* [PATCH v9 00/13] Add the VariablePolicy feature
@ 2020-11-09 6:45 Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 01/13] MdeModulePkg: Define the VariablePolicy protocol interface Bret Barkelew
` (14 more replies)
0 siblings, 15 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel
Cc: Jiewen Yao, Dandan Bi, Chao Zhang, Jian J Wang, Hao A Wu,
Liming Gao, Jordan Justen, Laszlo Ersek, Ard Biesheuvel,
Andrew Fish, Ray Ni, Bret Barkelew
The 14 patches in this series add the VariablePolicy feature to the core,
deprecate Edk2VarLock (while adding a compatibility layer to reduce code
churn), and integrate the VariablePolicy libraries and protocols into
Variable Services.
Since the integration requires multiple changes, including adding libraries,
a protocol, an SMI communication handler, and VariableServices integration,
the patches are broken up by individual library additions and then a final
integration. Security-sensitive changes like bypassing Authenticated
Variable enforcement are also broken out into individual patches so that
attention can be called directly to them.
Platform porting instructions are described in this wiki entry:
https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
Discussion of the feature can be found in multiple places throughout
the last year on the RFC channel, staging branches, and in devel.
Most recently, this subject was discussed in this thread:
https://edk2.groups.io/g/devel/message/53712
(the code branches shared in that discussion are now out of date, but the
whitepapers and discussion are relevant).
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
v9 changes:
* Rebase
* Address the event ordering issues around MorLock at EndOfDxe
* Drop problematic tests
* Address ECC issues
v8 changes:
* Rebase
* Small tweaks from final PRs
* Drank a lot
* Enrolled several members and a steward in CatFacts
v7 changes:
* Address comments from Dandan about security of the MM handler
* Add readme
* Fix bug around hex characters in BOOT####, etc
* Add additional testing for hex characters
* Add additional testing for authenticated variables
v6 changes:
* Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
* Fix GCC building in shell-based functional test
* Rebase on latest origin/master
v5 changes:
* Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
* Fix EFIAPI mismatches in the functional unittest
* Rebase on latest origin/master
v4 changes:
* Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
* Rebase on master
* Migrate to new MmCommunicate2 protocol
* Fix an oversight in the default return value for InitMmCommonCommBuffer
* Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
V3 changes:
* Address all non-unittest issues with ECC
* Make additional style changes
* Include section name in hunk headers in "ini-style" files
* Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
(now allocates its own buffer)
* Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
* Fix GCC warning about initializing externs
* Add UNI strings for new PCD
* Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
* Reorder patches according to Liming's feedback about adding to platforms
before changing variable driver
V2 changes:
* Fixed implementation for RuntimeDxe
* Add PCD to block DisableVariablePolicy
* Fix the DumpVariablePolicy pagination in SMM
Bret Barkelew (13):
MdeModulePkg: Define the VariablePolicy protocol interface
MdeModulePkg: Define the VariablePolicyLib
MdeModulePkg: Define the VariablePolicyHelperLib
MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
MdeModulePkg: Connect VariablePolicy business logic to
VariableServices
MdeModulePkg: Allow VariablePolicy state to delete protected variables
SecurityPkg: Allow VariablePolicy state to delete authenticated
variables
MdeModulePkg: Change TCG MOR variables to use VariablePolicy
MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
ArmVirtPkg/ArmVirt.dsc.inc | 4 +
EmulatorPkg/EmulatorPkg.dsc | 3 +
MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
MdeModulePkg/MdeModulePkg.dec | 26 +-
MdeModulePkg/MdeModulePkg.dsc | 9 +
MdeModulePkg/MdeModulePkg.uni | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
OvmfPkg/OvmfPkgX64.dsc | 5 +
OvmfPkg/OvmfXen.dsc | 4 +
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
43 files changed, 3845 insertions(+), 80 deletions(-)
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
--
2.28.0.windows.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [PATCH v9 01/13] MdeModulePkg: Define the VariablePolicy protocol interface
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 02/13] MdeModulePkg: Define the VariablePolicyLib Bret Barkelew
` (13 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.
Add the VariablePolicy protocol interface
header and add to the MdeModulePkg.dec file.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++++++++++++++++++
MdeModulePkg/MdeModulePkg.dec | 14 +-
MdeModulePkg/MdeModulePkg.uni | 7 +
3 files changed, 177 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Include/Protocol/VariablePolicy.h b/MdeModulePkg/Include/Protocol/VariablePolicy.h
new file mode 100644
index 000000000000..8226c187a77b
--- /dev/null
+++ b/MdeModulePkg/Include/Protocol/VariablePolicy.h
@@ -0,0 +1,157 @@
+/** @file -- VariablePolicy.h
+
+This protocol allows communication with Variable Policy Engine.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef __EDKII_VARIABLE_POLICY_PROTOCOL__
+#define __EDKII_VARIABLE_POLICY_PROTOCOL__
+
+#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION 0x0000000000010000
+
+#define EDKII_VARIABLE_POLICY_PROTOCOL_GUID \
+ { \
+ 0x81D1675C, 0x86F6, 0x48DF, { 0xBD, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25, 0xC3 } \
+ }
+
+#define VARIABLE_POLICY_ENTRY_REVISION 0x00010000
+
+#pragma pack(push, 1)
+typedef struct {
+ UINT32 Version;
+ UINT16 Size;
+ UINT16 OffsetToName;
+ EFI_GUID Namespace;
+ UINT32 MinSize;
+ UINT32 MaxSize;
+ UINT32 AttributesMustHave;
+ UINT32 AttributesCantHave;
+ UINT8 LockPolicyType;
+ UINT8 Padding[3];
+ // UINT8 LockPolicy[]; // Variable Length Field
+ // CHAR16 Name[] // Variable Length Field
+} VARIABLE_POLICY_ENTRY;
+
+#define VARIABLE_POLICY_NO_MIN_SIZE 0
+#define VARIABLE_POLICY_NO_MAX_SIZE MAX_UINT32
+#define VARIABLE_POLICY_NO_MUST_ATTR 0
+#define VARIABLE_POLICY_NO_CANT_ATTR 0
+
+#define VARIABLE_POLICY_TYPE_NO_LOCK 0
+#define VARIABLE_POLICY_TYPE_LOCK_NOW 1
+#define VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2
+#define VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3
+
+typedef struct {
+ EFI_GUID Namespace;
+ UINT8 Value;
+ UINT8 Padding;
+ // CHAR16 Name[]; // Variable Length Field
+} VARIABLE_LOCK_ON_VAR_STATE_POLICY;
+#pragma pack(pop)
+
+/**
+ This API function disables the variable policy enforcement. If it's
+ already been called once, will return EFI_ALREADY_STARTED.
+
+ @retval EFI_SUCCESS
+ @retval EFI_ALREADY_STARTED Has already been called once this boot.
+ @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.
+ @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *DISABLE_VARIABLE_POLICY)(
+ VOID
+ );
+
+/**
+ This API function returns whether or not the policy engine is
+ currently being enforced.
+
+ @param[out] State Pointer to a return value for whether the policy enforcement
+ is currently enabled.
+
+ @retval EFI_SUCCESS
+ @retval Others An error has prevented this command from completing.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *IS_VARIABLE_POLICY_ENABLED)(
+ OUT BOOLEAN *State
+ );
+
+/**
+ This API function validates and registers a new policy with
+ the policy enforcement engine.
+
+ @param[in] NewPolicy Pointer to the incoming policy structure.
+
+ @retval EFI_SUCCESS
+ @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.
+ @retval EFI_ALREADY_STARTED An identical matching policy already exists.
+ @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.
+ @retval EFI_ABORTED A calculation error has prevented this function from completing.
+ @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *REGISTER_VARIABLE_POLICY)(
+ IN CONST VARIABLE_POLICY_ENTRY *PolicyEntry
+ );
+
+/**
+ This API function will dump the entire contents of the variable policy table.
+
+ Similar to GetVariable, the first call can be made with a 0 size and it will return
+ the size of the buffer required to hold the entire table.
+
+ @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.
+ @param[in,out] Size On input, the size of the output buffer. On output, the size
+ of the data returned.
+
+ @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.
+ @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *DUMP_VARIABLE_POLICY)(
+ IN OUT UINT8 *Policy,
+ IN OUT UINT32 *Size
+ );
+
+/**
+ This API function locks the interface so that no more policy updates
+ can be performed or changes made to the enforcement until the next boot.
+
+ @retval EFI_SUCCESS
+ @retval Others An error has prevented this command from completing.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *LOCK_VARIABLE_POLICY)(
+ VOID
+ );
+
+typedef struct {
+ UINT64 Revision;
+ DISABLE_VARIABLE_POLICY DisableVariablePolicy;
+ IS_VARIABLE_POLICY_ENABLED IsVariablePolicyEnabled;
+ REGISTER_VARIABLE_POLICY RegisterVariablePolicy;
+ DUMP_VARIABLE_POLICY DumpVariablePolicy;
+ LOCK_VARIABLE_POLICY LockVariablePolicy;
+} _EDKII_VARIABLE_POLICY_PROTOCOL;
+
+typedef _EDKII_VARIABLE_POLICY_PROTOCOL EDKII_VARIABLE_POLICY_PROTOCOL;
+
+extern EFI_GUID gEdkiiVariablePolicyProtocolGuid;
+
+#endif
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index cb30a7975849..82aecc40d9a9 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -8,7 +8,7 @@
# Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>
# (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
-# Copyright (c) 2016, Microsoft Corporation<BR>
+# Copyright (c) Microsoft Corporation.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -627,6 +627,9 @@ [Protocols]
# 0x80000006 | Incorrect error code provided.
#
+ ## Include/Protocol/VariablePolicy.h
+ gEdkiiVariablePolicyProtocolGuid = { 0x81D1675C, 0x86F6, 0x48DF, { 0xBD, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25, 0xC3 } }
+
[PcdsFeatureFlag]
## Indicates if the platform can support update capsule across a system reset.<BR><BR>
# TRUE - Supports update capsule across a system reset.<BR>
@@ -1119,6 +1122,15 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
# @Prompt Variable storage size.
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x10000|UINT32|0x30000005
+ ## Toggle for whether the VariablePolicy engine should allow disabling.
+ # The engine is enabled at power-on, but the interface allows the platform to
+ # disable enforcement for servicing flexibility. If this PCD is disabled, it will block the ability to
+ # disable the enforcement and VariablePolicy enforcement will always be ON.
+ # TRUE - VariablePolicy can be disabled by request through the interface (until interface is locked)
+ # FALSE - VariablePolicy interface will not accept requests to disable and is ALWAYS ON
+ # @Prompt Allow VariablePolicy enforcement to be disabled.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|FALSE|BOOLEAN|0x30000020
+
## FFS filename to find the ACPI tables.
# @Prompt FFS name of ACPI tables storage.
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiTableStorageFile|{ 0x25, 0x4e, 0x37, 0x7e, 0x01, 0x8e, 0xee, 0x4f, 0x87, 0xf2, 0x39, 0xc, 0x23, 0xc6, 0x6, 0xcd }|VOID*|0x30000016
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index b8c867379a86..40884c57a460 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -129,6 +129,13 @@
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdVariableStoreSize_HELP #language en-US "The size of volatile buffer. This buffer is used to store VOLATILE attribute variables."
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAllowVariablePolicyEnforcementDisable_PROMPT #language en-US "Allow VariablePolicy enforcement to be disabled."
+
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAllowVariablePolicyEnforcementDisable_HELP #language en-US "If this PCD is disabled, it will block the ability to<BR>\n"
+ "disable the enforcement and VariablePolicy enforcement will always be ON.<BR>\n"
+ "TRUE - VariablePolicy can be disabled by request through the interface (until interface is locked)<BR>\n"
+ "FALSE - VariablePolicy interface will not accept requests to disable and is ALWAYS ON<BR>\n"
+
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiTableStorageFile_PROMPT #language en-US "FFS name of ACPI tables storage"
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiTableStorageFile_HELP #language en-US "FFS filename to find the ACPI tables."
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 02/13] MdeModulePkg: Define the VariablePolicyLib
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 01/13] MdeModulePkg: Define the VariablePolicy protocol interface Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 03/13] MdeModulePkg: Define the VariablePolicyHelperLib Bret Barkelew
` (12 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.
Add the VariablePolicyLib library that implements
the portable business logic for the VariablePolicy
engine.
Also add host-based CI test cases for the lib.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
| 46 ++
| 85 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
MdeModulePkg/MdeModulePkg.dec | 3 +
MdeModulePkg/MdeModulePkg.dsc | 5 +
11 files changed, 1696 insertions(+), 1 deletion(-)
--git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
new file mode 100644
index 000000000000..ad2ee0b2fb8f
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
@@ -0,0 +1,46 @@
+/** @file -- VariablePolicyExtraInitNull.c
+This file contains extra init and deinit routines that don't do anything
+extra.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+
+/**
+ An extra init hook that enables the RuntimeDxe library instance to
+ register VirtualAddress change callbacks. Among other things.
