanhao <yuanhao....@intel.com> > Sent: Tuesday, May 7, 2024 2:09 PM > To: devel@edk2.groups.io > Cc: Liming Gao <gaolim...@byosoft.com.cn>; Wu, Jiaxin > <jiaxin...@intel.com>; Ni, Ray <ray...@intel.com>; Xie, Yuanhao > <yuanhao....@intel.com> > Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver. > > The Lockbox Driver allows sensitive data to be securely stored in a > designated area, thus protected against unauthorized access. > > This patch adds a Standalone MM Lockbox Driver with main modifications: > 1. Separating shared code between the Standalone MM driver and the > DXE MM Driver. > 2. Utilizing services from the SMM Services Table (gSmst) as opposed to > relying on Boot Services. > > Cc: Liming Gao <gaolim...@byosoft.com.cn> > Cc: Jiaxin Wu <jiaxin...@intel.com> > Cc: Ray Ni <ray...@intel.com> > > Signed-off-by: Yuanhao Xie <yuanhao....@intel.com> > --- > MdeModulePkg/MdeModulePkg.dsc | > 1 + > > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM > m.c | 84 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++ > > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM > m.inf | 56 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM > m.uni | 14 ++++++++++++++ > > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM > mExtra.uni | 14 ++++++++++++++ > 5 files changed, 169 insertions(+) > > diff --git a/MdeModulePkg/MdeModulePkg.dsc > b/MdeModulePkg/MdeModulePkg.dsc > index 6bed9205ea..f0f02f180f 100644 > --- a/MdeModulePkg/MdeModulePkg.dsc > +++ b/MdeModulePkg/MdeModulePkg.dsc > @@ -500,6 +500,7 @@ > > MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCode > RouterSmm.inf > > MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCode > RouterStandaloneMm.inf > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf > + > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM > m.inf > > MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAlloc > ationProfileLib.inf > > MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemo > ryAllocationProfileLib.inf > > MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemo > ryAllocationLib.inf > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.c > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.c > new file mode 100644 > index 0000000000..503be7efa8 > --- /dev/null > +++ > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.c > @@ -0,0 +1,84 @@ > +/** @file > + LockBox MM driver. > + > +Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> > + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include <PiSmm.h> > +#include <Library/StandaloneMmDriverEntryPoint.h> > +#include <Library/MmServicesTableLib.h> > +#include <Library/BaseLib.h> > +#include <Library/BaseMemoryLib.h> > +#include <Library/DebugLib.h> > +#include <Library/StandaloneMmMemLib.h> > +#include <Library/LockBoxLib.h> > + > +#include <Protocol/SmmReadyToLock.h> > +#include <Protocol/SmmCommunication.h> > +#include <Protocol/LockBox.h> > +#include <Guid/SmmLockBox.h> > + > +#include "SmmLockBoxCommon.h" > + > +/** > + This function is an abstraction layer for implementation specific Mm buffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not > overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or > overlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ) > +{ > + return MmIsBufferOutsideMmValid (Buffer, Length); > +} > + > +/** > + Entry Point for LockBox MM driver. > + > + @param[in] ImageHandle Image handle of this driver. > + @param[in] SystemTable A Pointer to the EFI System Table. > + > + @retval EFI_SUCEESS > + @return Others Some error occurs. > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxStandaloneMmEntryPoint ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_MM_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + EFI_HANDLE DispatchHandle; > + VOID *Registration; > + > + // > + // Register LockBox communication handler > + // > + Status = gMmst->MmiHandlerRegister ( > + SmmLockBoxHandler, > + &gEfiSmmLockBoxCommunicationGuid, > + &DispatchHandle > + ); > + ASSERT_EFI_ERROR (Status); > + > + // > + // Register SMM Ready To Lock Protocol notification > + // > + Status = gMmst->MmRegisterProtocolNotify ( > + &gEfiSmmReadyToLockProtocolGuid, > + SmmReadyToLockEventNotify, > + &Registration > + ); > + ASSERT_EFI_ERROR (Status); > + return Status; > +} > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.inf > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.inf > new file mode 100644 > index 0000000000..544c87790c > --- /dev/null > +++ > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.inf > @@ -0,0 +1,56 @@ > +## @file > +# LockBox MM driver. > +# > +# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 0x00010005 > + BASE_NAME = SmmLockBoxStandaloneMm > + MODULE_UNI_FILE = SmmLockBoxStandaloneMm.uni > + FILE_GUID = a83a87a0-8a3e-482d-86c8-84a139f6ded0 > + MODULE_TYPE = MM_STANDALONE > + VERSION_STRING = 1.0 > + PI_SPECIFICATION_VERSION = 0x00010032 > + ENTRY_POINT = SmmLockBoxStandaloneMmEntryPoint > + > +# > +# The following information is for reference only and not required by the > build > tools. > +# > +# VALID_ARCHITECTURES = IA32 X64 > +# > + > +[Sources] > + SmmLockBoxStandaloneMm.c > + SmmLockBoxCommon.c > + SmmLockBoxCommon.h > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + StandaloneMmPkg/StandaloneMmPkg.dec > + > +[LibraryClasses] > + MmServicesTableLib > + BaseLib > + BaseMemoryLib > + DebugLib > + LockBoxLib > + MemLib > + StandaloneMmDriverEntryPoint > + > +[Guids] > + gEfiSmmLockBoxCommunicationGuid ## PRODUCES ## GUID # > SmiHandlerRegister > + > +[Protocols] > + gEfiSmmReadyToLockProtocolGuid ## NOTIFY > + gEfiLockBoxProtocolGuid ## PRODUCES > + > +[Depex] > + TRUE > + > +[UserExtensions.TianoCore."ExtraFiles"] > + SmmLockBoxStandaloneMm.uni > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.uni > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.uni > new file mode 100644 > index 0000000000..7f6218102f > --- /dev/null > +++ > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > Mm.uni > @@ -0,0 +1,14 @@ > +// /** @file > +// LockBox MM driver. > +// > +// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> > +// > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "LockBox MM > driver." > + > +#string STR_MODULE_DESCRIPTION #language en-US "LockBox MM > driver." > + > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > MmExtra.uni > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > MmExtra.uni > new file mode 100644 > index 0000000000..a5443ca5f9 > --- /dev/null > +++ > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone > MmExtra.uni > @@ -0,0 +1,14 @@ > +// /** @file > +// SmmLockBox Localized Strings and Content > +// > +// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> > +// > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > +#string STR_PROPERTIES_MODULE_NAME > +#language en-US > +"MM Lock Box Driver" > + > + > -- > 2.39.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118710): https://edk2.groups.io/g/devel/message/118710 Mute This Topic: https://groups.io/mt/105955701/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-