From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by mx.groups.io with SMTP id smtpd.web08.2556.1623897313340536502 for ; Wed, 16 Jun 2021 19:35:14 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Thu, 17 Jun 2021 10:34:25 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: , Cc: , , , , , , , , , , , , , , , , , , , , , , , , , References: <20210614094308.2314345-1-gjb@semihalf.com> <20210614094308.2314345-11-gjb@semihalf.com> In-Reply-To: <20210614094308.2314345-11-gjb@semihalf.com> Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIHYzIDgvOF0gTWRlTW9kdWxlUGtnOiBVc2UgU2VjdXJlQm9vdFZhcmlhYmxlTGliIGluIFBsYXRmb3JtVmFyQ2xlYW51cExpYi4=?= Date: Thu, 17 Jun 2021 10:34:26 +0800 Message-ID: <005b01d76321$4a8500a0$df8f01e0$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGhAWdDF/qguxZPXxAYrr7lIQI4RAGKxcgbq3flsDA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn Grzegorz: MdeModulePkg is generic base package. It should not depend on SecurityPk= g. I agree CreateTimeBasedPayload() is the generic API. It can be shared in the different modules.=20 I propose to add it into MdeModulePkg AuthVariableLib. Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: devel@edk2.groups.io =B4=FA= =B1=ED Grzegorz > Bernacki > =B7=A2=CB=CD=CA=B1=BC=E4: 2021=C4=EA6=D4=C214=C8=D5 17:43 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: leif@nuviainc.com; ardb+tianocore@kernel.org; > Samer.El-Haj-Mahmoud@arm.com; sunny.Wang@arm.com; > mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com; > jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com; > sami.mujawar@arm.com; afish@apple.com; ray.ni@intel.com; > jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org; > thomas.abraham@arm.com; chasel.chiu@intel.com; > nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; > eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; > yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; > Grzegorz Bernacki > =D6=F7=CC=E2: [edk2-devel] [PATCH v3 8/8] MdeModulePkg: Use > SecureBootVariableLib in PlatformVarCleanupLib. >=20 > This commits removes CreateTimeBasedPayload() function from > PlatformVarCleanupLib and uses exactly the same function from > SecureBootVariableLib. >=20 > Signed-off-by: Grzegorz Bernacki > --- > MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf | > 2 + > MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h > | 1 + > MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c > | 84 -------------------- > 3 files changed, 3 insertions(+), 84 deletions(-) >=20 > diff --git > a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf > b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf > index 8d5db826a0..493d03e1d8 100644 > --- > a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf > +++ > b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf > @@ -34,6 +34,7 @@ > [Packages] > MdePkg/MdePkg.dec > MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec >=20 > [LibraryClasses] > UefiBootServicesTableLib > @@ -44,6 +45,7 @@ > PrintLib > MemoryAllocationLib > HiiLib > + SecureBootVariableLib >=20 > [Guids] > gEfiIfrTianoGuid ## SOMETIMES_PRODUCES ## > GUID > diff --git a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h > b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h > index c809a7086b..94fbc7d2a4 100644 > --- a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h > +++ b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h > @@ -18,6 +18,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include >=20 > #include > #include > diff --git > a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c > b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c > index 3875d614bb..204f1e00ad 100644 > --- a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c > +++ b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c > @@ -319,90 +319,6 @@ DestroyUserVariableNode ( > } > } >=20 > -/** > - Create a time based data payload by concatenating the > EFI_VARIABLE_AUTHENTICATION_2 > - descriptor with the input data. NO authentication is required in this > function. > - > - @param[in, out] DataSize On input, the size of Data buffer i= n > bytes. > - On output, the size of data > returned in Data > - buffer in bytes. > - @param[in, out] Data On input, Pointer to data buffer to > be wrapped or > - pointer to NULL to wrap an > empty payload. > - On output, Pointer to the new > payload date buffer allocated from pool, > - it's caller's responsibility to fre= e > the memory after using it. > - > - @retval EFI_SUCCESS Create time based payload > successfully. > - @retval EFI_OUT_OF_RESOURCES There are not enough memory > resourses to create time based payload. > - @retval EFI_INVALID_PARAMETER The parameter is invalid. > - @retval Others Unexpected error happens. > - > -**/ > -EFI_STATUS > -CreateTimeBasedPayload ( > - IN OUT UINTN *DataSize, > - IN OUT UINT8 **Data > - ) > -{ > - EFI_STATUS Status; > - UINT8 *NewData; > - UINT8 *Payload; > - UINTN PayloadSize; > - EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; > - UINTN DescriptorSize; > - EFI_TIME Time; > - > - if (Data =3D=3D NULL || DataSize =3D=3D NULL) { > - return EFI_INVALID_PARAMETER; > - } > - > - // > - // At user physical presence, the variable does not need to be signed but > the > - // parameters to the SetVariable() call still need to be prepared as > authenticated > - // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor > without certificate > - // data in it. > - // > - Payload =3D *Data; > - PayloadSize =3D *DataSize; > - > - DescriptorSize =3D OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, > AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); > - NewData =3D (UINT8 *) AllocateZeroPool (DescriptorSize + PayloadSize)= ; > - if (NewData =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - if ((Payload !=3D NULL) && (PayloadSize !=3D 0)) { > - CopyMem (NewData + DescriptorSize, Payload, PayloadSize); > - } > - > - DescriptorData =3D (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); > - > - ZeroMem (&Time, sizeof (EFI_TIME)); > - Status =3D gRT->GetTime (&Time, NULL); > - if (EFI_ERROR (Status)) { > - FreePool (NewData); > - return Status; > - } > - Time.Pad1 =3D 0; > - Time.Nanosecond =3D 0; > - Time.TimeZone =3D 0; > - Time.Daylight =3D 0; > - Time.Pad2 =3D 0; > - CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); > - > - DescriptorData->AuthInfo.Hdr.dwLength =3D OFFSET_OF > (WIN_CERTIFICATE_UEFI_GUID, CertData); > - DescriptorData->AuthInfo.Hdr.wRevision =3D 0x0200; > - DescriptorData->AuthInfo.Hdr.wCertificateType =3D > WIN_CERT_TYPE_EFI_GUID; > - CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid); > - > - if (Payload !=3D NULL) { > - FreePool (Payload); > - } > - > - *DataSize =3D DescriptorSize + PayloadSize; > - *Data =3D NewData; > - return EFI_SUCCESS; > -} > - > /** > Create a counter based data payload by concatenating the > EFI_VARIABLE_AUTHENTICATION > descriptor with the input data. NO authentication is required in this > function. > -- > 2.25.1 >=20 >=20 >=20 >=20 >=20