+
+ @retval EFI_SUCCESS Everything is good. Continue with init.
+ @retval Others Uh... don't continue.
+
+**/
+EFI_STATUS
+VariablePolicyExtraInit (
+ VOID
+ )
+{
+ // NULL implementation.
+ return EFI_SUCCESS;
+}
+
+
+/**
+ An extra deinit hook that enables the RuntimeDxe library instance to
+ register VirtualAddress change callbacks. Among other things.
+
+ @retval EFI_SUCCESS Everything is good. Continue with deinit.
+ @retval Others Uh... don't continue.
+
+**/
+EFI_STATUS
+VariablePolicyExtraDeinit (
+ VOID
+ )
+{
+ // NULL implementation.
+ return EFI_SUCCESS;
+}
--git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
new file mode 100644
index 000000000000..3ca87048b14b
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
@@ -0,0 +1,85 @@
+/** @file -- VariablePolicyExtraInitRuntimeDxe.c
+This file contains extra init and deinit routines that register and unregister
+VariableAddressChange callbacks.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+extern EFI_GET_VARIABLE mGetVariableHelper;
+extern UINT8 *mPolicyTable;
+STATIC BOOLEAN mIsVirtualAddrConverted;
+STATIC EFI_EVENT mVariablePolicyLibVirtualAddressChangeEvent = NULL;
+
+/**
+ For the RuntimeDxe version of this lib, convert internal pointer addresses to virtual addresses.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[in] Context The pointer to the notification function's context, which
+ is implementation-dependent.
+**/
+STATIC
+VOID
+EFIAPI
+VariablePolicyLibVirtualAddressCallback (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ gRT->ConvertPointer (0, (VOID **)&mPolicyTable);
+ gRT->ConvertPointer (0, (VOID **)&mGetVariableHelper);
+ mIsVirtualAddrConverted = TRUE;
+}
+
+
+/**
+ An extra init hook that enables the RuntimeDxe library instance to
+ register VirtualAddress change callbacks. Among other things.
+
+ @retval EFI_SUCCESS Everything is good. Continue with init.
+ @retval Others Uh... don't continue.
+
+**/
+EFI_STATUS
+VariablePolicyExtraInit (
+ VOID
+ )
+{
+ return gBS->CreateEventEx (EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ VariablePolicyLibVirtualAddressCallback,
+ NULL,
+ &gEfiEventVirtualAddressChangeGuid,
+ &mVariablePolicyLibVirtualAddressChangeEvent);
+}
+
+
+/**
+ An extra deinit hook that enables the RuntimeDxe library instance to
+ register VirtualAddress change callbacks. Among other things.
+
+ @retval EFI_SUCCESS Everything is good. Continue with deinit.
+ @retval Others Uh... don't continue.
+
+**/
+EFI_STATUS
+VariablePolicyExtraDeinit (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+ if (mIsVirtualAddrConverted) {
+ Status = gBS->CloseEvent (mVariablePolicyLibVirtualAddressChangeEvent);
+ }
+ else {
+ Status = EFI_SUCCESS;
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
new file mode 100644
index 000000000000..5029ddb96adb
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
@@ -0,0 +1,830 @@
+/** @file -- VariablePolicyLib.c
+Business logic for Variable Policy enforcement.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/SafeIntLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+
+
+// IMPORTANT NOTE: This library is currently rife with multiple return statements
+// for error handling. A refactor should remove these at some point.
+
+//
+// This library was designed with advanced unit-test features.
+// This define handles the configuration.
+#ifdef INTERNAL_UNIT_TEST
+#undef STATIC
+#define STATIC // Nothing...
+#endif
+
+// An abstracted GetVariable interface that enables configuration regardless of the environment.
+EFI_GET_VARIABLE mGetVariableHelper = NULL;
+
+// Master switch to lock this entire interface. Does not stop enforcement,
+// just prevents the configuration from being changed for the rest of the boot.
+STATIC BOOLEAN mInterfaceLocked = FALSE;
+
+// Master switch to disable the entire interface for a single boot.
+// This will disable all policy enforcement for the duration of the boot.
+STATIC BOOLEAN mProtectionDisabled = FALSE;
+
+// Table to hold all the current policies.
+UINT8 *mPolicyTable = NULL;
+STATIC UINT32 mCurrentTableSize = 0;
+STATIC UINT32 mCurrentTableUsage = 0;
+STATIC UINT32 mCurrentTableCount = 0;
+
+#define POLICY_TABLE_STEP_SIZE 0x1000
+
+// NOTE: DO NOT USE THESE MACROS on any structure that has not been validated.
+// Current table data has already been sanitized.
+#define GET_NEXT_POLICY(CurPolicy) (VARIABLE_POLICY_ENTRY*)((UINT8*)CurPolicy + CurPolicy->Size)
+#define GET_POLICY_NAME(CurPolicy) (CHAR16*)((UINTN)CurPolicy + CurPolicy->OffsetToName)
+
+#define MATCH_PRIORITY_EXACT 0
+#define MATCH_PRIORITY_MAX MATCH_PRIORITY_EXACT
+#define MATCH_PRIORITY_MIN MAX_UINT8
+
+
+/**
+ An extra init hook that enables the RuntimeDxe library instance to
+ register VirtualAddress change callbacks. Among other things.
+
+ @retval EFI_SUCCESS Everything is good. Continue with init.
+ @retval Others Uh... don't continue.
+
+**/
+EFI_STATUS
+VariablePolicyExtraInit (
+ VOID
+ );
+
+/**
+ An extra deinit hook that enables the RuntimeDxe library instance to
+ register VirtualAddress change callbacks. Among other things.
+
+ @retval EFI_SUCCESS Everything is good. Continue with deinit.
+ @retval Others Uh... don't continue.
+
+**/
+EFI_STATUS
+VariablePolicyExtraDeinit (
+ VOID
+ );
+
+
+/**
+ This helper function determines whether the structure of an incoming policy
+ is valid and internally consistent.
+
+ @param[in] NewPolicy Pointer to the incoming policy structure.
+
+ @retval TRUE
+ @retval FALSE Pointer is NULL, size is wrong, strings are empty, or
+ substructures overlap.
+
+**/
+STATIC
+BOOLEAN
+IsValidVariablePolicyStructure (
+ IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
+ )
+{
+ EFI_STATUS Status;
+ UINTN EntryEnd;
+ CHAR16 *CheckChar;
+ UINTN WildcardCount;
+
+ // Sanitize some quick values.
+ if (NewPolicy == NULL || NewPolicy->Size == 0 ||
+ // Structure size should be at least as long as the minumum structure and a NULL string.
+ NewPolicy->Size < sizeof(VARIABLE_POLICY_ENTRY) ||
+ // Check for the known revision.
+ NewPolicy->Version != VARIABLE_POLICY_ENTRY_REVISION) {
+ return FALSE;
+ }
+
+ // Calculate the theoretical end of the structure and make sure
+ // that the structure can fit in memory.
+ Status = SafeUintnAdd( (UINTN)NewPolicy, NewPolicy->Size, &EntryEnd );
+ if (EFI_ERROR( Status )) {
+ return FALSE;
+ }
+
+ // Check for a valid Max Size.
+ if (NewPolicy->MaxSize == 0) {
+ return FALSE;
+ }
+
+ // Check for the valid list of lock policies.
+ if (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK &&
+ NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW &&
+ NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE &&
+ NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE)
+ {
+ return FALSE;
+ }
+
+ // If the policy type is VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE, make sure that the matching state variable Name
+ // terminates before the OffsetToName for the matching policy variable Name.
+ if (NewPolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
+ // Adjust CheckChar to the offset of the LockPolicy->Name.
+ Status = SafeUintnAdd( (UINTN)NewPolicy + sizeof(VARIABLE_POLICY_ENTRY),
+ sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY),
+ (UINTN*)&CheckChar );
+ if (EFI_ERROR( Status ) || EntryEnd <= (UINTN)CheckChar) {
+ return FALSE;
+ }
+ while (*CheckChar != CHAR_NULL) {
+ if (EntryEnd <= (UINTN)CheckChar) {
+ return FALSE;
+ }
+ CheckChar++;
+ }
+ // At this point we should have either exeeded the structure or be pointing at the last char in LockPolicy->Name.
+ // We should check to make sure that the policy Name comes immediately after this charcter.
+ if ((UINTN)++CheckChar != (UINTN)NewPolicy + NewPolicy->OffsetToName) {
+ return FALSE;
+ }
+ // If the policy type is any other value, make sure that the LockPolicy structure has a zero length.
+ } else {
+ if (NewPolicy->OffsetToName != sizeof(VARIABLE_POLICY_ENTRY)) {
+ return FALSE;
+ }
+ }
+
+ // Check to make sure that the name has a terminating character
+ // before the end of the structure.
+ // We've already checked that the name is within the bounds of the structure.
+ if (NewPolicy->Size != NewPolicy->OffsetToName) {
+ CheckChar = (CHAR16*)((UINTN)NewPolicy + NewPolicy->OffsetToName);
+ WildcardCount = 0;
+ while (*CheckChar != CHAR_NULL) {
+ // Make sure there aren't excessive wildcards.
+ if (*CheckChar == '#') {
+ WildcardCount++;
+ if (WildcardCount > MATCH_PRIORITY_MIN) {
+ return FALSE;
+ }
+ }
+ // Make sure you're still within the bounds of the policy structure.
+ if (EntryEnd <= (UINTN)CheckChar) {
+ return FALSE;
+ }
+ CheckChar++;
+ }
+
+ // Finally, we should be pointed at the very last character in Name, so we should be right
+ // up against the end of the structure.
+ if ((UINTN)++CheckChar != EntryEnd) {
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
+
+/**
+ This helper function evaluates a policy and determines whether it matches the target
+ variable. If matched, will also return a value corresponding to the priority of the match.
+
+ The rules for "best match" are listed in the Variable Policy Spec.
+ Perfect name matches will return 0.
+ Single wildcard characters will return the number of wildcard characters.
+ Full namespaces will return MAX_UINT8.
+
+ @param[in] EvalEntry Pointer to the policy entry being evaluated.
+ @param[in] VariableName Same as EFI_SET_VARIABLE.
+ @param[in] VendorGuid Same as EFI_SET_VARIABLE.
+ @param[out] MatchPriority [Optional] On finding a match, this value contains the priority of the match.
+ Lower number == higher priority. Only valid if a match found.
+
+ @retval TRUE Current entry matches the target variable.
+ @retval FALSE Current entry does not match at all.
+
+**/
+STATIC
+BOOLEAN
+EvaluatePolicyMatch (
+ IN CONST VARIABLE_POLICY_ENTRY *EvalEntry,
+ IN CONST CHAR16 *VariableName,
+ IN CONST EFI_GUID *VendorGuid,
+ OUT UINT8 *MatchPriority OPTIONAL
+ )
+{
+ BOOLEAN Result;
+ CHAR16 *PolicyName;
+ UINT8 CalculatedPriority;
+ UINTN Index;
+
+ Result = FALSE;
+ CalculatedPriority = MATCH_PRIORITY_EXACT;
+
+ // Step 1: If the GUID doesn't match, we're done. No need to evaluate anything else.
+ if (!CompareGuid( &EvalEntry->Namespace, VendorGuid )) {
+ goto Exit;
+ }
+
+ // If the GUID matches, check to see whether there is a Name associated
+ // with the policy. If not, this policy matches the entire namespace.
+ // Missing Name is indicated by size being equal to name.
+ if (EvalEntry->Size == EvalEntry->OffsetToName) {
+ CalculatedPriority = MATCH_PRIORITY_MIN;
+ Result = TRUE;
+ goto Exit;
+ }
+
+ // Now that we know the name exists, get it.
+ PolicyName = GET_POLICY_NAME( EvalEntry );
+
+ // Evaluate the name against the policy name and check for a match.
+ // Account for any wildcards.
+ Index = 0;
+ Result = TRUE;
+ // Keep going until the end of both strings.
+ while (PolicyName[Index] != CHAR_NULL || VariableName[Index] != CHAR_NULL) {
+ // If we don't have a match...
+ if (PolicyName[Index] != VariableName[Index] || PolicyName[Index] == '#') {
+ // If this is a numerical wildcard, we can consider
+ // it a match if we alter the priority.
+ if (PolicyName[Index] == L'#' &&
+ ((L'0' <= VariableName[Index] && VariableName[Index] <= L'9') ||
+ (L'A' <= VariableName[Index] && VariableName[Index] <= L'F') ||
+ (L'a' <= VariableName[Index] && VariableName[Index] <= L'f'))) {
+ if (CalculatedPriority < MATCH_PRIORITY_MIN) {
+ CalculatedPriority++;
+ }
+ // Otherwise, not a match.
