diff options
| author | Ying-Chun Liu (PaulLiu) <paulliu@debian.org> | 2020-12-29 23:10:28 +0800 |
|---|---|---|
| committer | Ye Li <ye.li@nxp.com> | 2022-04-06 18:04:28 +0800 |
| commit | 7781c5a2b964a42c3057f4ebcb936e4bea83f530 (patch) | |
| tree | 55d178ad5566c248ae534142a2e8cc5ee02a38dc | |
| parent | ca6ee9034a2a9601002ecc93a724b4e4e4f04c0e (diff) | |
MLK-25478-1 efi: add Platform-Reset-Attack variables
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
(cherry picked from commit 9853e34839a96be1a3cd5d05b288f8b94b2a6a56)
(cherry picked from commit b6e65cbf97b29ee319d5ea50d1bdd52de244a704)
| -rw-r--r-- | include/efi_api.h | 4 | ||||
| -rw-r--r-- | include/efi_loader.h | 2 | ||||
| -rw-r--r-- | lib/efi_loader/efi_image_loader.c | 1 | ||||
| -rw-r--r-- | lib/efi_loader/efi_setup.c | 36 |
4 files changed, 43 insertions, 0 deletions
diff --git a/include/efi_api.h b/include/efi_api.h index 982c200172..b57b6e9a38 100644 --- a/include/efi_api.h +++ b/include/efi_api.h @@ -226,6 +226,10 @@ enum efi_reset_type { EFI_GUID(0x6dcbd5ed, 0xe82d, 0x4c44, 0xbd, 0xa1, \ 0x71, 0x94, 0x19, 0x9a, 0xd9, 0x2a) +#define EFI_MEMORY_ONLY_RESET_CONTROL_GUID \ + EFI_GUID(0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, \ + 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29) + struct efi_capsule_header { efi_guid_t capsule_guid; u32 header_size; diff --git a/include/efi_loader.h b/include/efi_loader.h index af36639ec6..cd1f2543b2 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -312,6 +312,8 @@ extern const efi_guid_t efi_guid_firmware_management_protocol; extern const efi_guid_t efi_esrt_guid; /* GUID of the SMBIOS table */ extern const efi_guid_t smbios_guid; +/* GUID of memory only reset control */ +extern const efi_guid_t efi_memory_only_reset_control_guid; extern char __efi_runtime_start[], __efi_runtime_stop[]; extern char __efi_runtime_rel_start[], __efi_runtime_rel_stop[]; diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 9611398885..b7b9aea6d3 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -27,6 +27,7 @@ const efi_guid_t efi_guid_loaded_image_device_path = const efi_guid_t efi_simple_file_system_protocol_guid = EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID; const efi_guid_t efi_file_info_guid = EFI_FILE_INFO_GUID; +const efi_guid_t efi_memory_only_reset_control_guid = EFI_MEMORY_ONLY_RESET_CONTROL_GUID; static int machines[] = { #if defined(__aarch64__) diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index eee54e4878..617f4fda9d 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -176,6 +176,37 @@ static efi_status_t efi_init_os_indications(void) /** + * efi_init_memory_only_reset_control() - indicate supported features for + * OS requests + * + * Set the MemoryOverwriteRequestControl variable. + * + * Return: status code + */ +static efi_status_t efi_init_memory_only_reset_control(void) +{ + u8 memory_only_reset_control = 0; + efi_status_t ret; + efi_uintn_t data_size = 0; + + ret = efi_get_variable_int(L"MemoryOverwriteRequestControl", + &efi_memory_only_reset_control_guid, + NULL, &data_size, + &memory_only_reset_control, NULL); + if (ret == EFI_SUCCESS) + return ret; + + ret = efi_set_variable_int(L"MemoryOverwriteRequestControl", + &efi_memory_only_reset_control_guid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_NON_VOLATILE, + sizeof(memory_only_reset_control), + &memory_only_reset_control, 0); + return ret; +} + +/** * efi_init_obj_list() - Initialize and populate EFI object list * * Return: status code @@ -226,6 +257,11 @@ efi_status_t efi_init_obj_list(void) if (ret != EFI_SUCCESS) goto out; + /* Platform Reset Attack features */ + ret = efi_init_memory_only_reset_control(); + if (ret != EFI_SUCCESS) + goto out; + /* Initialize system table */ ret = efi_initialize_system_table(); if (ret != EFI_SUCCESS) |