diff options
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 18 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 27 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c | 30 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c | 26 |
4 files changed, 88 insertions, 13 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index c2cef764e0..0c2799b42a 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -73,16 +73,28 @@ TpmNvsCommunciate ( return EFI_ACCESS_DENIED;
}
- if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+ CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
+
+ //
+ // The Primary Buffer validation
+ //
+ if (!Tcg2IsPrimaryBufferValid ((UINTN)CommBuffer, TempCommBufferSize)) {
DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __func__));
return EFI_ACCESS_DENIED;
}
//
+ // The NonPrimary Buffer validation
+ //
+ if (!Tcg2IsNonPrimaryBufferValid (CommParams->TargetAddress, EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (sizeof (TCG_NVS))))) {
+ DEBUG ((DEBUG_ERROR, "[%a] - MM NonPrimary buffer pointed from Communication buffer in invalid location!\n", __func__));
+ return EFI_ACCESS_DENIED;
+ }
+
+ //
// Farm out the job to individual functions based on what was requested.
//
- CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
- Status = EFI_SUCCESS;
+ Status = EFI_SUCCESS;
switch (CommParams->Function) {
case TpmNvsMmExchangeInfo:
DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __func__));
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 3672db939b..0be4984f87 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -55,16 +55,35 @@ Tcg2NotifyMmReady ( );
/**
- This function is an abstraction layer for implementation specific Mm buffer validation routine.
+ This function is for the Primary Buffer validation routine.
+ The Primary Buffer is the communication buffer requested from
+ Communicate protocol/PPI.
@param Buffer The buffer start address to be checked.
@param Length The buffer length to be checked.
- @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM.
- @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+ @retval TRUE This buffer is valid.
+ @retval FALSE This buffer is not valid.
**/
BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+ IN EFI_PHYSICAL_ADDRESS Buffer,
+ IN UINT64 Length
+ );
+
+/**
+ This function is for the NonPrimary Buffer validation routine.
+ The NonPrimary Buffer is the buffer which might be pointed from the
+ communication buffer.
+
+ @param Buffer The buffer start address to be checked.
+ @param Length The buffer length to be checked.
+
+ @retval TRUE This buffer is valid.
+ @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
);
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c index 9320053224..0f23662ff8 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -31,16 +31,38 @@ Tcg2NotifyMmReady ( }
/**
- This function is an abstraction layer for implementation specific Mm buffer validation routine.
+ This function is for the Primary Buffer validation routine.
+ The Primary Buffer is the communication buffer requested from
+ Communicate protocol/PPI.
@param Buffer The buffer start address to be checked.
@param Length The buffer length to be checked.
- @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM.
- @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+ @retval TRUE This buffer is valid.
+ @retval FALSE This buffer is not valid.
**/
BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+ IN EFI_PHYSICAL_ADDRESS Buffer,
+ IN UINT64 Length
+ )
+{
+ return TRUE;
+}
+
+/**
+ This function is for the Secondary Buffer validation routine.
+ The Secondary Buffer is the buffer which is pointed from the
+ communication buffer.
+
+ @param Buffer The buffer start address to be checked.
+ @param Length The buffer length to be checked.
+
+ @retval TRUE This buffer is valid.
+ @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
)
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c index f7d595e7f3..fd8a51bfd0 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c @@ -41,7 +41,9 @@ Tcg2NotifyMmReady ( }
/**
- This function is an abstraction layer for implementation specific Mm buffer validation routine.
+ This function is for the Primary Buffer validation routine.
+ The Primary Buffer is the communication buffer requested from
+ Communicate protocol/PPI.
@param Buffer The buffer start address to be checked.
@param Length The buffer length to be checked.
@@ -50,7 +52,27 @@ Tcg2NotifyMmReady ( @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
**/
BOOLEAN
-IsBufferOutsideMmValid (
+Tcg2IsPrimaryBufferValid (
+ IN EFI_PHYSICAL_ADDRESS Buffer,
+ IN UINT64 Length
+ )
+{
+ return SmmIsBufferOutsideSmmValid (Buffer, Length);
+}
+
+/**
+ This function is for the NonPrimary Buffer validation routine.
+ The NonPrimary Buffer is the buffer which is pointed from the
+ communication buffer.
+
+ @param Buffer The buffer start address to be checked.
+ @param Length The buffer length to be checked.
+
+ @retval TRUE This buffer is valid.
+ @retval FALSE This buffer is not valid.
+**/
+BOOLEAN
+Tcg2IsNonPrimaryBufferValid (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
)
|