+ } else {
+ Result = FALSE;
+ goto Exit;
+ }
+ }
+ Index++;
+ }
+
+Exit:
+ if (Result && MatchPriority != NULL) {
+ *MatchPriority = CalculatedPriority;
+ }
+ return Result;
+}
+
+
+/**
+ This helper function walks the current policy table and returns a pointer
+ to the best match, if any are found. Leverages EvaluatePolicyMatch() to
+ determine "best".
+
+ @param[in] VariableName Same as EFI_SET_VARIABLE.
+ @param[in] VendorGuid Same as EFI_SET_VARIABLE.
+ @param[out] ReturnPriority [Optional] If pointer is provided, return the
+ priority of the match. Same as EvaluatePolicyMatch().
+ Only valid if a match is returned.
+
+ @retval VARIABLE_POLICY_ENTRY* Best match that was found.
+ @retval NULL No match was found.
+
+**/
+STATIC
+VARIABLE_POLICY_ENTRY*
+GetBestPolicyMatch (
+ IN CONST CHAR16 *VariableName,
+ IN CONST EFI_GUID *VendorGuid,
+ OUT UINT8 *ReturnPriority OPTIONAL
+ )
+{
+ VARIABLE_POLICY_ENTRY *BestResult;
+ VARIABLE_POLICY_ENTRY *CurrentEntry;
+ UINT8 MatchPriority;
+ UINT8 CurrentPriority;
+ UINTN Index;
+
+ BestResult = NULL;
+ MatchPriority = MATCH_PRIORITY_EXACT;
+
+ // Walk all entries in the table, looking for matches.
+ CurrentEntry = (VARIABLE_POLICY_ENTRY*)mPolicyTable;
+ for (Index = 0; Index < mCurrentTableCount; Index++) {
+ // Check for a match.
+ if (EvaluatePolicyMatch( CurrentEntry, VariableName, VendorGuid, &CurrentPriority )) {
+ // If match is better, take it.
+ if (BestResult == NULL || CurrentPriority < MatchPriority) {
+ BestResult = CurrentEntry;
+ MatchPriority = CurrentPriority;
+ }
+
+ // If you've hit the highest-priority match, can exit now.
+ if (MatchPriority == 0) {
+ break;
+ }
+ }
+
+ // If we're still in the loop, move to the next entry.
+ CurrentEntry = GET_NEXT_POLICY( CurrentEntry );
+ }
+
+ // If a return priority was requested, return it.
+ if (ReturnPriority != NULL) {
+ *ReturnPriority = MatchPriority;
+ }
+
+ return BestResult;
+}
+
+
+/**
+ This API function validates and registers a new policy with
+ the policy enforcement engine.
+
+ @param[in] NewPolicy Pointer to the incoming policy structure.
+
+ @retval EFI_SUCCESS
+ @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.
+ @retval EFI_ALREADY_STARTED An identical matching policy already exists.
+ @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.
+ @retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.
+ @retval EFI_ABORTED A calculation error has prevented this function from completing.
+ @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterVariablePolicy (
+ IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *MatchPolicy;
+ UINT8 MatchPriority;
+ UINT32 NewSize;
+ UINT8 *NewTable;
+
+ if (!IsVariablePolicyLibInitialized()) {
+ return EFI_NOT_READY;
+ }
+ if (mInterfaceLocked) {
+ return EFI_WRITE_PROTECTED;
+ }
+
+ if (!IsValidVariablePolicyStructure( NewPolicy )) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Check to see whether an exact matching policy already exists.
+ MatchPolicy = GetBestPolicyMatch( GET_POLICY_NAME( NewPolicy ),
+ &NewPolicy->Namespace,
+ &MatchPriority );
+ if (MatchPolicy != NULL && MatchPriority == MATCH_PRIORITY_EXACT) {
+ return EFI_ALREADY_STARTED;
+ }
+
+ // If none exists, create it.
+ // If we need more space, allocate that now.
+ Status = SafeUint32Add( mCurrentTableUsage, NewPolicy->Size, &NewSize );
+ if (EFI_ERROR( Status )) {
+ return EFI_ABORTED;
+ }
+ if (NewSize > mCurrentTableSize) {
+ // Use NewSize to calculate the new table size in units of POLICY_TABLE_STEP_SIZE.
+ NewSize = (NewSize % POLICY_TABLE_STEP_SIZE) > 0 ?
+ (NewSize / POLICY_TABLE_STEP_SIZE) + 1 :
+ (NewSize / POLICY_TABLE_STEP_SIZE);
+ // Calculate the new table size in absolute bytes.
+ Status = SafeUint32Mult( NewSize, POLICY_TABLE_STEP_SIZE, &NewSize );
+ if (EFI_ERROR( Status )) {
+ return EFI_ABORTED;
+ }
+
+ // Reallocate and copy the table.
+ NewTable = AllocatePool( NewSize );
+ if (NewTable == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ CopyMem( NewTable, mPolicyTable, mCurrentTableUsage );
+ mCurrentTableSize = NewSize;
+ if (mPolicyTable != NULL) {
+ FreePool( mPolicyTable );
+ }
+ mPolicyTable = NewTable;
+ }
+ // Copy the policy into the table.
+ CopyMem( mPolicyTable + mCurrentTableUsage, NewPolicy, NewPolicy->Size );
+ mCurrentTableUsage += NewPolicy->Size;
+ mCurrentTableCount += 1;
+
+ // We're done here.
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This API function checks to see whether the parameters to SetVariable would
+ be allowed according to the current variable policies.
+
+ @param[in] VariableName Same as EFI_SET_VARIABLE.
+ @param[in] VendorGuid Same as EFI_SET_VARIABLE.
+ @param[in] Attributes Same as EFI_SET_VARIABLE.
+ @param[in] DataSize Same as EFI_SET_VARIABLE.
+ @param[in] Data Same as EFI_SET_VARIABLE.
+
+ @retval EFI_SUCCESS A matching policy allows this update.
+ @retval EFI_SUCCESS There are currently no policies that restrict this update.
+ @retval EFI_SUCCESS The protections have been disable until the next reboot.
+ @retval EFI_WRITE_PROTECTED Variable is currently locked.
+ @retval EFI_INVALID_PARAMETER Attributes or size are invalid.
+ @retval EFI_ABORTED A lock policy exists, but an error prevented evaluation.
+ @retval EFI_NOT_READY Library has not been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+ValidateSetVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ BOOLEAN IsDel;
+ VARIABLE_POLICY_ENTRY *ActivePolicy;
+ EFI_STATUS Status;
+ EFI_STATUS ReturnStatus;
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY *StateVarPolicy;
+ CHAR16 *StateVarName;
+ UINTN StateVarSize;
+ UINT8 StateVar;
+
+ ReturnStatus = EFI_SUCCESS;
+
+ if (!IsVariablePolicyLibInitialized()) {
+ ReturnStatus = EFI_NOT_READY;
+ goto Exit;
+ }
+
+ // Bail if the protections are currently disabled.
+ if (mProtectionDisabled) {
+ ReturnStatus = EFI_SUCCESS;
+ goto Exit;
+ }
+
+ // Determine whether this is a delete operation.
+ // If so, it will affect which tests are applied.
+ if ((DataSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
+ IsDel = TRUE;
+ } else {
+ IsDel = FALSE;
+ }
+
+ // Find an active policy if one exists.
+ ActivePolicy = GetBestPolicyMatch( VariableName, VendorGuid, NULL );
+
+ // If we have an active policy, check it against the incoming data.
+ if (ActivePolicy != NULL) {
+ //
+ // Only enforce size and attribute constraints when updating data, not deleting.
+ if (!IsDel) {
+ // Check for size constraints.
+ if ((ActivePolicy->MinSize > 0 && DataSize < ActivePolicy->MinSize) ||
+ (ActivePolicy->MaxSize > 0 && DataSize > ActivePolicy->MaxSize)) {
+ ReturnStatus = EFI_INVALID_PARAMETER;
+ DEBUG(( DEBUG_VERBOSE, "%a - Bad Size. 0x%X <> 0x%X-0x%X\n", __FUNCTION__,
+ DataSize, ActivePolicy->MinSize, ActivePolicy->MaxSize ));
+ goto Exit;
+ }
+
+ // Check for attribute constraints.
+ if ((ActivePolicy->AttributesMustHave & Attributes) != ActivePolicy->AttributesMustHave ||
+ (ActivePolicy->AttributesCantHave & Attributes) != 0) {
+ ReturnStatus = EFI_INVALID_PARAMETER;
+ DEBUG(( DEBUG_VERBOSE, "%a - Bad Attributes. 0x%X <> 0x%X:0x%X\n", __FUNCTION__,
+ Attributes, ActivePolicy->AttributesMustHave, ActivePolicy->AttributesCantHave ));
+ goto Exit;
+ }
+ }
+
+ //
+ // Lock policy check.
+ //
+ // Check for immediate lock.
+ if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_NOW) {
+ ReturnStatus = EFI_WRITE_PROTECTED;
+ goto Exit;
+ // Check for lock on create.
+ } else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) {
+ StateVarSize = 0;
+ Status = mGetVariableHelper( VariableName,
+ VendorGuid,
+ NULL,
+ &StateVarSize,
+ NULL );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ ReturnStatus = EFI_WRITE_PROTECTED;
+ goto Exit;
+ }
+ // Check for lock on state variable.
+ } else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
+ StateVarPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY*)((UINT8*)ActivePolicy + sizeof(VARIABLE_POLICY_ENTRY));
+ StateVarName = (CHAR16*)((UINT8*)StateVarPolicy + sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY));
+ StateVarSize = sizeof(StateVar);
+ Status = mGetVariableHelper( StateVarName,
+ &StateVarPolicy->Namespace,
+ NULL,
+ &StateVarSize,
+ &StateVar );
+
+ // If the variable was found, check the state. If matched, this variable is locked.
+ if (!EFI_ERROR( Status )) {
+ if (StateVar == StateVarPolicy->Value) {
+ ReturnStatus = EFI_WRITE_PROTECTED;
+ goto Exit;
+ }
+ // EFI_NOT_FOUND and EFI_BUFFER_TOO_SMALL indicate that the state doesn't match.
+ } else if (Status != EFI_NOT_FOUND && Status != EFI_BUFFER_TOO_SMALL) {
+ // We don't know what happened, but it isn't good.
+ ReturnStatus = EFI_ABORTED;
+ goto Exit;
+ }
+ }
+ }
+
+Exit:
+ DEBUG(( DEBUG_VERBOSE, "%a - Variable (%g:%s) returning %r.\n", __FUNCTION__, VendorGuid, VariableName, ReturnStatus ));
+ return ReturnStatus;
+}
+
+
+/**
+ This API function disables the variable policy enforcement. If it's
+ already been called once, will return EFI_ALREADY_STARTED.
+
+ @retval EFI_SUCCESS
+ @retval EFI_ALREADY_STARTED Has already been called once this boot.
+ @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.
+ @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+DisableVariablePolicy (
+ VOID
+ )
+{
+ if (!IsVariablePolicyLibInitialized()) {
+ return EFI_NOT_READY;
+ }
+ if (mProtectionDisabled) {
+ return EFI_ALREADY_STARTED;
+ }
+ if (mInterfaceLocked) {
+ return EFI_WRITE_PROTECTED;
+ }
+ if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {
+ return EFI_WRITE_PROTECTED;
+ }
+ mProtectionDisabled = TRUE;
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This API function will dump the entire contents of the variable policy table.
+
+ Similar to GetVariable, the first call can be made with a 0 size and it will return
+ the size of the buffer required to hold the entire table.
+
+ @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.
+ @param[in,out] Size On input, the size of the output buffer. On output, the size
+ of the data returned.
+
+ @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.
+ @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+DumpVariablePolicy (
+ OUT UINT8 *Policy,
+ IN OUT UINT32 *Size
+ )
+{
+ if (!IsVariablePolicyLibInitialized()) {
+ return EFI_NOT_READY;
+ }
+
+ // Check the parameters.
+ if (Size == NULL || (*Size > 0 && Policy == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Make sure the size is sufficient to hold the policy table.
+ if (*Size < mCurrentTableUsage) {
+ *Size = mCurrentTableUsage;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ // If we're still here, copy the table and bounce.
+ CopyMem( Policy, mPolicyTable, mCurrentTableUsage );
+ *Size = mCurrentTableUsage;
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This API function returns whether or not the policy engine is
+ currently being enforced.
+
+ @retval TRUE
+ @retval FALSE
+ @retval FALSE Library has not yet been initialized.
