Sync patches r15388, r15404, r15405, and r15409 from main trunk.

1. MdeModulePkg/SecurityPkg Variable: Calculate enough space for PlatformLang and Lang variables
   and use PcdUefiVariableDefaultLangDeprecate to turn off auto update between PlatformLang and Lang variables.
2. Calculate enough space for 2 variables (public key and variable data) instead of directly setting them 1 by 1.
   Fixed a bug in public key reclaim().
3. Remove hide TPM support.
4. SecurityPkg Variable: Add NULL pointer check.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <[email protected]>

git-svn-id: https://svn.code.sf.net/p/edk2/code/branches/UDK2010.SR1@15414 6f19259b-4bc3-4df7-8a09-765794883524

IntelFrameworkModulePkg/Universal/BdsDxe/Language.c

@@ -461,7 +461,7 @@ InitializeLanguage (
   if (LangCodesSettingRequired) {
     if (!FeaturePcdGet (PcdUefiVariableDefaultLangDeprecate)) {
       //
-      // UEFI 2.1 depricated this variable so we support turning it off
+      // UEFI 2.0 depricated this variable so we support turning it off
       //
       Status = gRT->SetVariable (
                       L"LangCodes",
@@ -491,7 +491,7 @@ InitializeLanguage (
 
   if (!FeaturePcdGet (PcdUefiVariableDefaultLangDeprecate)) {
     //
-    // UEFI 2.1 depricated this variable so we support turning it off
+    // UEFI 2.0 depricated this variable so we support turning it off
     //
     InitializeLangVariable (L"Lang", LangCodes, (CHAR8 *) PcdGetPtr (PcdUefiVariableDefaultLang), TRUE);
   }

MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h

@@ -3,7 +3,7 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by Variable modules.
 
-Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -42,6 +42,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Guid/FaultTolerantWrite.h>
 #include <Guid/HardwareErrorVariable.h>
 
+#define VARIABLE_ATTRIBUTE_BS_RT        (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT     (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
+
 #define VARIABLE_RECLAIM_THRESHOLD (1024)
 
 ///
@@ -94,10 +97,8 @@ typedef struct {
 typedef struct {
   EFI_GUID    *Guid;
   CHAR16      *Name;
-  UINT32      Attributes;
-  UINTN       DataSize;
-  VOID        *Data;
-} VARIABLE_CACHE_ENTRY;
+  UINTN       VariableSize;
+} VARIABLE_ENTRY_CONSISTENCY;
 
 typedef struct {
   EFI_GUID    Guid;
@@ -438,6 +439,31 @@ VariableServiceSetVariable (
   IN VOID                    *Data
   );
 
+/**
+
+  This code returns information about the EFI variables.
+
+  @param Attributes                     Attributes bitmask to specify the type of variables
+                                        on which to return information.
+  @param MaximumVariableStorageSize     Pointer to the maximum size of the storage space available
+                                        for the EFI variables associated with the attributes specified.
+  @param RemainingVariableStorageSize   Pointer to the remaining size of the storage space available
+                                        for EFI variables associated with the attributes specified.
+  @param MaximumVariableSize            Pointer to the maximum size of an individual EFI variables
+                                        associated with the attributes specified.
+
+  @return EFI_SUCCESS                   Query successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableServiceQueryVariableInfoInternal (
+  IN  UINT32                 Attributes,
+  OUT UINT64                 *MaximumVariableStorageSize,
+  OUT UINT64                 *RemainingVariableStorageSize,
+  OUT UINT64                 *MaximumVariableSize
+  );
+
 /**
 
   This code returns information about the EFI variables.

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf

@@ -2,7 +2,7 @@
 # Component description file for Variable module.
 #
 # This module installs three EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName.
-# Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@@ -80,7 +80,8 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize
 
 [FeaturePcd]
-  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics  ## SOMETIME_CONSUMES (statistic the information of variable.)
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics  ## CONSUMES # statistic the information of variable.
+  gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES
 
 [Depex]
   TRUE

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf

@@ -11,13 +11,13 @@
 #
 #  Caution: This module requires additional review when modified.
 #  This driver will have external input - variable data and communicate buffer in SMM mode.
-#  This external input must be validated carefully to avoid security issue like
-#  buffer overflow, integer overflow.
-#
-# Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
+#  This external input must be validated carefully to avoid security issue like
+#  buffer overflow, integer overflow.
+#
+# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
 # http://opensource.org/licenses/bsd-license.php
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@@ -86,12 +86,13 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize
   gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize
-  gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize
-
-[FeaturePcd]
-  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics  ## SOMETIME_CONSUMES (statistic the information of variable.)
-
-[Depex]
-  TRUE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize
+
+[FeaturePcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics  ## CONSUMES # statistic the information of variable.
+  gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES
+
+[Depex]
+  TRUE
 
