Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

Wu, Jiaxin Wed, 08 May 2024 20:42:10 -0700

Reviewed-by: Jiaxin Wu <jiaxin...@intel.com>

> -----Original Message-----
> From: Xie, Yuanhao <yuanhao....@intel.com>
> Sent: Tuesday, May 7, 2024 2:09 PM
> To: devel@edk2.groups.io
> Cc: Liming Gao <gaolim...@byosoft.com.cn>; Wu, Jiaxin
> <jiaxin...@intel.com>; Ni, Ray <ray...@intel.com>; Xie, Yuanhao
> <yuanhao....@intel.com>
> Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.
> 
> The Lockbox Driver allows sensitive data to be securely stored in a
> designated area, thus protected against unauthorized access.
> 
> This patch adds a Standalone MM Lockbox Driver with main modifications:
> 1. Separating shared code between the Standalone MM driver and the
> DXE MM Driver.
> 2. Utilizing services from the SMM Services Table (gSmst) as opposed to
>  relying on Boot Services.
> 
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> Cc: Jiaxin Wu <jiaxin...@intel.com>
> Cc: Ray Ni <ray...@intel.com>
> 
> Signed-off-by: Yuanhao Xie <yuanhao....@intel.com>
> ---
>  MdeModulePkg/MdeModulePkg.dsc                                             |  
> 1 +
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.c        | 84
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.inf      | 56
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.uni      | 14 ++++++++++++++
> 
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> mExtra.uni | 14 ++++++++++++++
>  5 files changed, 169 insertions(+)
> 
> diff --git a/MdeModulePkg/MdeModulePkg.dsc
> b/MdeModulePkg/MdeModulePkg.dsc
> index 6bed9205ea..f0f02f180f 100644
> --- a/MdeModulePkg/MdeModulePkg.dsc
> +++ b/MdeModulePkg/MdeModulePkg.dsc
> @@ -500,6 +500,7 @@
> 
> MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCode
> RouterSmm.inf
> 
> MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCode
> RouterStandaloneMm.inf
>    MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
> +
> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneM
> m.inf
> 
> MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAlloc
> ationProfileLib.inf
> 
> MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemo
> ryAllocationProfileLib.inf
> 
> MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemo
> ryAllocationLib.inf
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.c
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.c
> new file mode 100644
> index 0000000000..503be7efa8
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.c
> @@ -0,0 +1,84 @@
> +/** @file
> +  LockBox MM driver.
> +
> +Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <PiSmm.h>
> +#include <Library/StandaloneMmDriverEntryPoint.h>
> +#include <Library/MmServicesTableLib.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/StandaloneMmMemLib.h>
> +#include <Library/LockBoxLib.h>
> +
> +#include <Protocol/SmmReadyToLock.h>
> +#include <Protocol/SmmCommunication.h>
> +#include <Protocol/LockBox.h>
> +#include <Guid/SmmLockBox.h>
> +
> +#include "SmmLockBoxCommon.h"
> +
> +/**
> +  This function is an abstraction layer for implementation specific Mm buffer
> validation routine.
> +
> +  @param Buffer  The buffer start address to be checked.
> +  @param Length  The buffer length to be checked.
> +
> +  @retval TRUE  This buffer is valid per processor architecture and not 
> overlap
> with SMRAM.
> +  @retval FALSE This buffer is not valid per processor architecture or 
> overlap
> with SMRAM.
> +**/
> +BOOLEAN
> +IsBufferOutsideMmValid (
> +  IN EFI_PHYSICAL_ADDRESS  Buffer,
> +  IN UINT64                Length
> +  )
> +{
> +  return MmIsBufferOutsideMmValid (Buffer, Length);
> +}
> +
> +/**
> +  Entry Point for LockBox MM driver.
> +
> +  @param[in] ImageHandle  Image handle of this driver.
> +  @param[in] SystemTable  A Pointer to the EFI System Table.
> +
> +  @retval EFI_SUCEESS