+
+**/
+BOOLEAN
+EFIAPI
+IsVariablePolicyEnabled (
+ VOID
+ )
+{
+ if (!IsVariablePolicyLibInitialized()) {
+ return FALSE;
+ }
+ return !mProtectionDisabled;
+}
+
+
+/**
+ This API function locks the interface so that no more policy updates
+ can be performed or changes made to the enforcement until the next boot.
+
+ @retval EFI_SUCCESS
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+LockVariablePolicy (
+ VOID
+ )
+{
+ if (!IsVariablePolicyLibInitialized()) {
+ return EFI_NOT_READY;
+ }
+ if (mInterfaceLocked) {
+ return EFI_WRITE_PROTECTED;
+ }
+ mInterfaceLocked = TRUE;
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This API function returns whether or not the policy interface is locked
+ for the remainder of the boot.
+
+ @retval TRUE
+ @retval FALSE
+ @retval FALSE Library has not yet been initialized.
+
+**/
+BOOLEAN
+EFIAPI
+IsVariablePolicyInterfaceLocked (
+ VOID
+ )
+{
+ if (!IsVariablePolicyLibInitialized()) {
+ return FALSE;
+ }
+ return mInterfaceLocked;
+}
+
+
+/**
+ This helper function initializes the library and sets
+ up any required internal structures or handlers.
+
+ Also registers the internal pointer for the GetVariable helper.
+
+ @param[in] GetVariableHelper A function pointer matching the EFI_GET_VARIABLE prototype that will be used to
+ check policy criteria that involve the existence of other variables.
+
+ @retval EFI_SUCCESS
+ @retval EFI_ALREADY_STARTED The initialize function has been called more than once without a call to
+ deinitialize.
+
+**/
+EFI_STATUS
+EFIAPI
+InitVariablePolicyLib (
+ IN EFI_GET_VARIABLE GetVariableHelper
+ )
+{
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
+ if (mGetVariableHelper != NULL) {
+ return EFI_ALREADY_STARTED;
+ }
+
+ if (!EFI_ERROR( Status )) {
+ Status = VariablePolicyExtraInit();
+ }
+
+ if (!EFI_ERROR( Status )) {
+ // Save an internal pointer to the GetVariableHelper.
+ mGetVariableHelper = GetVariableHelper;
+
+ // Initialize the global state.
+ mInterfaceLocked = FALSE;
+ mProtectionDisabled = FALSE;
+ mPolicyTable = NULL;
+ mCurrentTableSize = 0;
+ mCurrentTableUsage = 0;
+ mCurrentTableCount = 0;
+ }
+
+ return Status;
+}
+
+
+/**
+ This helper function returns whether or not the library is currently initialized.
+
+ @retval TRUE
+ @retval FALSE
+
+**/
+BOOLEAN
+EFIAPI
+IsVariablePolicyLibInitialized (
+ VOID
+ )
+{
+ return (mGetVariableHelper != NULL);
+}
+
+
+/**
+ This helper function tears down the library.
+
+ Should generally only be used for test harnesses.
+
+ @retval EFI_SUCCESS
+ @retval EFI_NOT_READY Deinitialize was called without first calling initialize.
+
+**/
+EFI_STATUS
+EFIAPI
+DeinitVariablePolicyLib (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
+ if (mGetVariableHelper == NULL) {
+ return EFI_NOT_READY;
+ }
+
+ if (!EFI_ERROR( Status )) {
+ Status = VariablePolicyExtraDeinit();
+ }
+
+ if (!EFI_ERROR( Status )) {
+ mGetVariableHelper = NULL;
+ mInterfaceLocked = FALSE;
+ mProtectionDisabled = FALSE;
+ mCurrentTableSize = 0;
+ mCurrentTableUsage = 0;
+ mCurrentTableCount = 0;
+
+ if (mPolicyTable != NULL) {
+ FreePool( mPolicyTable );
+ mPolicyTable = NULL;
+ }
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Include/Library/VariablePolicyLib.h b/MdeModulePkg/Include/Library/VariablePolicyLib.h
new file mode 100644
index 000000000000..efd1840112ec
--- /dev/null
+++ b/MdeModulePkg/Include/Library/VariablePolicyLib.h
@@ -0,0 +1,207 @@
+/** @file -- VariablePolicyLib.h
+Business logic for Variable Policy enforcement.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _VARIABLE_POLICY_LIB_H_
+#define _VARIABLE_POLICY_LIB_H_
+
+#include <Protocol/VariablePolicy.h>
+
+/**
+ This API function validates and registers a new policy with
+ the policy enforcement engine.
+
+ @param[in] NewPolicy Pointer to the incoming policy structure.
+
+ @retval EFI_SUCCESS
+ @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.
+ @retval EFI_ALREADY_STARTED An identical matching policy already exists.
+ @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.
+ @retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.
+ @retval EFI_ABORTED A calculation error has prevented this function from completing.
+ @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterVariablePolicy (
+ IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
+ );
+
+
+/**
+ This API function checks to see whether the parameters to SetVariable would
+ be allowed according to the current variable policies.
+
+ @param[in] VariableName Same as EFI_SET_VARIABLE.
+ @param[in] VendorGuid Same as EFI_SET_VARIABLE.
+ @param[in] Attributes Same as EFI_SET_VARIABLE.
+ @param[in] DataSize Same as EFI_SET_VARIABLE.
+ @param[in] Data Same as EFI_SET_VARIABLE.
+
+ @retval EFI_SUCCESS A matching policy allows this update.
+ @retval EFI_SUCCESS There are currently no policies that restrict this update.
+ @retval EFI_SUCCESS The protections have been disable until the next reboot.
+ @retval EFI_WRITE_PROTECTED Variable is currently locked.
+ @retval EFI_INVALID_PARAMETER Attributes or size are invalid.
+ @retval EFI_ABORTED A lock policy exists, but an error prevented evaluation.
+ @retval EFI_NOT_READY Library has not been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+ValidateSetVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ );
+
+
+/**
+ This API function disables the variable policy enforcement. If it's
+ already been called once, will return EFI_ALREADY_STARTED.
+
+ @retval EFI_SUCCESS
+ @retval EFI_ALREADY_STARTED Has already been called once this boot.
+ @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.
+ @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+DisableVariablePolicy (
+ VOID
+ );
+
+
+/**
+ This API function will dump the entire contents of the variable policy table.
+
+ Similar to GetVariable, the first call can be made with a 0 size and it will return
+ the size of the buffer required to hold the entire table.
+
+ @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.
+ @param[in,out] Size On input, the size of the output buffer. On output, the size
+ of the data returned.
+
+ @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.
+ @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+DumpVariablePolicy (
+ OUT UINT8 *Policy,
+ IN OUT UINT32 *Size
+ );
+
+
+/**
+ This API function returns whether or not the policy engine is
+ currently being enforced.
+
+ @retval TRUE
+ @retval FALSE
+ @retval FALSE Library has not yet been initialized.
+
+**/
+BOOLEAN
+EFIAPI
+IsVariablePolicyEnabled (
+ VOID
+ );
+
+
+/**
+ This API function locks the interface so that no more policy updates
+ can be performed or changes made to the enforcement until the next boot.
+
+ @retval EFI_SUCCESS
+ @retval EFI_NOT_READY Library has not yet been initialized.
+
+**/
+EFI_STATUS
+EFIAPI
+LockVariablePolicy (
+ VOID
+ );
+
+
+/**
+ This API function returns whether or not the policy interface is locked
+ for the remainder of the boot.
+
+ @retval TRUE
+ @retval FALSE
+ @retval FALSE Library has not yet been initialized.
+
+**/
+BOOLEAN
+EFIAPI
+IsVariablePolicyInterfaceLocked (
+ VOID
+ );
+
+
+/**
+ This helper function initializes the library and sets
+ up any required internal structures or handlers.
+
+ Also registers the internal pointer for the GetVariable helper.
+
+ @param[in] GetVariableHelper A function pointer matching the EFI_GET_VARIABLE prototype that will be used to
+ check policy criteria that involve the existence of other variables.
+
+ @retval EFI_SUCCESS
+ @retval EFI_ALREADY_STARTED The initialize function has been called more than once without a call to
+ deinitialize.
+
+**/
+EFI_STATUS
+EFIAPI
+InitVariablePolicyLib (
+ IN EFI_GET_VARIABLE GetVariableHelper
+ );
+
+
+/**
+ This helper function returns whether or not the library is currently initialized.
+
+ @retval TRUE
+ @retval FALSE
+
+**/
+BOOLEAN
+EFIAPI
+IsVariablePolicyLibInitialized (
+ VOID
+ );
+
+
+/**
+ This helper function tears down the library.
+
+ Should generally only be used for test harnesses.
+
+ @retval EFI_SUCCESS
+ @retval EFI_NOT_READY Deinitialize was called without first calling initialize.
+
+**/
+EFI_STATUS
+EFIAPI
+DeinitVariablePolicyLib (
+ VOID
+ );
+
+
+#endif // _VARIABLE_POLICY_LIB_H_
diff --git a/MdeModulePkg/Library/VariablePolicyLib/ReadMe.md b/MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
new file mode 100644
index 000000000000..c2f9850a12ca
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
@@ -0,0 +1,406 @@
+---
+title: UEFI Variable Policy Whitepaper
+version: 1.0
+copyright: Copyright (c) Microsoft Corporation.
+---
+
+# UEFI Variable Policy
+
+## Summary
+
+UEFI Variable Policy spec aims to describe the DXE protocol interface
+which allows enforcing certain rules on certain UEFI variables. The
+protocol allows communication with the Variable Policy Engine which
+performs the policy enforcement.
+
+The Variable Policy is comprised of a set of policy entries which
+describe, per UEFI variable (identified by namespace GUID and variable
+name) the following rules:
+
+- Required variable attributes
+- Prohibited variable attributes
+- Minimum variable size
+- Maximum variable size
+- Locking:
+ - Locking "immediately"
+ - Locking on creation
+ - Locking based on a state of another variable
+
+The spec assumes that the Variable Policy Engine runs in a trusted
+enclave, potentially off the main CPU that runs UEFI. For that reason,
+it is assumed that the Variable Policy Engine has no concept of UEFI
+events, and that the communication from the DXE driver to the trusted
+enclave is proprietary.
+
+At power-on, the Variable Policy Engine is:
+
+- Enabled -- present policy entries are evaluated on variable access
+ calls.
+- Unlocked -- new policy entries can be registered.
+
+Policy is expected to be clear on power-on. Policy is volatile and not
+preserved across system reset.
+
+## DXE Protocol
+
+```h
+typedef struct {
+ UINT64 Revision;
+ DISABLE_VARIABLE_POLICY DisableVariablePolicy;
+ IS_VARIABLE_POLICY_ENABLED IsVariablePolicyEnabled;
+ REGISTER_VARIABLE_POLICY RegisterVariablePolicy;
+ DUMP_VARIABLE_POLICY DumpVariablePolicy;
+ LOCK_VARIABLE_POLICY LockVariablePolicy;
+} _VARIABLE_POLICY_PROTOCOL;
+
+typedef _VARIABLE_POLICY_PROTOCOL VARIABLE_POLICY_PROTOCOL;
+
+extern EFI_GUID gVariablePolicyProtocolGuid;
+```
+
+```text
+## Include/Protocol/VariablePolicy.h
+ gVariablePolicyProtocolGuid = { 0x81D1675C, 0x86F6, 0x48DF, { 0xBD, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25, 0xC3 } }
+```
+
+### DisableVariablePolicy
+
+Function prototype:
+
+```c
+EFI_STATUS
+EFIAPI
+DisableVariablePolicy (
+ VOID
+ );
+```
+
+`DisableVariablePolicy` call disables the Variable Policy Engine, so
+that the present policy entries are no longer taken into account on
+variable access calls. This call effectively turns off the variable
+policy verification for this boot. This also disables UEFI
+Authenticated Variable protections including Secure Boot.
+`DisableVariablePolicy` can only be called once during boot. If called
+more than once, it will return `EFI_ALREADY_STARTED`. Note, this process
+is irreversible until the next system reset -- there is no
+"EnablePolicy" protocol function.
+
+_IMPORTANT NOTE:_ It is strongly recommended that VariablePolicy *NEVER*
+be disabled in "normal, production boot conditions". It is expected to always
+be enforced. The most likely reasons to disable are for Manufacturing and
+Refurbishing scenarios. If in doubt, leave the `gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable`
+PCD set to `FALSE` and VariablePolicy will always be enabled.
+
+### IsVariablePolicyEnabled
+
+Function prototype:
+
+```c
+EFI_STATUS
+EFIAPI
+IsVariablePolicyEnabled (
+ OUT BOOLEAN *State
+ );
+```
+
+`IsVariablePolicyEnabled` accepts a pointer to a Boolean in which it
+will store `TRUE` if Variable Policy Engine is enabled, or `FALSE` if
+Variable Policy Engine is disabled. The function returns `EFI_SUCCESS`.