 

MdePkg/MdePkg.dec

@@ -1308,7 +1308,8 @@
   ## If TRUE, the driver diagnostics2 protocol will not be installed.
   gEfiMdePkgTokenSpaceGuid.PcdDriverDiagnostics2Disable|FALSE|BOOLEAN|0x00000011
 
-  ## Indicates whether EFI 1.1 ISO 639-2 language supports are obsolete
+  ## Indicates whether EFI 1.1 ISO 639-2 language supports are obsolete.
+  #  If TRUE, Variable driver will be also not to auto update between PlatformLang and Lang variables.
   gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate|FALSE|BOOLEAN|0x00000012
 
   ## If TRUE, UGA Draw Protocol is still consumed.

SecurityPkg/SecurityPkg.dec

@@ -162,15 +162,7 @@
   #  If 1, TCG platform type is server.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006
 
-  ## The PCD is used to control whether to support hiding the TPM.
-  #  If TRUE, PcdHideTpm controls whether to hide the TPM.
-  #  This pcd is only for validation purpose. It should be set to false in production.
-  gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport|FALSE|BOOLEAN|0x00000007
-
 [PcdsDynamic, PcdsDynamicEx]
-  ## The PCD is used to control whether to hide the TPM.
-  gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm|FALSE|BOOLEAN|0x00010002
-
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## This PCD indicates the presence or absence of the platform operator.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001

SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr

@@ -1,7 +1,7 @@
 /** @file
   VFR file used by the TCG configuration component.
 
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -44,32 +44,13 @@ formset
       endcheckbox;
     endif;
 
-    suppressif TRUE;
-      checkbox varid   = TCG_CONFIGURATION.OriginalHideTpm,
-              prompt   = STRING_TOKEN(STR_NULL),
-              help     = STRING_TOKEN(STR_NULL),
-      endcheckbox;
-    endif;
-
     text
       help   = STRING_TOKEN(STR_TPM_STATE_HELP),
       text   = STRING_TOKEN(STR_TPM_STATE_PROMPT),
         text   = STRING_TOKEN(STR_TPM_STATE_CONTENT);
 
     subtitle text = STRING_TOKEN(STR_NULL);
 
-    label LABEL_TCG_CONFIGURATION_HIDETPM;
-
-    checkbox varid = TCG_CONFIGURATION.HideTpm,
-          questionid  = KEY_HIDE_TPM,
-          prompt      = STRING_TOKEN(STR_HIDE_TPM_PROMPT),
-          help        = STRING_TOKEN(STR_HIDE_TPM_HELP),
-          flags       = RESET_REQUIRED,
-    endcheckbox;
-
-    label LABEL_END;
-
-    grayoutif ideqval TCG_CONFIGURATION.OriginalHideTpm == 1;
     oneof varid  = TCG_CONFIGURATION.TpmOperation,
           questionid = KEY_TPM_ACTION,
           prompt = STRING_TOKEN(STR_TPM_OPERATION),
@@ -102,8 +83,6 @@ formset
 
     subtitle text = STRING_TOKEN(STR_NULL);
 
-    endif;
-
   endform;
 
 endformset;

SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c

@@ -1,7 +1,7 @@
 /** @file
   The module entry point for Tcg configuration module.
 
-Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -75,7 +75,6 @@ TcgConfigDriverEntryPoint (
   }
 
   PrivateData->TcgProtocol = TcgProtocol;
-  PrivateData->HideTpm     = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));
 
   //
   // Install TCG configuration form

SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf

@@ -1,7 +1,7 @@
 ## @file
 #  Component name for Tcg configuration module.
 #
-# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -63,11 +63,7 @@
   gEfiHiiConfigRoutingProtocolGuid              ## CONSUMES
   gEfiTcgProtocolGuid                           ## CONSUMES
 
-[FixedPcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport
-
 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
 
 [Depex]

SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c

@@ -1,7 +1,7 @@
 /** @file
   HII Config Access protocol implementation of TCG configuration module.
 