> +  @return Others          Some error occurs.
> +**/
> +EFI_STATUS
> +EFIAPI
> +SmmLockBoxStandaloneMmEntryPoint (
> +  IN EFI_HANDLE           ImageHandle,
> +  IN EFI_MM_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +  EFI_STATUS  Status;
> +  EFI_HANDLE  DispatchHandle;
> +  VOID        *Registration;
> +
> +  //
> +  // Register LockBox communication handler
> +  //
> +  Status = gMmst->MmiHandlerRegister (
> +                    SmmLockBoxHandler,
> +                    &gEfiSmmLockBoxCommunicationGuid,
> +                    &DispatchHandle
> +                    );
> +  ASSERT_EFI_ERROR (Status);
> +
> +  //
> +  // Register SMM Ready To Lock Protocol notification
> +  //
> +  Status = gMmst->MmRegisterProtocolNotify (
> +                    &gEfiSmmReadyToLockProtocolGuid,
> +                    SmmReadyToLockEventNotify,
> +                    &Registration
> +                    );
> +  ASSERT_EFI_ERROR (Status);
> +  return Status;
> +}
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.inf
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.inf
> new file mode 100644
> index 0000000000..544c87790c
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.inf
> @@ -0,0 +1,56 @@
> +## @file
> +#  LockBox MM driver.
> +#
> +# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
> +#
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x00010005
> +  BASE_NAME                      = SmmLockBoxStandaloneMm
> +  MODULE_UNI_FILE                = SmmLockBoxStandaloneMm.uni
> +  FILE_GUID                      = a83a87a0-8a3e-482d-86c8-84a139f6ded0
> +  MODULE_TYPE                    = MM_STANDALONE
> +  VERSION_STRING                 = 1.0
> +  PI_SPECIFICATION_VERSION       = 0x00010032
> +  ENTRY_POINT                    = SmmLockBoxStandaloneMmEntryPoint
> +
> +#
> +# The following information is for reference only and not required by the 
> build
> tools.
> +#
> +#  VALID_ARCHITECTURES           = IA32 X64
> +#
> +
> +[Sources]
> +  SmmLockBoxStandaloneMm.c
> +  SmmLockBoxCommon.c
> +  SmmLockBoxCommon.h
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  StandaloneMmPkg/StandaloneMmPkg.dec
> +
> +[LibraryClasses]
> +  MmServicesTableLib
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib
> +  LockBoxLib
> +  MemLib
> +  StandaloneMmDriverEntryPoint
> +
> +[Guids]
> +  gEfiSmmLockBoxCommunicationGuid   ## PRODUCES ## GUID #
> SmiHandlerRegister
> +
> +[Protocols]
> +  gEfiSmmReadyToLockProtocolGuid    ## NOTIFY
> +  gEfiLockBoxProtocolGuid           ## PRODUCES
> +
> +[Depex]
> +  TRUE
> +
> +[UserExtensions.TianoCore."ExtraFiles"]
> +  SmmLockBoxStandaloneMm.uni
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.uni
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.uni
> new file mode 100644
> index 0000000000..7f6218102f
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> Mm.uni
> @@ -0,0 +1,14 @@
> +// /** @file
> +// LockBox MM driver.
> +//
> +// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "LockBox MM
> driver."
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "LockBox MM
> driver."
> +
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> MmExtra.uni
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> MmExtra.uni
> new file mode 100644
> index 0000000000..a5443ca5f9
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone
> MmExtra.uni
> @@ -0,0 +1,14 @@
> +// /** @file
> +// SmmLockBox Localized Strings and Content
> +//
> +// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +#string STR_PROPERTIES_MODULE_NAME
> +#language en-US
> +"MM Lock Box Driver"
> +
> +
> --
> 2.39.1.windows.1




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118710): https://edk2.groups.io/g/devel/message/118710
Mute This Topic: https://groups.io/mt/105955701/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.

Reply via email to