+
+### RegisterVariablePolicy
+
+Function prototype:
+
+```c
+EFI_STATUS
+EFIAPI
+RegisterVariablePolicy (
+ IN CONST VARIABLE_POLICY_ENTRY *PolicyEntry
+ );
+```
+
+`RegisterVariablePolicy` call accepts a pointer to a policy entry
+structure and returns the status of policy registration. If the
+Variable Policy Engine is not locked and the policy structures are
+valid, the function will return `EFI_SUCCESS`. If the Variable Policy
+Engine is locked, `RegisterVariablePolicy` call will return
+`EFI_WRITE_PROTECTED` and will not register the policy entry. Bulk
+registration is not supported at this time due to the requirements
+around error handling on each policy registration.
+
+Upon successful registration of a policy entry, Variable Policy Engine
+will then evaluate this entry on subsequent variable access calls (as
+long as Variable Policy Engine hasn't been disabled).
+
+### DumpVariablePolicy
+
+Function prototype:
+
+```c
+EFI_STATUS
+EFIAPI
+DumpVariablePolicy (
+ OUT UINT8 *Policy,
+ IN OUT UINT32 *Size
+ );
+```
+
+`DumpVariablePolicy` call accepts a pointer to a buffer and a pointer to
+the size of the buffer as parameters and returns the status of placing
+the policy into the buffer. On first call to `DumpVariablePolicy` one
+should pass `NULL` as the buffer and a pointer to 0 as the `Size` variable
+and `DumpVariablePolicy` will return `EFI_BUFFER_TOO_SMALL` and will
+populate the `Size` parameter with the size of the needed buffer to
+store the policy. This way, the caller can allocate the buffer of
+correct size and call `DumpVariablePolicy` again. The function will
+populate the buffer with policy and return `EFI_SUCCESS`.
+
+### LockVariablePolicy
+
+Function prototype:
+
+```c
+EFI_STATUS
+EFIAPI
+LockVariablePolicy (
+ VOID
+ );
+```
+
+`LockVariablePolicy` locks the Variable Policy Engine, i.e. prevents any
+new policy entries from getting registered in this boot
+(`RegisterVariablePolicy` calls will fail with `EFI_WRITE_PROTECTED`
+status code returned).
+
+## Policy Structure
+
+The structure below is meant for the DXE protocol calling interface,
+when communicating to the Variable Policy Engine, thus the pragma pack
+directive. How these policies are stored in memory is up to the
+implementation.
+
+```c
+#pragma pack(1)
+typedef struct {
+ UINT32 Version;
+ UINT16 Size;
+ UINT16 OffsetToName;
+ EFI_GUID Namespace;
+ UINT32 MinSize;
+ UINT32 MaxSize;
+ UINT32 AttributesMustHave;
+ UINT32 AttributesCantHave;
+ UINT8 LockPolicyType;
+ UINT8 Reserved[3];
+ // UINT8 LockPolicy[]; // Variable Length Field
+ // CHAR16 Name[]; // Variable Length Field
+} VARIABLE_POLICY_ENTRY;
+```
+
+The struct `VARIABLE_POLICY_ENTRY` above describes the layout for a policy
+entry. The first element, `Size`, is the size of the policy entry, then
+followed by `OffsetToName` -- the number of bytes from the beginning of
+the struct to the name of the UEFI variable targeted by the policy
+entry. The name can contain wildcards to match more than one variable,
+more on this in the Wildcards section. The rest of the struct elements
+are self-explanatory.
+
+```cpp
+#define VARIABLE_POLICY_TYPE_NO_LOCK 0
+#define VARIABLE_POLICY_TYPE_LOCK_NOW 1
+#define VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2
+#define VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3
+```
+
+`LockPolicyType` can have the following values:
+
+- `VARIABLE_POLICY_TYPE_NO_LOCK` -- means that no variable locking is performed. However,
+ the attribute and size constraints are still enforced. LockPolicy
+ field is size 0.
+- `VARIABLE_POLICY_TYPE_LOCK_NOW` -- means that the variable starts being locked
+ immediately after policy entry registration. If the variable doesn't
+ exist at this point, being LockedNow means it cannot be created on
+ this boot. LockPolicy field is size 0.
+- `VARIABLE_POLICY_TYPE_LOCK_ON_CREATE` -- means that the variable starts being locked
+ after it is created. This allows for variable creation and
+ protection after LockVariablePolicy() function has been called. The
+ LockPolicy field is size 0.
+- `VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE` -- means that the Variable Policy Engine will
+ examine the state/contents of another variable to determine if the
+ variable referenced in the policy entry is locked.
+
+```c
+typedef struct {
+ EFI_GUID Namespace;
+ UINT8 Value;
+ UINT8 Reserved;
+ // CHAR16 Name[]; // Variable Length Field
+} VARIABLE_LOCK_ON_VAR_STATE_POLICY;
+```
+
+If `LockPolicyType` is `VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE`, then the final element in the
+policy entry struct is of type `VARIABLE_LOCK_ON_VAR_STATE_POLICY`, which
+lists the namespace GUID, name (no wildcards here), and value of the
+variable which state determines the locking of the variable referenced
+in the policy entry. The "locking" variable must be 1 byte in terms of
+payload size. If the Referenced variable contents match the Value of the
+`VARIABLE_LOCK_ON_VAR_STATE_POLICY` structure, the lock will be considered
+active and the target variable will be locked. If the Reference variable
+does not exist (ie. returns `EFI_NOT_FOUND`), this policy will be
+considered inactive.
+
+## Variable Name Wildcards
+
+Two types of wildcards can be used in the UEFI variable name field in a
+policy entry:
+
+1. If the Name is a zero-length array (easily checked by comparing
+ fields `Size` and `OffsetToName` -- if they're the same, then the
+ `Name` is zero-length), then all variables in the namespace specified
+ by the provided GUID are targeted by the policy entry.
+2. Character "#" in the `Name` corresponds to one numeric character
+ (0-9, A-F, a-f). For example, string "Boot####" in the `Name`
+ field of the policy entry will make it so that the policy entry will
+ target variables named "Boot0001", "Boot0002", etc.
+
+Given the above two types of wildcards, one variable can be targeted by
+more than one policy entry, thus there is a need to establish the
+precedence rule: a more specific match is applied. When a variable
+access operation is performed, Variable Policy Engine should first check
+the variable being accessed against the policy entries without
+wildcards, then with 1 wildcard, then with 2 wildcards, etc., followed
+in the end by policy entries that match the whole namespace. One can
+still imagine a situation where two policy entries with the same number
+of wildcards match the same variable -- for example, policy entries with
+Names "Boot00##" and "Boot##01" will both match variable "Boot0001".
+Such situation can (and should) be avoided by designing mutually
+exclusive Name strings with wildcards, however, if it occurs, then the
+policy entry that was registered first will be used. After the most
+specific match is selected, all other policies are ignored.
+
+## Available Testing
+
+This functionality is current supported by two kinds of tests: there is a host-based
+unit test for the core business logic (this test accompanies the `VariablePolicyLib`
+implementation that lives in `MdeModulePkg/Library`) and there is a functional test
+for the protocol and its interfaces (this test lives in the `MdeModulePkg/Test/ShellTest`
+directory).
+
+### Host-Based Unit Test
+
+There is a test that can be run as part of the Host-Based Unit Testing
+infrastructure provided by EDK2 PyTools (documented elsewhere). It will test
+all internal guarantees and is where you will find test cases for most of the
+policy matching and security of the Variable Policy Engine.
+
+### Shell-Based Functional Test
+
+This test -- [Variable Policy Functional Unit Test](https://github.com/microsoft/mu_plus/tree/release/202005/UefiTestingPkg/FunctionalSystemTests/VarPolicyUnitTestApp) -- can be built as a
+UEFI Shell application and run to validate that the Variable Policy Engine
+is correctly installed and enforcing policies on the target system.
+
+NOTE: This test _must_ be run prior to calling `DisableVariablePolicy` for all
+test cases to pass. For this reason, it is recommended to run this on a test-built
+FW for complete results, and then again on a production-built FW for release
+results.
+
+## Use Cases
+
+The below examples are hypothetical scenarios based on real-world requirements
+that demonstrate how Variable Policies could be constructed to solve various
+problems.
+
+### UEFI Setup Variables (Example 1)
+
+Variables containing values of the setup options exposed via UEFI
+menu (setup variables). These would be locked based on a state of
+another variable, "ReadyToBoot", which would be set to 1 at the
+ReadyToBoot event. Thus, the policy for the setup variables would be
+of type `LockOnVarState`, with the "ReadyToBoot" listed as the name of
+the variable, appropriate GUID listed as the namespace, and 1 as
+value. Entry into the trusted UEFI menu app doesn't signal
+ReadyToBoot, but booting to any device does, and the setup variables
+are write-protected. The "ReadyToBoot" variable would need to be
+locked-on-create. *(THIS IS ESSENTIALLY LOCK ON EVENT, BUT SINCE THE
+POLICY ENGINE IS NOT IN THE UEFI ENVIRONMENT VARIABLES ARE USED)*
+
+For example, "AllowPXEBoot" variable locked by "ReadyToBoot" variable.
+
+(NOTE: In the below example, the emphasized fields ('Namespace', 'Value', and 'Name')
+are members of the `VARIABLE_LOCK_ON_VAR_STATE_POLICY` structure.)
+
+Size | ...
+---- | ---
+OffsetToName | ...
+NameSpace | ...
+MinSize | ...
+MaxSize | ...
+AttributesMustHave | ...
+AttributesCantHave | ...
+LockPolicyType | `VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE`
+_Namespace_ | ...
+_Value_ | 1
+_Name_ | "ReadyToBoot"
+//Name | "AllowPXEBoot"
+
+### Manufacturing VPD (Example 2)
+
+Manufacturing Variable Provisioning Data (VPD) is stored in
+variables and is created while in Manufacturing (MFG) Mode. In MFG
+Mode Variable Policy Engine is disabled, thus these VPD variables
+can be created. These variables are locked with lock policy type
+`LockNow`, so that these variables can't be tampered with in Customer
+Mode. To overwrite or clear VPD, the device would need to MFG mode,
+which is standard practice for refurbishing/remanufacturing
+scenarios.
+
+Example: "DisplayPanelCalibration" variable...
+
+Size | ...
+---- | ---
+OffsetToName | ...
+NameSpace | ...
+MinSize | ...
+MaxSize | ...
+AttributesMustHave | ...
+AttributesCantHave | ...
+LockPolicyType | `VARIABLE_POLICY_TYPE_LOCK_NOW`
+// Name | "DisplayPanelCalibration"
+
+### 3rd Party Calibration Data (Example 3)
+
+Bluetooth pre-pairing variables are locked-on-create because these
+get created by an OS application when Variable Policy is in effect.
+
+Example: "KeyboardBTPairing" variable
+
+Size | ...
+---- | ---
+OffsetToName | ...
+NameSpace | ...
+MinSize | ...
+MaxSize | ...
+AttributesMustHave | ...
+AttributesCantHave | ...
+LockPolicyType | `VARIABLE_POLICY_TYPE_LOCK_ON_CREATE`
+// Name | "KeyboardBTPairing"
+
+### Software-based Variable Policy (Example 4)
+
+Example: "Boot####" variables (a name string with wildcards that
+will match variables "Boot0000" to "BootFFFF") locked by "LockBootOrder"
+variable.
+
+Size | ...
+---- | ---
+OffsetToName | ...
+NameSpace | ...
+MinSize | ...
+MaxSize | ...
+AttributesMustHave | ...
+AttributesCantHave | ...
+LockPolicyType | `VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE`
+_Namespace_ | ...
+_Value_ | 1
+_Name_ | "LockBootOrder"
+//Name | "Boot####"
diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
new file mode 100644
index 000000000000..3fe6043bf631
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
@@ -0,0 +1,48 @@
+## @file VariablePolicyLib.inf
+# Business logic for Variable Policy enforcement.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+
+[Defines]
+ INF_VERSION = 0x00010017
+ BASE_NAME = VariablePolicyLib
+ FILE_GUID = E9ECD342-159A-4F24-9FDF-65724027C594
+ VERSION_STRING = 1.0
+ MODULE_TYPE = DXE_DRIVER
+ LIBRARY_CLASS = VariablePolicyLib|DXE_DRIVER DXE_SMM_DRIVER MM_STANDALONE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = ANY
+#
+
+
+[Sources]
+ VariablePolicyLib.c
+ VariablePolicyExtraInitNull.c
+
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+ DebugLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ SafeIntLib
+ PcdLib
+
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable ## CONSUMES
+
+
+[BuildOptions]
+ MSFT:NOOPT_*_*_CC_FLAGS = -DINTERNAL_UNIT_TEST
+ GCC:NOOPT_*_*_CC_FLAGS = -DINTERNAL_UNIT_TEST
diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
new file mode 100644
index 000000000000..2227ec427828
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
@@ -0,0 +1,12 @@
+// /** @file
+// VariablePolicyLib.uni
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Library containing the business logic for the VariablePolicy engine"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Library containing the business logic for the VariablePolicy engine"
diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
new file mode 100644
index 000000000000..8b8365741864
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
@@ -0,0 +1,51 @@
+## @file VariablePolicyLibRuntimeDxe.inf
+# Business logic for Variable Policy enforcement.
