Added MM_STANDALONE support in Driver and BaseCryptLibOnProtocolPpi --- CryptoPkg/CryptoPkg.dsc | 59 ++++++++++++++ CryptoPkg/Driver/CryptoStandaloneMm.c | 41 ++++++++++ CryptoPkg/Driver/CryptoStandaloneMm.inf | 48 +++++++++++ .../StandaloneMmCryptLib.c | 79 +++++++++++++++++++ .../StandaloneMmCryptLib.inf | 45 +++++++++++ 5 files changed, 272 insertions(+) create mode 100644 CryptoPkg/Driver/CryptoStandaloneMm.c create mode 100644 CryptoPkg/Driver/CryptoStandaloneMm.inf create mode 100644 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c create mode 100644 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.inf
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index d4400696b8..cbd11e265e 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -83,6 +83,11 @@ DEFINE SMM_FULL_GUID = 1930CE7E-6598-48ED-8AB1-EBE7E85EC254 DEFINE SMM_STD_ACCEL_GUID = 828959D3-CEA6-4B79-B1FC-5AFA0D7F2144 DEFINE SMM_FULL_ACCEL_GUID = C1760694-AB3A-4532-8C6D-52D8F86EB1AA + DEFINE MM_STANDALONE_CRYPTO_GUID = 4e14baae-8aa0-4f28-b1f0-53215e4dea81 + DEFINE MM_STANDALONE_STD_GUID = fb88ffe8-c6e3-4752-8e85-0865df7cdb1f + DEFINE MM_STANDALONE_FULL_GUID = 4a6f4c6e-6207-4801-9706-b9429936a38c + DEFINE MM_STANDALONE_STD_ACCEL_GUID = 9ef13bfa-912e-4589-8d6a-3eccf1156b5e + DEFINE MM_STANDALONE_FULL_ACCEL_GUID = 0a13116a-d6bf-4a4e-90dc-615c4c0a711d !if $(CRYPTO_SERVICES) == TARGET_UNIT_TESTS !include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc @@ -377,6 +382,7 @@ CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.inf CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.inf CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf + CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.inf # # Build verification of target-based unit tests # @@ -580,6 +586,59 @@ MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:4096 MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:4096 } + # + # CryptoStandaloneMm with OpensslLib instance with no SSL or EC services + # + CryptoPkg/Driver/CryptoStandaloneMm.inf { + <Defines> + FILE_GUID = $(MM_STANDALONE_CRYPTO_GUID) + <LibraryClasses> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + } + # + # CryptoStandaloneMm with OpensslLib instance with no SSL services + # + CryptoPkg/Driver/CryptoStandaloneMm.inf { + <Defines> + FILE_GUID = $(MM_STANDALONE_STD_GUID) + <LibraryClasses> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + } + # + # CryptoStandaloneMm with OpensslLib instance with no all services + # + CryptoPkg/Driver/CryptoStandaloneMm.inf { + <Defines> + FILE_GUID = $(MM_STANDALONE_FULL_GUID) + <LibraryClasses> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf + } + # + # CryptoStandaloneMm with IA32/X64/AARCH64 performance optimized OpensslLib instance with no EC services + # IA32/X64 assembly optimizations required larger alignments + # + CryptoPkg/Driver/CryptoStandaloneMm.inf { + <Defines> + FILE_GUID = $(MM_STANDALONE_STD_ACCEL_GUID) + <LibraryClasses> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf + <BuildOptions> + MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:64 + MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:256 + } + # + # CryptoStandaloneMm with IA32/X64/AARCH64 performance optimized OpensslLib instance with all services + # IA32/X64 assembly optimizations required larger alignments + # + CryptoPkg/Driver/CryptoStandaloneMm.inf { + <Defines> + FILE_GUID = $(MM_STANDALONE_FULL_ACCEL_GUID) + <LibraryClasses> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf + <BuildOptions> + MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:4096 + MSFT:*_*_X64_DLINK_FLAGS = /ALIGN:4096 + } !endif [BuildOptions] diff --git a/CryptoPkg/Driver/CryptoStandaloneMm.c b/CryptoPkg/Driver/CryptoStandaloneMm.c new file mode 100644 index 0000000000..1f0ad88061 --- /dev/null +++ b/CryptoPkg/Driver/CryptoStandaloneMm.c @@ -0,0 +1,41 @@ +/** @file + Installs the EDK II Crypto SMM Protocol in Standalone MM. + + Copyright (C) Microsoft Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiMm.h> +#include <Library/MmServicesTableLib.h> +#include <Protocol/SmmCrypto.h> + +extern CONST EDKII_CRYPTO_PROTOCOL mEdkiiCrypto; + +/** + The module Entry Point of the Crypto Standalone MM Driver. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +CryptoStandaloneMmEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *MmSystemTable + ) +{ + EFI_HANDLE Handle; + + Handle = NULL; + return gMmst->MmInstallProtocolInterface ( + &Handle, + &gEdkiiSmmCryptoProtocolGuid, + EFI_NATIVE_INTERFACE, + (EDKII_CRYPTO_PROTOCOL *)&mEdkiiCrypto + ); +} diff --git a/CryptoPkg/Driver/CryptoStandaloneMm.inf b/CryptoPkg/Driver/CryptoStandaloneMm.inf new file mode 100644 index 0000000000..fc5c832304 --- /dev/null +++ b/CryptoPkg/Driver/CryptoStandaloneMm.inf @@ -0,0 +1,48 @@ +## @file +# Produces the EDK II SMM Crypto Protocol using the library services from +# BaseCryptLib and TlsLib for Standalone MM. