From 7781c5a2b964a42c3057f4ebcb936e4bea83f530 Mon Sep 17 00:00:00 2001
From: "Ying-Chun Liu (PaulLiu)" <paulliu@debian.org>
Date: Tue, 29 Dec 2020 23:10:28 +0800
Subject: MLK-25478-1 efi: add Platform-Reset-Attack variables

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
(cherry picked from commit 9853e34839a96be1a3cd5d05b288f8b94b2a6a56)
(cherry picked from commit b6e65cbf97b29ee319d5ea50d1bdd52de244a704)
---
 include/efi_api.h                 |  4 ++++
 include/efi_loader.h              |  2 ++
 lib/efi_loader/efi_image_loader.c |  1 +
 lib/efi_loader/efi_setup.c        | 36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 43 insertions(+)

diff --git a/include/efi_api.h b/include/efi_api.h
index 982c200172..b57b6e9a38 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -226,6 +226,10 @@ enum efi_reset_type {
 	EFI_GUID(0x6dcbd5ed, 0xe82d, 0x4c44, 0xbd, 0xa1, \
 		 0x71, 0x94, 0x19, 0x9a, 0xd9, 0x2a)
 
+#define EFI_MEMORY_ONLY_RESET_CONTROL_GUID \
+	EFI_GUID(0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, \
+		 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29)
+
 struct efi_capsule_header {
 	efi_guid_t capsule_guid;
 	u32 header_size;
diff --git a/include/efi_loader.h b/include/efi_loader.h
index af36639ec6..cd1f2543b2 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -312,6 +312,8 @@ extern const efi_guid_t efi_guid_firmware_management_protocol;
 extern const efi_guid_t efi_esrt_guid;
 /* GUID of the SMBIOS table */
 extern const efi_guid_t smbios_guid;
+/* GUID of memory only reset control */
+extern const efi_guid_t efi_memory_only_reset_control_guid;
 
 extern char __efi_runtime_start[], __efi_runtime_stop[];
 extern char __efi_runtime_rel_start[], __efi_runtime_rel_stop[];
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 9611398885..b7b9aea6d3 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -27,6 +27,7 @@ const efi_guid_t efi_guid_loaded_image_device_path =
 const efi_guid_t efi_simple_file_system_protocol_guid =
 		EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID;
 const efi_guid_t efi_file_info_guid = EFI_FILE_INFO_GUID;
+const efi_guid_t efi_memory_only_reset_control_guid = EFI_MEMORY_ONLY_RESET_CONTROL_GUID;
 
 static int machines[] = {
 #if defined(__aarch64__)
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index eee54e4878..617f4fda9d 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -175,6 +175,37 @@ static efi_status_t efi_init_os_indications(void)
 }
 
 
+/**
+ * efi_init_memory_only_reset_control() - indicate supported features for
+ * OS requests
+ *
+ * Set the MemoryOverwriteRequestControl variable.
+ *
+ * Return:	status code
+ */
+static efi_status_t efi_init_memory_only_reset_control(void)
+{
+	u8 memory_only_reset_control = 0;
+	efi_status_t ret;
+	efi_uintn_t data_size = 0;
+
+	ret = efi_get_variable_int(L"MemoryOverwriteRequestControl",
+				   &efi_memory_only_reset_control_guid,
+				   NULL, &data_size,
+				   &memory_only_reset_control, NULL);
+	if (ret == EFI_SUCCESS)
+		return ret;
+
+	ret = efi_set_variable_int(L"MemoryOverwriteRequestControl",
+				   &efi_memory_only_reset_control_guid,
+				   EFI_VARIABLE_BOOTSERVICE_ACCESS |
+				   EFI_VARIABLE_RUNTIME_ACCESS |
+				   EFI_VARIABLE_NON_VOLATILE,
+				   sizeof(memory_only_reset_control),
+				   &memory_only_reset_control, 0);
+	return ret;
+}
+
 /**
  * efi_init_obj_list() - Initialize and populate EFI object list
  *
@@ -226,6 +257,11 @@ efi_status_t efi_init_obj_list(void)
 	if (ret != EFI_SUCCESS)
 		goto out;
 
+	/* Platform Reset Attack features */
+	ret = efi_init_memory_only_reset_control();
+	if (ret != EFI_SUCCESS)
+		goto out;
+
 	/* Initialize system table */
 	ret = efi_initialize_system_table();
 	if (ret != EFI_SUCCESS)
-- 
cgit v1.2.3