+# This instance is specifically for RuntimeDxe and contains
+# extra routines to register for VirtualAddressChangeEvents.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+
+[Defines]
+ INF_VERSION = 0x00010017
+ BASE_NAME = VariablePolicyLibRuntimeDxe
+ FILE_GUID = 205F7F0E-8EAC-4914-8390-1B90DD7E2A27
+ VERSION_STRING = 1.0
+ MODULE_TYPE = DXE_RUNTIME_DRIVER
+ LIBRARY_CLASS = VariablePolicyLib|DXE_RUNTIME_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = ANY
+#
+
+
+[Sources]
+ VariablePolicyLib.c
+ VariablePolicyExtraInitRuntimeDxe.c
+
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+ DebugLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ SafeIntLib
+ UefiBootServicesTableLib
+ UefiRuntimeServicesTableLib
+ PcdLib
+
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable ## CONSUMES
+
+
+[Guids]
+ gEfiEventVirtualAddressChangeGuid
diff --git a/MdeModulePkg/MdeModulePkg.ci.yaml b/MdeModulePkg/MdeModulePkg.ci.yaml
index 1a7e955185d8..20d53fc5a5fa 100644
--- a/MdeModulePkg/MdeModulePkg.ci.yaml
+++ b/MdeModulePkg/MdeModulePkg.ci.yaml
@@ -104,7 +104,9 @@
"FVMAIN",
"VARCHECKPCD",
"Getxx",
- "lzturbo"
+ "lzturbo",
+ "musthave",
+ "canthave"
],
"AdditionalIncludePaths": [] # Additional paths to spell check relative to package root (wildcards supported)
}
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 82aecc40d9a9..51c7057bfd1b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -31,6 +31,9 @@ [LibraryClasses]
## @libraryclass Defines a set of methods to reset whole system.
ResetSystemLib|Include/Library/ResetSystemLib.h
+ ## @libraryclass Business logic for storing and testing variable policies
+ VariablePolicyLib|Include/Library/VariablePolicyLib.h
+
## @libraryclass Defines a set of helper functions for resetting the system.
ResetUtilityLib|Include/Library/ResetUtilityLib.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index fbbc9933f5e8..3c8bf8009c55 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -3,6 +3,7 @@
#
# (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -58,6 +59,7 @@ [LibraryClasses]
DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
#
# Generic Modules
#
@@ -129,6 +131,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.SMM_CORE]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
@@ -306,6 +309,8 @@ [Components]
MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 03/13] MdeModulePkg: Define the VariablePolicyHelperLib
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 01/13] MdeModulePkg: Define the VariablePolicy protocol interface Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 02/13] MdeModulePkg: Define the VariablePolicyLib Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 04/13] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Bret Barkelew
` (11 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.
Add the VariablePolicyHelperLib library, containing
several functions to help with the repetitive process
of creating a correctly structured and packed
VariablePolicy entry.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++++++++++++
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++++++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 ++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
MdeModulePkg/MdeModulePkg.dec | 5 +
MdeModulePkg/MdeModulePkg.dsc | 2 +
6 files changed, 614 insertions(+)
diff --git a/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
new file mode 100644
index 000000000000..0c9299c8b0e1
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
@@ -0,0 +1,396 @@
+/** @file -- VariablePolicyHelperLib.c
+This library contains helper functions for marshalling and registering
+new policies with the VariablePolicy infrastructure.
+
+This library is currently written against VariablePolicy revision 0x00010000.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/VariablePolicy.h>
+
+/**
+ This internal helper function populates the header structure,
+ all common fields, and takes care of fix-ups.
+
+ NOTE: Only use this internally. Assumes correctly-sized buffers.
+
+ @param[out] EntPtr Pointer to the buffer to be populated.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+
+**/
+STATIC
+VOID
+PopulateCommonData (
+ OUT VARIABLE_POLICY_ENTRY *EntPtr,
+ IN CONST EFI_GUID *Namespace,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType
+ )
+{
+ EntPtr->Version = VARIABLE_POLICY_ENTRY_REVISION;
+ CopyGuid( &EntPtr->Namespace, Namespace );
+ EntPtr->MinSize = MinSize;
+ EntPtr->MaxSize = MaxSize;
+ EntPtr->AttributesMustHave = AttributesMustHave;
+ EntPtr->AttributesCantHave = AttributesCantHave;
+ EntPtr->LockPolicyType = LockPolicyType;
+
+ // NOTE: As a heler, fix up MaxSize for compatibility with the old model.
+ if (EntPtr->MaxSize == 0) {
+ EntPtr->MaxSize = VARIABLE_POLICY_NO_MAX_SIZE;
+ }
+
+ return;
+}
+
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy that does not contain any sub-structures (such as
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY).
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace is NULL.
+ @retval EFI_INVALID_PARAMETER LockPolicyType is invalid for a basic structure.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateBasicVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ )
+{
+ UINTN TotalSize;
+ UINTN NameSize;
+ VARIABLE_POLICY_ENTRY *EntPtr;
+ CHAR16 *CopyName;
+
+ // Check some initial invalid parameters for this function.
+ if (Namespace == NULL || NewEntry == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ if (LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK &&
+ LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW &&
+ LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Now we've gotta determine the total size of the buffer required for
+ // the VariablePolicy structure.
+ TotalSize = sizeof( VARIABLE_POLICY_ENTRY );
+ if (Name != NULL) {
+ NameSize = StrnSizeS( Name, MAX_UINT16 );
+ TotalSize += NameSize;
+ }
+ // Make sure the size fits within a VARIABLE_POLICY_ENTRY.Size.
+ ASSERT( TotalSize <= MAX_UINT16 );
+ if (TotalSize > MAX_UINT16) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ // Allocate a buffer to hold all the data. We're on the home stretch.
+ *NewEntry = AllocatePool( TotalSize );
+ if (*NewEntry == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ // If we're still here, we're basically done.
+ // Copy the data and GET... OUT....
+ EntPtr = *NewEntry;
+ PopulateCommonData ( EntPtr,
+ Namespace,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ LockPolicyType );
+ EntPtr->Size = (UINT16)TotalSize; // This is safe because we've already checked.
+ EntPtr->OffsetToName = sizeof(VARIABLE_POLICY_ENTRY);
+ if (Name != NULL) {
+ CopyName = (CHAR16*)((UINT8*)EntPtr + EntPtr->OffsetToName);
+ CopyMem( CopyName, Name, NameSize );
+ }
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy with a lock type of VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE.
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace, VarStateNamespace, VarStateName is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateVarStateVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN UINT8 VarStateValue,
+ IN CONST CHAR16 *VarStateName,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ )
+{
+ UINTN TotalSize;
+ UINTN NameSize;
+ UINTN VarStateNameSize;
+ VARIABLE_POLICY_ENTRY *EntPtr;
+ CHAR16 *CopyName;
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY *CopyPolicy;
+
+ // Check some initial invalid parameters for this function.
+ if (Namespace == NULL || VarStateNamespace == NULL ||
+ VarStateName == NULL || NewEntry == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Now we've gotta determine the total size of the buffer required for
+ // the VariablePolicy structure.
+ VarStateNameSize = StrnSizeS( VarStateName, MAX_UINT16 );
+ TotalSize = sizeof( VARIABLE_POLICY_ENTRY ) +
+ sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY) +
+ VarStateNameSize;
+ if (Name != NULL) {
+ NameSize = StrnSizeS( Name, MAX_UINT16 );
+ TotalSize += NameSize;
+ }
+ // Make sure the size fits within a VARIABLE_POLICY_ENTRY.Size.
+ ASSERT( TotalSize <= MAX_UINT16 );
+ if (TotalSize > MAX_UINT16) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ // Allocate a buffer to hold all the data. We're on the home stretch.
+ *NewEntry = AllocatePool( TotalSize );
+ if (*NewEntry == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ // If we're still here, we're basically done.
+ // Copy the data and GET... OUT....
+ EntPtr = *NewEntry;
+ PopulateCommonData ( EntPtr,
+ Namespace,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE );
+ EntPtr->Size = (UINT16)TotalSize; // This is safe because we've already checked.
+ EntPtr->OffsetToName = sizeof(VARIABLE_POLICY_ENTRY) +
+ sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY) +
+ (UINT16)VarStateNameSize;
+
+ CopyPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY*)((UINT8*)EntPtr + sizeof(VARIABLE_POLICY_ENTRY));
+ CopyName = (CHAR16*)((UINT8*)CopyPolicy + sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY));
+ CopyGuid( &CopyPolicy->Namespace, VarStateNamespace );
+ CopyPolicy->Value = VarStateValue;
+ CopyMem( CopyName, VarStateName, VarStateNameSize );
+
+ if (Name != NULL) {
+ CopyName = (CHAR16*)((UINT8*)EntPtr + EntPtr->OffsetToName);
+ CopyMem( CopyName, Name, NameSize );
+ }
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterBasicVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType
+ )
+{
+ VARIABLE_POLICY_ENTRY *NewEntry;
+ EFI_STATUS Status;
+
+ // Check the simple things.
+ if (VariablePolicy == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Create the new entry and make sure that everything worked.
+ NewEntry = NULL;
+ Status = CreateBasicVariablePolicy( Namespace,
+ Name,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ LockPolicyType,
+ &NewEntry );
+
+ // If that was successful, attempt to register the new policy.
+ if (!EFI_ERROR( Status )) {
+ Status = VariablePolicy->RegisterVariablePolicy( NewEntry );
+ }
+
+ // If we allocated the buffer, free the buffer.
+ if (NewEntry != NULL) {
+ FreePool( NewEntry );
+ }
+
+ return Status;
+}
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterVarStateVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN CONST CHAR16 *VarStateName,
+ IN UINT8 VarStateValue
+ )
+{
+ VARIABLE_POLICY_ENTRY *NewEntry;
+ EFI_STATUS Status;
+
+ // Check the simple things.
+ if (VariablePolicy == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Create the new entry and make sure that everything worked.
+ NewEntry = NULL;
+ Status = CreateVarStateVariablePolicy( Namespace,
+ Name,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ VarStateNamespace,
+ VarStateValue,
+ VarStateName,
+ &NewEntry );
+
+ // If that was successful, attempt to register the new policy.
+ if (!EFI_ERROR( Status )) {
+ Status = VariablePolicy->RegisterVariablePolicy( NewEntry );
+ }
+
+ // If we allocated the buffer, free the buffer.
+ if (NewEntry != NULL) {
+ FreePool( NewEntry );
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Include/Library/VariablePolicyHelperLib.h b/MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
new file mode 100644
index 000000000000..3b75e9786094
--- /dev/null
+++ b/MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
@@ -0,0 +1,164 @@
+/** @file -- VariablePolicyHelperLib.h
+This library contains helper functions for marshalling and registering
+new policies with the VariablePolicy infrastructure.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _EDKII_VARIABLE_POLICY_HELPER_LIB_H_
+#define _EDKII_VARIABLE_POLICY_HELPER_LIB_H_
+
+#include <Protocol/VariablePolicy.h>
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy that does not contain any sub-structures (such as
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY).
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace is NULL.
+ @retval EFI_INVALID_PARAMETER LockPolicyType is invalid for a basic structure.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateBasicVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ );
+
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy with a lock type of VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE.
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace, VarStateNamespace, VarStateName is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateVarStateVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN UINT8 VarStateValue,
+ IN CONST CHAR16 *VarStateName,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ );
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterBasicVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType
+ );
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterVarStateVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN CONST CHAR16 *VarStateName,
+ IN UINT8 VarStateValue
+ );
+
+#endif // _EDKII_VARIABLE_POLICY_HELPER_LIB_H_
diff --git a/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
new file mode 100644
index 000000000000..506abf580e94
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
@@ -0,0 +1,35 @@
+## @file VariablePolicyHelperLib.inf
+# This library contains helper functions for marshalling and registering
+# new policies with the VariablePolicy infrastructure.