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x0001001B + PI_SPECIFICATION_VERSION = 0x00010032 + BASE_NAME = CryptoStandaloneMm + MODULE_UNI_FILE = Crypto.uni + FILE_GUID = B7946FEA-15EF-43F4-9FF6-0F71E032ECF5 + MODULE_TYPE = MM_STANDALONE + VERSION_STRING = 1.0 + ENTRY_POINT = CryptoStandaloneMmEntry + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Crypto.c + CryptoStandaloneMm.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseCryptLib + DebugLib + MmServicesTableLib + StandaloneMmDriverEntryPoint + TlsLib + +[Protocols] + gEdkiiSmmCryptoProtocolGuid ## PRODUCES + +[Pcd] + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable ## CONSUMES + +[Depex] + TRUE diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c new file mode 100644 index 0000000000..618d1c5646 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c @@ -0,0 +1,79 @@ +/** @file + Implements the GetCryptoServices() API that retuns a pointer to the EDK II + SMM Crypto Protocol. + + Copyright (C) Microsoft Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiMm.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/MmServicesTableLib.h> +#include <Protocol/SmmCrypto.h> + +EDKII_SMM_CRYPTO_PROTOCOL *mSmmCryptoProtocol = NULL; + +/** + Internal worker function that returns the pointer to an EDK II Crypto + Protocol/PPI. The layout of the PPI, DXE Protocol, and SMM Protocol are + identical which allows the implementation of the BaseCryptLib functions that + call through a Protocol/PPI to be shared for the PEI, DXE, and SMM + implementations. + + This SMM implementation returns the pointer to the EDK II SMM Crypto Protocol + that was found in the library constructor SmmCryptLibConstructor(). +**/ +VOID * +GetCryptoServices ( + VOID + ) +{ + return (VOID *)mSmmCryptoProtocol; +} + +/** + Constructor looks up the EDK II SMM Crypto Protocol and verifies that it is + not NULL and has a high enough version value to support all the BaseCryptLib + functions. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param MmSystemTable A pointer to the MM System Table. + + @retval EFI_SUCCESS The EDK II SMM Crypto Protocol was found. + @retval EFI_NOT_FOUND The EDK II SMM Crypto Protocol was not found. +**/ +EFI_STATUS +EFIAPI +StandaloneMmCryptLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *MmSystemTable + ) +{ + EFI_STATUS Status; + UINTN Version; + + Status = gMmst->MmLocateProtocol ( + &gEdkiiSmmCryptoProtocolGuid, + NULL, + (VOID **)&mSmmCryptoProtocol + ); + if (EFI_ERROR (Status) || (mSmmCryptoProtocol == NULL)) { + DEBUG ((DEBUG_ERROR, "[StandaloneMmCryptLib] Failed to locate Crypto SMM Protocol. Status = %r\n", Status)); + ASSERT_EFI_ERROR (Status); + ASSERT (mSmmCryptoProtocol != NULL); + mSmmCryptoProtocol = NULL; + return EFI_NOT_FOUND; + } + + Version = mSmmCryptoProtocol->GetVersion (); + if (Version < EDKII_CRYPTO_VERSION) { + DEBUG ((DEBUG_ERROR, "[StandaloneMmCryptLib] Crypto SMM Protocol unsupported version %d\n", Version)); + ASSERT (Version >= EDKII_CRYPTO_VERSION); + mSmmCryptoProtocol = NULL; + return EFI_NOT_FOUND; + } + + return EFI_SUCCESS; +} \ No newline at end of file diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.inf b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.inf new file mode 100644 index 0000000000..5e95a03716 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.inf @@ -0,0 +1,45 @@ +## @file +# Implements the BaseCryptLib and TlsLib using the services of the EDK II Crypto +# SMM Protocol for Stdandalone MM. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x0001001B + BASE_NAME = StandaloneMmCryptLib + MODULE_UNI_FILE = CryptLib.uni + FILE_GUID = FA7EB4FD-7B3B-4FE4-BA95-1CE47CD0BE3E + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + MODULE_TYPE = MM_STANDALONE + LIBRARY_CLASS = BaseCryptLib | MM_STANDALONE + LIBRARY_CLASS = TlsLib | MM_STANDALONE + CONSTRUCTOR = StandaloneMmCryptLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + MmServicesTableLib + +[Sources] + StandaloneMmCryptLib.c + CryptLib.c + +[Protocols] + gEdkiiSmmCryptoProtocolGuid ## CONSUMES + +[Depex] + gEdkiiSmmCryptoProtocolGuid -- 2.46.2.windows.1 -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120669): https://edk2.groups.io/g/devel/message/120669 Mute This Topic: https://groups.io/mt/109174503/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-