1 /* 2 * TPM handling. 3 * 4 * Copyright (C) 2016 CoreOS, Inc 5 * Copyright (C) 2017 Google, Inc. 6 * Matthew Garrett <mjg59@google.com> 7 * 8 * This file is part of the Linux kernel, and is made available under the 9 * terms of the GNU General Public License version 2. 10 */ 11 #include <linux/efi.h> 12 #include <asm/efi.h> 13 14 #include "efistub.h" 15 16 static const efi_char16_t efi_MemoryOverWriteRequest_name[] = { 17 'M', 'e', 'm', 'o', 'r', 'y', 'O', 'v', 'e', 'r', 'w', 'r', 'i', 't', 18 'e', 'R', 'e', 'q', 'u', 'e', 's', 't', 'C', 'o', 'n', 't', 'r', 'o', 19 'l', 0 20 }; 21 22 #define MEMORY_ONLY_RESET_CONTROL_GUID \ 23 EFI_GUID(0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29) 24 25 #define get_efi_var(name, vendor, ...) \ 26 efi_call_runtime(get_variable, \ 27 (efi_char16_t *)(name), (efi_guid_t *)(vendor), \ 28 __VA_ARGS__) 29 30 #define set_efi_var(name, vendor, ...) \ 31 efi_call_runtime(set_variable, \ 32 (efi_char16_t *)(name), (efi_guid_t *)(vendor), \ 33 __VA_ARGS__) 34 35 /* 36 * Enable reboot attack mitigation. This requests that the firmware clear the 37 * RAM on next reboot before proceeding with boot, ensuring that any secrets 38 * are cleared. If userland has ensured that all secrets have been removed 39 * from RAM before reboot it can simply reset this variable. 40 */ 41 void efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) 42 { 43 u8 val = 1; 44 efi_guid_t var_guid = MEMORY_ONLY_RESET_CONTROL_GUID; 45 efi_status_t status; 46 unsigned long datasize = 0; 47 48 status = get_efi_var(efi_MemoryOverWriteRequest_name, &var_guid, 49 NULL, &datasize, NULL); 50 51 if (status == EFI_NOT_FOUND) 52 return; 53 54 set_efi_var(efi_MemoryOverWriteRequest_name, &var_guid, 55 EFI_VARIABLE_NON_VOLATILE | 56 EFI_VARIABLE_BOOTSERVICE_ACCESS | 57 EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), &val); 58 } 59