UEFI : SMM Kernel Code 重點整理: (一) Protocols

● 首先定義SMM driver和一般DXE driver:

DXE drivers

  regular DXE phase drivers that loads into system memory by DXE core driver.

SMM drivers  

  SMM Drivers are launched once, directly into SMRAM during SMM phase initialization.

SMM/DXE combined drivers

  Combination of drivers that loaded twice: as DXE driver and as SMM driver.

● 簡單介紹SMM Driver在做什麼

The system architecture of the SMM driver is broken into the following pieces:

• SMM Base Protocol
• SMM Access Protocol
• SMM Control Protocol

The SMM Base Protocol will be published by the SMM IPL driver and is responsible for the following:

• Opening SMRAM
• Creating the SMRAM heap
• Registering the handlers

●  UEFI Spec定義SMM Services可分成兩種類別的Protocol, 分別是SMM Protocol/ UEFI Protocol，分別介紹如下:

SMM Protocol

EFI_SMM_STATUS_CODE_PROTOCOL

  Reports SMM code errors to other   UEFI PI components.

EFI_SMM_CPU_PROTOCOL

  Provides access to CPU-related information while in SMM.

EFI_SMM_CPU_IO2_PROTOCOL

  Provides CPU I/O and memory access within SMM

EFI_SMM_PCI_ROOT_BRIDGE_IO_PROTOCOL

  Provides access to PCI I/O, memory and configuration space inside of SMM.

EFI_SMM_READY_TO_LOCK_SMM_PROTOCOL

  Indicates that SMM is about to be locked.(published by the SMM Foundation)

EFI_SMM_END_OF_DXE_PROTOCOL

  Indicates that SMM is about to be locked.(published by the PI platform code)

UEFI Protocol

EFI_SMM_BASE2_PROTOCOL

  Used to locate the System Management Services Table (SMST) during SMM driver initialization.

EFI_SMM_ACCESS2_PROTOCOL

  Describes the different SMRAM regions   available in the system.

EFI_SMM_CONTROL2_PROTOCOL

  Used to initiate synchronous SMI activations

EFI_SMM_CONFIGURATION_PROTOCOL

  Mandatory protocol published by a DXE CPU driver to indicate which areas within SMRAM are reserved for use by the CPU for any purpose, such as stack, save state or SMM entry point.

EFI_DXE_READY_TO_LOCK_SMM_PROTOCOL

  mandatory protocol published by a DXE driver to indicate that SMM is about to be locked. Registration notify of this protocol is usually invoking theEFI_SMM_ACCESS2_PROTOCOL.Lock() function to lock SMRAM.

EFI_SMM_COMMUNICATION_PROTOCOL

  provides a means of communicating between drivers outside of SMM and SMI handlers inside of SMM.

● 介紹EFI_SMM_BASE2_PROTOCOL產出的SMST

SMST:

The SMST is a set of capabilities exported for use by all drivers that are loaded into System management RAM (SMRAM).

The SMST is similar to the UEFI System Table. It is a fixed set of services and data that are designed to provide basic services for SMM drivers.  

類似於以下我們常用的Table:

extern EFI_BOOT_SERVICES          *gBS;

extern EFI_SYSTEM_TABLE            *gST;

extern EFI_RUNTIME_SERVICES    *gRT;

The SMST is provided by the SMM IPL driver, which also manages the following:

• Dispatch of drivers in SMM
• Allocations of SMRAM
• Installation/discovery of SMM protocols
• 提供 IO service (EFI_SMM_CPU_IO2_PROTOCOL是SMST的成員之一)

● SMST結構成員的細部介紹

EFI_SMM_SYSTEM_TABLE2:

Summary

The System Management System Table (SMST) is a table that contains a collection of common

services for managing SMRAM allocation and providing basic I/O services. These services are

intended for both preboot and runtime usage.

The EFI_SMM_SYSTEM_TABLE2 provides support for SMRAM allocation. The functions have the same function prototypes as UEFI Boot Services, but are only effective in allocating and freeing SMRAM.

以下介紹比較重要的SMST結構成員

SmmAllocatePages()

SmmFreePages()

SmmAllocatePool()

SmmFreePool()

以下幾個函數必須在 EFI_SMM_READY_TO_LOCK_PROTOCOL notification 被Install後才能用

SmmInstallProtocolInterface()

  Installs a SMM protocol interface on a device handle. If the handle does not exist, it is created and added to the list of handles in the system.

SmmUninstallProtocolInterface()

SmmLocateHandle() 

  Returns an array of handles that support a specified protocol.

SmmHandleProtocol()

  Queries a handle to determine if it supports a specified SMM protocol.

SmmLocateProtocol()

  Returns the first SMM protocol instance that matches the given protocol.

以下幾個函數滿重要的，可以用來註冊Protocol或者handle

SmmRegisterProtocolNotify()

  Register a callback function be called when a particular protocol interface is installed.

SmiHandlerRegister()

  Registers a handler to execute within SMM.

下面這個在SMM裡可以用它來產生特定的Smi

SmiManage()

  This function will call the registered handler functions which match the specified interrupt type.

Reference:

1. VOLUME 4: Platform Initialization Specification, System Management Mode, Core Interface Version 1.3
2. http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html