+#
+# This library is currently written against VariablePolicy revision 0x00010000.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+
+[Defines]
+ INF_VERSION = 0x00010017
+ BASE_NAME = VariablePolicyHelperLib
+ # MODULE_UNI_FILE = VariablePolicyHelperLib.uni
+ FILE_GUID = B3C2206B-FDD1-4AED-8352-FC5EC34C5630
+ VERSION_STRING = 1.0
+ MODULE_TYPE = BASE
+ LIBRARY_CLASS = VariablePolicyHelperLib
+
+
+[Sources]
+ VariablePolicyHelperLib.c
+
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ MemoryAllocationLib
+ BaseMemoryLib
diff --git a/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
new file mode 100644
index 000000000000..39cbf11a4ce9
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
@@ -0,0 +1,12 @@
+// /** @file
+// VariablePolicyHelperLib.uni
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Library containing helper functions for marshalling and registering new policies with the VariablePolicy infrastructure"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Library containing helper functions for marshalling and registering new policies with the VariablePolicy infrastructure"
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 51c7057bfd1b..51f7f9d7246a 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -149,6 +149,11 @@ [LibraryClasses]
#
DisplayUpdateProgressLib|Include/Library/DisplayUpdateProgressLib.h
+ ## @libraryclass This library contains helper functions for marshalling and
+ # registering new policies with the VariablePolicy infrastructure.
+ #
+ VariablePolicyHelperLib|Include/Library/VariablePolicyHelperLib.h
+
[Guids]
## MdeModule package token space guid
# Include/Guid/MdeModulePkgTokenSpace.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 3c8bf8009c55..906550929002 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -99,6 +99,7 @@ [LibraryClasses]
BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf
SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
DisplayUpdateProgressLib|MdeModulePkg/Library/DisplayUpdateProgressLibGraphics/DisplayUpdateProgressLibGraphics.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
@@ -225,6 +226,7 @@ [Components]
MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
MdeModulePkg/Library/BaseHobLibNull/BaseHobLibNull.inf
MdeModulePkg/Library/BaseMemoryAllocationLibNull/BaseMemoryAllocationLibNull.inf
+ MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf
MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 04/13] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (2 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 03/13] MdeModulePkg: Define the VariablePolicyHelperLib Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 05/13] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Bret Barkelew
` (10 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.
This is an instance of a VarCheckLib that is backed by the
VariablePolicyLib business logic. It also publishes the SMM
calling interface for messages from the DXE protocol.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++++++++++++++
MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 +++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
MdeModulePkg/MdeModulePkg.dec | 4 +
MdeModulePkg/MdeModulePkg.dsc | 2 +
6 files changed, 460 insertions(+)
diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
new file mode 100644
index 000000000000..257aa9591303
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
@@ -0,0 +1,346 @@
+/** @file -- VarCheckPolicyLib.c
+This is a NULL library instance that leverages the VarCheck interface
+and the business logic behind the VariablePolicy code to make its decisions.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/VarCheckLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/SafeIntLib.h>
+#include <Library/MmServicesTableLib.h>
+#include <Library/SmmMemLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/MmCommunication.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+
+#include <Guid/VarCheckPolicyMmi.h>
+
+//================================================
+// As a VarCheck library, we're linked into the VariableServices
+// and may not be able to call them indirectly. To get around this,
+// use the internal GetVariable function to query the variable store.
+//================================================
+EFI_STATUS
+EFIAPI
+VariableServiceGetVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT UINT32 *Attributes OPTIONAL,
+ IN OUT UINTN *DataSize,
+ OUT VOID *Data
+ );
+
+
+UINT8 mSecurityEvalBuffer[VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE];
+
+// Pagination Cache Variables
+UINT8 *mPaginationCache = NULL;
+UINTN mPaginationCacheSize = 0;
+UINT32 mCurrentPaginationCommand = 0;
+
+
+/**
+ MM Communication Handler to recieve commands from the DXE protocol for
+ Variable Policies. This communication channel is used to register new policies
+ and poll and toggle the enforcement of variable policies.
+
+ @param[in] DispatchHandle All parameters standard to MM communications convention.
+ @param[in] RegisterContext All parameters standard to MM communications convention.
+ @param[in,out] CommBuffer All parameters standard to MM communications convention.
+ @param[in,out] CommBufferSize All parameters standard to MM communications convention.
+
+ @retval EFI_SUCCESS
+ @retval EFI_INVALID_PARAMETER CommBuffer or CommBufferSize is null pointer.
+ @retval EFI_INVALID_PARAMETER CommBuffer size is wrong.
+ @retval EFI_INVALID_PARAMETER Revision or signature don't match.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+VarCheckPolicyLibMmiHandler (
+ IN EFI_HANDLE DispatchHandle,
+ IN CONST VOID *RegisterContext,
+ IN OUT VOID *CommBuffer,
+ IN OUT UINTN *CommBufferSize
+ )
+{
+ UINTN InternalCommBufferSize;
+ VOID *InternalCommBuffer;
+ EFI_STATUS Status;
+ EFI_STATUS SubCommandStatus;
+ VAR_CHECK_POLICY_COMM_HEADER *PolicyCommmHeader;
+ VAR_CHECK_POLICY_COMM_HEADER *InternalPolicyCommmHeader;
+ VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *IsEnabledParams;
+ VAR_CHECK_POLICY_COMM_DUMP_PARAMS *DumpParamsIn;
+ VAR_CHECK_POLICY_COMM_DUMP_PARAMS *DumpParamsOut;
+ UINT8 *DumpInputBuffer;
+ UINT8 *DumpOutputBuffer;
+ UINTN DumpTotalPages;
+ VARIABLE_POLICY_ENTRY *PolicyEntry;
+ UINTN ExpectedSize;
+ UINT32 TempSize;
+
+ Status = EFI_SUCCESS;
+
+ //
+ // Validate some input parameters.
+ //
+ // If either of the pointers are NULL, we can't proceed.
+ if (CommBuffer == NULL || CommBufferSize == NULL) {
+ DEBUG(( DEBUG_INFO, "%a - Invalid comm buffer pointers!\n", __FUNCTION__ ));
+ return EFI_INVALID_PARAMETER;
+ }
+ // Make sure that the buffer does not overlap SMM.
+ // This should be covered by the SmiManage infrastructure, but just to be safe...
+ InternalCommBufferSize = *CommBufferSize;
+ if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || !SmmIsBufferOutsideSmmValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)) {
+ DEBUG ((DEBUG_ERROR, "%a - Invalid CommBuffer supplied! 0x%016lX[0x%016lX]\n", __FUNCTION__, CommBuffer, InternalCommBufferSize));
+ return EFI_INVALID_PARAMETER;
+ }
+ // If the size does not meet a minimum threshold, we cannot proceed.
+ ExpectedSize = sizeof(VAR_CHECK_POLICY_COMM_HEADER);
+ if (InternalCommBufferSize < ExpectedSize) {
+ DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, InternalCommBufferSize, ExpectedSize ));
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Before proceeding any further, copy the buffer internally so that we can compare
+ // without worrying about TOCTOU.
+ //
+ InternalCommBuffer = &mSecurityEvalBuffer[0];
+ CopyMem(InternalCommBuffer, CommBuffer, InternalCommBufferSize);
+ PolicyCommmHeader = CommBuffer;
+ InternalPolicyCommmHeader = InternalCommBuffer;
+ // Check the revision and the signature of the comm header.
+ if (InternalPolicyCommmHeader->Signature != VAR_CHECK_POLICY_COMM_SIG ||
+ InternalPolicyCommmHeader->Revision != VAR_CHECK_POLICY_COMM_REVISION) {
+ DEBUG(( DEBUG_INFO, "%a - Signature or revision are incorrect!\n", __FUNCTION__ ));
+ // We have verified the buffer is not null and have enough size to hold Result field.
+ PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
+ return EFI_SUCCESS;
+ }
+
+ // If we're in the middle of a paginated dump and any other command is sent,
+ // pagination cache must be cleared.
+ if (mPaginationCache != NULL && InternalPolicyCommmHeader->Command != mCurrentPaginationCommand) {
+ FreePool (mPaginationCache);
+ mPaginationCache = NULL;
+ mPaginationCacheSize = 0;
+ mCurrentPaginationCommand = 0;
+ }
+
+ //
+ // Now we can process the command as it was sent.
+ //
+ PolicyCommmHeader->Result = EFI_ABORTED; // Set a default return for incomplete commands.
+ switch(InternalPolicyCommmHeader->Command) {
+ case VAR_CHECK_POLICY_COMMAND_DISABLE:
+ PolicyCommmHeader->Result = DisableVariablePolicy();
+ break;
+
+ case VAR_CHECK_POLICY_COMMAND_IS_ENABLED:
+ // Make sure that we're dealing with a reasonable size.
+ // This add should be safe because these are fixed sizes so far.
+ ExpectedSize += sizeof(VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS);
+ if (InternalCommBufferSize < ExpectedSize) {
+ DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, InternalCommBufferSize, ExpectedSize ));
+ PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
+ break;
+ }
+
+ // Now that we know we've got a valid size, we can fill in the rest of the data.
+ IsEnabledParams = (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)((UINT8*)CommBuffer + sizeof(VAR_CHECK_POLICY_COMM_HEADER));
+ IsEnabledParams->State = IsVariablePolicyEnabled();
+ PolicyCommmHeader->Result = EFI_SUCCESS;
+ break;
+
+ case VAR_CHECK_POLICY_COMMAND_REGISTER:
+ // Make sure that we're dealing with a reasonable size.
+ // This add should be safe because these are fixed sizes so far.
+ ExpectedSize += sizeof(VARIABLE_POLICY_ENTRY);
+ if (InternalCommBufferSize < ExpectedSize) {
+ DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, InternalCommBufferSize, ExpectedSize ));
+ PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
+ break;
+ }
+
+ // At the very least, we can assume that we're working with a valid policy entry.
+ // Time to compare its internal size.
+ PolicyEntry = (VARIABLE_POLICY_ENTRY*)((UINT8*)InternalCommBuffer + sizeof(VAR_CHECK_POLICY_COMM_HEADER));
+ if (PolicyEntry->Version != VARIABLE_POLICY_ENTRY_REVISION ||
+ PolicyEntry->Size < sizeof(VARIABLE_POLICY_ENTRY) ||
+ EFI_ERROR(SafeUintnAdd(sizeof(VAR_CHECK_POLICY_COMM_HEADER), PolicyEntry->Size, &ExpectedSize)) ||
+ InternalCommBufferSize < ExpectedSize) {
+ DEBUG(( DEBUG_INFO, "%a - Bad policy entry contents!\n", __FUNCTION__ ));
+ PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
+ break;
+ }
+
+ PolicyCommmHeader->Result = RegisterVariablePolicy( PolicyEntry );
+ break;
+
+ case VAR_CHECK_POLICY_COMMAND_DUMP:
+ // Make sure that we're dealing with a reasonable size.
+ // This add should be safe because these are fixed sizes so far.
+ ExpectedSize += sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS) + VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
+ if (InternalCommBufferSize < ExpectedSize) {
+ DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, InternalCommBufferSize, ExpectedSize ));
+ PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
+ break;
+ }
+
+ // Now that we know we've got a valid size, we can fill in the rest of the data.
+ DumpParamsIn = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(InternalPolicyCommmHeader + 1);
+ DumpParamsOut = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(PolicyCommmHeader + 1);
+
+ // If we're requesting the first page, initialize the cache and get the sizes.
+ if (DumpParamsIn->PageRequested == 0) {
+ if (mPaginationCache != NULL) {
+ FreePool (mPaginationCache);
+ mPaginationCache = NULL;
+ }
+
+ // Determine what the required size is going to be.
+ DumpParamsOut->TotalSize = 0;
+ DumpParamsOut->PageSize = 0;
+ DumpParamsOut->HasMore = FALSE;
+ SubCommandStatus = DumpVariablePolicy (NULL, &TempSize);
+ if (SubCommandStatus == EFI_BUFFER_TOO_SMALL && TempSize > 0) {
+ mCurrentPaginationCommand = VAR_CHECK_POLICY_COMMAND_DUMP;
+ mPaginationCacheSize = TempSize;
+ DumpParamsOut->TotalSize = TempSize;
+ mPaginationCache = AllocatePool (mPaginationCacheSize);
+ if (mPaginationCache == NULL) {
+ SubCommandStatus = EFI_OUT_OF_RESOURCES;
+ }
+ }
+
+ // If we've allocated our pagination cache, we're good to cache.
+ if (mPaginationCache != NULL) {
+ SubCommandStatus = DumpVariablePolicy (mPaginationCache, &TempSize);
+ }
+
+ // Populate the remaining fields and we can boogie.
+ if (!EFI_ERROR (SubCommandStatus) && mPaginationCache != NULL) {
+ DumpParamsOut->HasMore = TRUE;
+ }
+ } else if (mPaginationCache != NULL) {
+ DumpParamsOut->TotalSize = (UINT32)mPaginationCacheSize;
+ DumpOutputBuffer = (UINT8*)(DumpParamsOut + 1);
+
+ // Make sure that we don't over-index the cache.
