[PATCH 5/5] UefiCpuPkg: Uninstall EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe.


Zhiguang Liu
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2317
To avoid leaking information from SMM, uninstall
EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 37 ++++++++++++++++++++++++=
+++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 1 +
2 files changed, 38 insertions(+)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmC=
puDxeSmm/PiSmmCpuDxeSmm.c
index db68e1316e..a1b209e125 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -520,6 +520,33 @@ SmmReadyToLockEventNotify (
return EFI_SUCCESS;=0D
}=0D
=0D
+/**=0D
+ SMM End of Dxe event notification handler.=0D
+=0D
+ To avoid leaking information from SMM, uninstall EFI_SMM_CONFIGURATION_P=
ROTOCOL=0D
+ at end of Dxe.=0D
+=0D
+ @param[in] Protocol Points to the protocol's unique identifier.=0D
+ @param[in] Interface Points to the interface instance.=0D
+ @param[in] Handle The handle on which the interface was installed.=0D
+=0D
+ @retval EFI_SUCCESS Notification handler runs successfully.=0D
+ **/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+SmmEndOfDxeNotify (=0D
+ IN CONST EFI_GUID *Protocol,=0D
+ IN VOID *Interface,=0D
+ IN EFI_HANDLE Handle=0D
+ )=0D
+{=0D
+ gBS->UninstallProtocolInterface (=0D
+ gSmmCpuPrivate->SmmCpuHandle,=0D
+ &gEfiSmmConfigurationProtocolGuid, &gSmmCpuPrivate->SmmConfigurat=
ion=0D
+ );=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
/**=0D
The module Entry Point of the CPU SMM driver.=0D
=0D
@@ -1038,6 +1065,16 @@ PiCpuSmmEntry (
);=0D
ASSERT_EFI_ERROR (Status);=0D
=0D
+ //=0D
+ // register SMM End of Dxe notification=0D
+ //=0D
+ Status =3D gSmst->SmmRegisterProtocolNotify (=0D
+ &gEfiSmmEndOfDxeProtocolGuid,=0D
+ SmmEndOfDxeNotify,=0D
+ &Registration=0D
+ );=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
//=0D
// Initialize SMM Profile feature=0D
//=0D
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSm=
mCpuDxeSmm/PiSmmCpuDxeSmm.inf
index 76b1462996..bb994814d6 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -105,6 +105,7 @@
gEfiSmmConfigurationProtocolGuid ## PRODUCES=0D
gEfiSmmCpuProtocolGuid ## PRODUCES=0D
gEfiSmmReadyToLockProtocolGuid ## NOTIFY=0D
+ gEfiSmmEndOfDxeProtocolGuid ## NOTIFY=0D
gEfiSmmCpuServiceProtocolGuid ## PRODUCES=0D
gEdkiiSmmMemoryAttributeProtocolGuid ## PRODUCES=0D
gEfiMmMpProtocolGuid ## PRODUCES=0D
--=20
2.25.1.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.