arm-bsp/secure-partitions: add check for null attribute field

UEFI spec says that if 0 is passed in the attributes filed in
setVariable() API, it means that it's a delete variable call.
Currently smm gateway doesn't handle this case. This change
is to add above mentioned check.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Id3a54601d403102da5c5617d7b4da8ec51029200
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0032-smm_gateway-add-checks-for-null-attributes.patch

@@ -0,0 +1,79 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From c88937f3fb2d1259b1abb1a6926e869bf2f5d69e Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 24 Dec 2021 19:17:17 +0000
+Subject: [PATCH] smm_gateway: add checks for null attributes
+
+As par EDK-2 and EDK-2 test code, when a user issue's
+setVariable() with 0 in attributes field, it means a variable
+delete request. Currently, smm gatway doesn't handle this scenario.
+This change is to add that support
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
+index a57b334..e8771c2 100644
+--- a/components/service/smm_variable/backend/uefi_variable_store.c
++++ b/components/service/smm_variable/backend/uefi_variable_store.c
+@@ -167,7 +167,9 @@ efi_status_t uefi_variable_store_set_variable(
+ 	* EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
+ 	* The caller is responsible for following this rule.
+ 	*/
+-	if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
++	if (!var->Attributes)
++		EMSG("It might be a delete variable request\n");
++	else if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
+ 	{
+ 			if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS )
+ 			return EFI_INVALID_PARAMETER;
+@@ -191,7 +193,7 @@ efi_status_t uefi_variable_store_set_variable(
+ 				(var->Attributes & EFI_VARIABLE_NON_VOLATILE) ||
+ 				(info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE));
+ 
+-			if (var->DataSize) {
++			if (var->DataSize && var->Attributes) {
+ 
+ 				/* It's a set rather than a remove operation */
+ 				variable_index_update_variable(
+@@ -206,7 +208,9 @@ efi_status_t uefi_variable_store_set_variable(
+ 				 * that it's never possible for an object to exist within
+ 				 * the storage backend without a corresponding index entry.
+ 				 */
+-				remove_variable_data(context, info);
++				EMSG("  deleting variable %s \n",var->Name);
++				if (remove_variable_data(context, info) != PSA_SUCCESS)
++					EMSG("  deleting variable %s FAILED\n",var->Name);
+ 				variable_index_remove_variable(&context->variable_index, info);
+ 
+ 				/* Variable info no longer valid */
+@@ -587,14 +591,18 @@ static efi_status_t check_access_permitted_on_set(
+ 	}
+ 
+ 	if ((status == EFI_SUCCESS) && var->DataSize) {
+-
++		/* Delete the variable with Attributes is 0 */
++		if (!var->Attributes) {
++			EMSG("Null attributes, may be a delete variable request\n");
++			status = EFI_SUCCESS;
++		}
+ 		/* Restrict which attributes can be modified for an existing variable */
+-        if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
+-            (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
+-            ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
+-            (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
+-            ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
+-            (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
++		else if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
++			(info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
++			((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
++			(info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
++			((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
++			(info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
+ 			/* Don't permit change of attributes */
+ 			status = EFI_INVALID_PARAMETER;
+ 		}
+-- 
+2.17.1
+

meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc

@@ -42,6 +42,7 @@ SRC_URI:append = " \
                   file://0029-Change-UID-of-variable-index-in-SMM.patch \
                   file://0030-Add-missing-features-to-setVariable.patch \
                   file://0031-Add-invalid-parameter-check-in-getNextVariableName.patch \
+                  file://0032-smm_gateway-add-checks-for-null-attributes.patch \
                   "
 
 SRC_URI_MBED = "git://github.com/ARMmbed/mbed-crypto.git;protocol=https;branch=development;name=mbed;destsuffix=git/mbedcrypto"