/**
Mark a variable that will become read-only after leaving the DXE phase of execution.
Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
@param[in] This The VARIABLE_LOCK_PROTOCOL instance.
@param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
@param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
@retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
as pending to be read-only.
@retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
Or VariableName is an empty string.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
**/
EFI_STATUS
EFIAPI
VariableLockRequestToLock (
IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
EFI_STATUS Status;
VAR_CHECK_VARIABLE_PROPERTY Property;
AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property);
if (!EFI_ERROR (Status)) {
Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
} else {
Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
Property.Attributes = 0;
Property.MinSize = 1;
Property.MaxSize = MAX_UINTN;
}
Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property);
DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status));
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
return Status;
}
/**
Variable property get.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[out] VariableProperty Pointer to the output variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
@retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
**/
EFI_STATUS
EFIAPI
VarCheckVariablePropertyGet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
)
{
EFI_STATUS Status;
AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
Status = VarCheckLibVariablePropertyGet (Name, Guid, VariableProperty);
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
return Status;
}
/**
SetVariable check handler UEFI defined.
@param[in] VariableName Name of Variable to set.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Attributes Attribute value of the variable.
@param[in] DataSize Size of Data to set.
@param[in] Data Data pointer.
@retval EFI_SUCCESS The SetVariable check result was success.
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, GUID,
DataSize and Data value was supplied.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
**/
EFI_STATUS
EFIAPI
SetVariableCheckHandlerUefiDefined (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
)
{
EFI_STATUS Status;
UINTN Index;
VAR_CHECK_VARIABLE_PROPERTY Property;
VAR_CHECK_VARIABLE_PROPERTY *VarCheckProperty;
INTERNAL_VAR_CHECK_FUNCTION VarCheckFunction;
if ((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0)) {
//
// Do not check delete variable.
//
return EFI_SUCCESS;
}
if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
if (!IsHwErrRecVariable (VariableName, VendorGuid)) {
return EFI_INVALID_PARAMETER;
}
}
for (Index = 0; Index < sizeof (mUefiDefinedGuid)/sizeof (mUefiDefinedGuid[0]); Index++) {
if (CompareGuid (VendorGuid, mUefiDefinedGuid[Index])) {
if (VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property) == EFI_NOT_FOUND) {
//
// To prevent name collisions with possible future globally defined variables,
// other internal firmware data variables that are not defined here must be
// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
// any other GUID defined by the UEFI Specification. Implementations must
// only permit the creation of variables with a UEFI Specification-defined
// VendorGuid when these variables are documented in the UEFI Specification.
//
DEBUG ((EFI_D_INFO, "UEFI Variable Check fail %r - %s not in %g namespace\n", EFI_INVALID_PARAMETER, VariableName, VendorGuid));
return EFI_INVALID_PARAMETER;
}
}
}
if (DataSize == 0) {
return EFI_SUCCESS;
}
VarCheckProperty = NULL;
VarCheckFunction = GetUefiDefinedVarCheckFunction (VariableName, VendorGuid, &VarCheckProperty);
if (VarCheckFunction != NULL) {
Status = VarCheckFunction (
VarCheckProperty,
DataSize,
Data
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "UEFI Variable Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName));
return Status;
}
}
return EFI_SUCCESS;
}