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -182,11 +182,6 @@ TcgExtractConfig (
   ZeroMem (&Configuration, sizeof (TCG_CONFIGURATION));
 
   Configuration.TpmOperation    = PHYSICAL_PRESENCE_ENABLE;
-  Configuration.HideTpm         = (BOOLEAN) (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm));
-  //
-  // Read the original value of HideTpm from PrivateData which won't be changed by Setup in this boot.
-  //
-  Configuration.OriginalHideTpm = PrivateData->HideTpm;
 
   //
   // Display current TPM state.
@@ -307,8 +302,6 @@ TcgRouteConfig (
     return Status;
   }
 
-  PcdSetBool (PcdHideTpm,    TcgConfiguration.HideTpm);
-
   return EFI_SUCCESS;
 }
 
@@ -425,11 +418,6 @@ InstallTcgConfigForm (
   EFI_STATUS                      Status;
   EFI_HII_HANDLE                  HiiHandle;
   EFI_HANDLE                      DriverHandle;
-  VOID                            *StartOpCodeHandle;
-  VOID                            *EndOpCodeHandle;
-  EFI_IFR_GUID_LABEL              *StartLabel;
-  EFI_IFR_GUID_LABEL              *EndLabel;
-
   EFI_HII_CONFIG_ACCESS_PROTOCOL  *ConfigAccess;
 
   DriverHandle = NULL;
@@ -473,39 +461,6 @@ InstallTcgConfigForm (
 
   PrivateData->HiiHandle = HiiHandle;
 
-  //
-  // Remove the Hide TPM question from the IFR
-  //
-  if (!PcdGetBool (PcdHideTpmSupport)) {
-    //
-    // Allocate space for creation of UpdateData Buffer
-    //
-    StartOpCodeHandle = HiiAllocateOpCodeHandle ();
-    ASSERT (StartOpCodeHandle != NULL);
-
-    EndOpCodeHandle = HiiAllocateOpCodeHandle ();
-    ASSERT (EndOpCodeHandle != NULL);
-
-    //
-    // Create Hii Extend Label OpCode as the start opcode
-    //
-    StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
-    StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-    StartLabel->Number       = LABEL_TCG_CONFIGURATION_HIDETPM;
-
-    //
-    // Create Hii Extend Label OpCode as the end opcode
-    //
-    EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
-    EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-    EndLabel->Number       = LABEL_END;
-
-    HiiUpdateForm (HiiHandle, NULL, TCG_CONFIGURATION_FORM_ID, StartOpCodeHandle, EndOpCodeHandle);
-
-    HiiFreeOpCodeHandle (StartOpCodeHandle);
-    HiiFreeOpCodeHandle (EndOpCodeHandle);
-  }
-
   return EFI_SUCCESS;  
 }
 

SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h

@@ -2,7 +2,7 @@
   The header file of HII Config Access protocol implementation of TCG
   configuration module.
 
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -62,8 +62,6 @@ typedef struct {
   EFI_HANDLE                        DriverHandle;  
 
   EFI_TCG_PROTOCOL                  *TcgProtocol;
-
-  BOOLEAN                           HideTpm;
 } TCG_CONFIG_PRIVATE_DATA;
 
 extern TCG_CONFIG_PRIVATE_DATA      mTcgConfigPrivateDateTemplate;

SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h

@@ -1,7 +1,7 @@
 /** @file
   Header file for NV data structure definition.
 
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD License 
 which accompanies this distribution.  The full text of the license may be found at 
@@ -22,19 +22,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define TCG_CONFIGURATION_VARSTORE_ID  0x0001
 #define TCG_CONFIGURATION_FORM_ID      0x0001
 
-#define KEY_HIDE_TPM                   0x2000
-#define KEY_TPM_ACTION                 0x3000
-#define KEY_TPM_MOR_ENABLE             0x4000
+#define KEY_TPM_ACTION                         0x3000
 
-#define LABEL_TCG_CONFIGURATION_HIDETPM  0x0001
-#define LABEL_END                        0xffff
+#define LABEL_TCG_CONFIGURATION_TPM_OPERATION  0x0001
+#define LABEL_END                              0xffff
 
 //
 // Nv Data structure referenced by IFR
 //
 typedef struct {
-  BOOLEAN HideTpm;
-  BOOLEAN OriginalHideTpm;
   UINT8   TpmOperation;
   BOOLEAN TpmEnable;
   BOOLEAN TpmActivate;