diff options
| author | Star Zeng <star.zeng@intel.com> | 2015-03-17 06:41:40 +0000 |
|---|---|---|
| committer | lzeng14 <lzeng14@Edk2> | 2015-03-17 06:41:40 +0000 |
| commit | ba9d087b8fb91f19c9accf9541332a36889e18ed (patch) | |
| tree | 9caabffcbb7a39d6802284c4d4f03f8e29d5e79d /SecurityPkg/VariableAuthenticated | |
| parent | 856236cad77652dde9be649c54e18ad4d39ffaab (diff) | |
| download | edk2-ba9d087b8fb91f19c9accf9541332a36889e18ed.tar.gz edk2-ba9d087b8fb91f19c9accf9541332a36889e18ed.tar.bz2 edk2-ba9d087b8fb91f19c9accf9541332a36889e18ed.zip | |
SecurityPkg Variable: Reuse scratch data area(at the end of volatile variable store)
as serialization runtime buffer to reduce SMRAM consumption for SMM variable driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17059 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
4 files changed, 29 insertions, 21 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 9b8f63f089..1e9e1907c0 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -56,14 +56,6 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; VOID *mHashCtx = NULL;
//
-// The serialization of the values of the VariableName, VendorGuid and Attributes
-// parameters of the SetVariable() call and the TimeStamp component of the
-// EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value
-// i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data)
-//
-UINT8 *mSerializationRuntimeBuffer = NULL;
-
-//
// Requirement for different signature type which have been defined in UEFI spec.
// These data are used to peform SignatureList format check while setting PK/KEK variable.
//
@@ -183,15 +175,6 @@ AutenticatedVariableServiceInitialize ( }
//
- // Prepare runtime buffer for serialized data of time-based authenticated
- // Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).
- //
- mSerializationRuntimeBuffer = AllocateRuntimePool (PcdGet32 (PcdMaxVariableSize) + sizeof (EFI_GUID) + sizeof (UINT32) + sizeof (EFI_TIME));
- if (mSerializationRuntimeBuffer == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
// Check "AuthVarKeyDatabase" variable's existence.
// If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
@@ -2267,11 +2250,21 @@ VerifyTimeBasedPayload ( PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
//
- // Construct a buffer to fill with (VariableName, VendorGuid, Attributes, TimeStamp, Data).
+ // Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes
+ // parameters of the SetVariable() call and the TimeStamp component of the
+ // EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value
+ // i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data)
//
NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) +
sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16);
- NewData = mSerializationRuntimeBuffer;
+ //
+ // Here is to reuse scratch data area(at the end of volatile variable store)
+ // to reduce SMRAM consumption for SMM variable driver.
+ // The scratch buffer is enough to hold the serialized data and safe to use,
+ // because it will be used at here to do verification only first
+ // and then used in UpdateVariable() for a time based auth variable set.
+ //
+ NewData = (UINT8 *) GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase));
Buffer = NewData;
Length = StrLen (VariableName) * sizeof (CHAR16);
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index e0804f4e34..f28c82578e 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -351,6 +351,5 @@ extern UINT8 *mPubKeyStore; extern UINT8 *mCertDbStore;
extern UINT32 mPubKeyNumber;
extern VOID *mHashCtx;
-extern UINT8 *mSerializationRuntimeBuffer;
#endif
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h index f86b202fda..fd4dab2429 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h @@ -196,6 +196,23 @@ FindVariable ( /**
+ Gets the pointer to the end of the variable storage area.
+
+ This function gets pointer to the end of the variable storage
+ area, according to the input variable store header.
+
+ @param VarStoreHeader Pointer to the Variable Store Header.
+
+ @return Pointer to the end of the variable storage area.
+
+**/
+VARIABLE_HEADER *
+GetEndPointer (
+ IN VARIABLE_STORE_HEADER *VarStoreHeader
+ );
+
+/**
+
This code gets the pointer to the variable data.
@param Variable Pointer to the Variable Header.
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c index 05a90fa8fc..f5bb9963e0 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c @@ -247,7 +247,6 @@ VariableClassAddressChangeEvent ( EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
EfiConvertPointer (0x0, (VOID **) &mHashCtx);
- EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
EfiConvertPointer (0x0, (VOID **) &mPubKeyStore);
EfiConvertPointer (0x0, (VOID **) &mCertDbStore);
|