+ DumpTotalPages = mPaginationCacheSize / VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
+ if (mPaginationCacheSize % VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE != 0) {
+ DumpTotalPages++;
+ }
+ if (DumpParamsIn->PageRequested > DumpTotalPages) {
+ SubCommandStatus = EFI_INVALID_PARAMETER;
+ } else {
+ // Figure out how far into the page cache we need to go for our next page.
+ // We know the blind subtraction won't be bad because we already checked for page 0.
+ DumpInputBuffer = &mPaginationCache[VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE * (DumpParamsIn->PageRequested - 1)];
+ TempSize = VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
+ // If we're getting the last page, adjust the PageSize.
+ if (DumpParamsIn->PageRequested == DumpTotalPages) {
+ TempSize = mPaginationCacheSize % VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
+ }
+ CopyMem (DumpOutputBuffer, DumpInputBuffer, TempSize);
+ DumpParamsOut->PageSize = TempSize;
+ // If we just got the last page, settle up the cache.
+ if (DumpParamsIn->PageRequested == DumpTotalPages) {
+ DumpParamsOut->HasMore = FALSE;
+ FreePool (mPaginationCache);
+ mPaginationCache = NULL;
+ mPaginationCacheSize = 0;
+ mCurrentPaginationCommand = 0;
+ // Otherwise, we could do more here.
+ } else {
+ DumpParamsOut->HasMore = TRUE;
+ }
+
+ // If we made it this far, we're basically good.
+ SubCommandStatus = EFI_SUCCESS;
+ }
+ // If we've requested any other page than 0 and the cache is empty, we must have timed out.
+ } else {
+ DumpParamsOut->TotalSize = 0;
+ DumpParamsOut->PageSize = 0;
+ DumpParamsOut->HasMore = FALSE;
+ SubCommandStatus = EFI_TIMEOUT;
+ }
+
+ // There's currently no use for this, but it shouldn't be hard to implement.
+ PolicyCommmHeader->Result = SubCommandStatus;
+ break;
+
+ case VAR_CHECK_POLICY_COMMAND_LOCK:
+ PolicyCommmHeader->Result = LockVariablePolicy();
+ break;
+
+ default:
+ // Mark unknown requested command as EFI_UNSUPPORTED.
+ DEBUG(( DEBUG_INFO, "%a - Invalid command requested! %d\n", __FUNCTION__, PolicyCommmHeader->Command ));
+ PolicyCommmHeader->Result = EFI_UNSUPPORTED;
+ break;
+ }
+
+ DEBUG(( DEBUG_VERBOSE, "%a - Command %d returning %r.\n", __FUNCTION__,
+ PolicyCommmHeader->Command, PolicyCommmHeader->Result ));
+
+ return Status;
+}
+
+
+/**
+ Constructor function of VarCheckPolicyLib to register VarCheck handler and
+ SW MMI handlers.
+
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The constructor executed correctly.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckPolicyLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE DiscardedHandle;
+
+ // Initialize the business logic with the internal GetVariable handler.
+ Status = InitVariablePolicyLib( VariableServiceGetVariable );
+
+ // Only proceed with init if the business logic could be initialized.
+ if (!EFI_ERROR( Status )) {
+ // Register the VarCheck handler for SetVariable filtering.
+ // Forward the check to the business logic of the library.
+ VarCheckLibRegisterSetVariableCheckHandler( ValidateSetVariable );
+
+ // Register the MMI handlers for receiving policy commands.
+ DiscardedHandle = NULL;
+ Status = gMmst->MmiHandlerRegister( VarCheckPolicyLibMmiHandler,
+ &gVarCheckPolicyLibMmiHandlerGuid,
+ &DiscardedHandle );
+ }
+ // Otherwise, there's not much we can do.
+ else {
+ DEBUG(( DEBUG_ERROR, "%a - Cannot Initialize VariablePolicyLib! %r\n", __FUNCTION__, Status ));
+ ASSERT_EFI_ERROR( Status );
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
new file mode 100644
index 000000000000..77bcc62f3ccf
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
@@ -0,0 +1,54 @@
+/** @file -- VarCheckPolicyMmiCommon.h
+This header contains communication definitions that are shared between DXE
+and the MM component of VarCheckPolicy.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _VAR_CHECK_POLICY_MMI_COMMON_H_
+#define _VAR_CHECK_POLICY_MMI_COMMON_H_
+
+#define VAR_CHECK_POLICY_COMM_SIG SIGNATURE_32('V', 'C', 'P', 'C')
+#define VAR_CHECK_POLICY_COMM_REVISION 1
+
+#pragma pack(push, 1)
+
+typedef struct _VAR_CHECK_POLICY_COMM_HEADER {
+ UINT32 Signature;
+ UINT32 Revision;
+ UINT32 Command;
+ EFI_STATUS Result;
+} VAR_CHECK_POLICY_COMM_HEADER;
+
+typedef struct _VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS {
+ BOOLEAN State;
+} VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS;
+
+typedef struct _VAR_CHECK_POLICY_COMM_DUMP_PARAMS {
+ UINT32 PageRequested;
+ UINT32 TotalSize;
+ UINT32 PageSize;
+ BOOLEAN HasMore;
+} VAR_CHECK_POLICY_COMM_DUMP_PARAMS;
+
+#pragma pack(pop)
+
+// Make sure that we will hold at least the headers.
+#define VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE MAX((OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof (VAR_CHECK_POLICY_COMM_HEADER) + EFI_PAGES_TO_SIZE(1)), EFI_PAGES_TO_SIZE(4))
+#define VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \
+ (OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + \
+ sizeof(VAR_CHECK_POLICY_COMM_HEADER) + \
+ sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS)))
+STATIC_ASSERT (
+ VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE < VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE,
+ "an integer underflow may have occurred calculating VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE"
+ );
+
+#define VAR_CHECK_POLICY_COMMAND_DISABLE 0x0001
+#define VAR_CHECK_POLICY_COMMAND_IS_ENABLED 0x0002
+#define VAR_CHECK_POLICY_COMMAND_REGISTER 0x0003
+#define VAR_CHECK_POLICY_COMMAND_DUMP 0x0004
+#define VAR_CHECK_POLICY_COMMAND_LOCK 0x0005
+
+#endif // _VAR_CHECK_POLICY_MMI_COMMON_H_
diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
new file mode 100644
index 000000000000..077bcc8990ca
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
@@ -0,0 +1,42 @@
+## @file VarCheckPolicyLib.inf
+# This is an instance of a VarCheck lib that leverages the business logic behind
+# the VariablePolicy code to make its decisions.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = VarCheckPolicyLib
+ FILE_GUID = 9C28A48F-C884-4B1F-8B95-DEF125448023
+ MODULE_TYPE = DXE_RUNTIME_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER
+ CONSTRUCTOR = VarCheckPolicyLibConstructor
+
+
+[Sources]
+ VarCheckPolicyLib.c
+
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ BaseMemoryLib
+ DxeServicesLib
+ MemoryAllocationLib
+ VarCheckLib
+ VariablePolicyLib
+ VariablePolicyHelperLib
+ SafeIntLib
+ MmServicesTableLib
+
+
+[Guids]
+ gVarCheckPolicyLibMmiHandlerGuid ## CONSUME ## Used to register for MM Communication events.
diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
new file mode 100644
index 000000000000..eedeeed15d31
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
@@ -0,0 +1,12 @@
+// /** @file
+// VarCheckPolicyLib.uni
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "NULL library implementation that conforms to the VarCheck interface to allow VariablePolicy engine to enforce policies"
+
+#string STR_MODULE_DESCRIPTION #language en-US "NULL library implementation that conforms to the VarCheck interface to allow VariablePolicy engine to enforce policies"
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 51f7f9d7246a..00075528198d 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -385,6 +385,10 @@ [Guids]
## Include/Guid/EndofS3Resume.h
gEdkiiEndOfS3ResumeGuid = { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }
+ ## Used (similar to Variable Services) to communicate policies to the enforcement engine.
+ # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}
+ gVarCheckPolicyLibMmiHandlerGuid = { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}
+
## Include/Guid/S3SmmInitDone.h
gEdkiiS3SmmInitDoneGuid = { 0x8f9d4825, 0x797d, 0x48fc, { 0x84, 0x71, 0x84, 0x50, 0x25, 0x79, 0x2e, 0xf6 } }
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 906550929002..90165ca443bf 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -313,6 +313,7 @@ [Components]
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
+ MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
@@ -458,6 +459,7 @@ [Components.IA32, Components.X64]
MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 05/13] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (3 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 04/13] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 06/13] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Bret Barkelew
` (9 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jordan Justen, Laszlo Ersek, Ard Biesheuvel, Bret Barkelew
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +++++
OvmfPkg/OvmfPkgX64.dsc | 5 +++++
OvmfPkg/OvmfXen.dsc | 4 ++++
4 files changed, 19 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 58d9f292f9ac..8a45a95d51d5 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -3,6 +3,7 @@
#
# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -198,6 +199,8 @@ [LibraryClasses]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
#
@@ -337,6 +340,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.UEFI_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -968,6 +972,7 @@ [Components]
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
}
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3551f9710a6c..2ce5c2681d26 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -3,6 +3,7 @@
#
# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -202,6 +203,8 @@ [LibraryClasses]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
#
@@ -341,6 +344,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.UEFI_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -983,6 +987,7 @@ [Components.X64]
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
}
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 7a8bdb8a8697..66fb264149fc 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -3,6 +3,7 @@
#
# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -202,6 +203,8 @@ [LibraryClasses]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
#
@@ -341,6 +344,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.UEFI_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -979,6 +983,7 @@ [Components]
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
}
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 34c9de19dfba..26c29e083948 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -4,6 +4,7 @@
# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) 2019, Citrix Systems, Inc.
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -183,6 +184,8 @@ [LibraryClasses]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
#
@@ -291,6 +294,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.UEFI_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 06/13] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (4 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 05/13] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 07/13] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Bret Barkelew
` (8 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jordan Justen, Andrew Fish, Ray Ni, Bret Barkelew
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index a27cb1beb0f1..c48e36a72c60 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -6,6 +6,7 @@
#
# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2010 - 2011, Apple Inc. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -108,6 +109,8 @@ [LibraryClasses]
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 07/13] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (5 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 06/13] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 08/13] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Bret Barkelew
` (7 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Laszlo Ersek, Ard Biesheuvel, Leif Lindholm, Bret Barkelew
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 4dafd1fa0f1d..9ec92930472d 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -2,6 +2,7 @@
# Copyright (c) 2011-2015, ARM Limited. All rights reserved.
# Copyright (c) 2014, Linaro Limited. All rights reserved.
# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -174,6 +175,8 @@ [LibraryClasses.common]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
@@ -247,6 +250,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
!if $(TARGET) != RELEASE
DebugLib|MdePkg/Library/DxeRuntimeDebugLibSerialPort/DxeRuntimeDebugLibSerialPort.inf
!endif
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 08/13] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (6 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 07/13] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 09/13] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Bret Barkelew
` (6 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Maurice Ma, Guo Dong, Benjamin You, Bret Barkelew
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Maurice Ma <maurice.ma@intel.com>
---
UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 ++++
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkgIa32.dsc b/UefiPayloadPkg/UefiPayloadPkgIa32.dsc
index 12d7ffe81416..2206ccdc94c4 100644
--- a/UefiPayloadPkg/UefiPayloadPkgIa32.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkgIa32.dsc
@@ -4,6 +4,7 @@
# Provides drivers and definitions to create uefi payload for bootloaders.
#
# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -208,6 +209,8 @@ [LibraryClasses]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
[LibraryClasses.IA32.SEC]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
@@ -257,6 +260,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
diff --git a/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc b/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
index e18c4678e8e3..cc34fd520b9a 100644
--- a/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
@@ -4,6 +4,7 @@
# Provides drivers and definitions to create uefi payload for bootloaders.
#
# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -209,6 +210,8 @@ [LibraryClasses]
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
[LibraryClasses.IA32.SEC]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
@@ -258,6 +261,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
[LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 09/13] MdeModulePkg: Connect VariablePolicy business logic to VariableServices
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (7 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 08/13] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 10/13] MdeModulePkg: Allow VariablePolicy state to delete protected variables Bret Barkelew
` (5 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.
Add connective code to publish the VariablePolicy protocol
and wire it to either the SMM communication interface
or directly into the VariablePolicyLib business logic.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 2 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
7 files changed, 670 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
index 7d2b6c8e1fad..0fca0bb2a9b5 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
@@ -5,18 +5,34 @@
Copyright (C) 2013, Red Hat, Inc.
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Variable.h"
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+
+EFI_STATUS
+EFIAPI
+ProtocolIsVariablePolicyEnabled (
+ OUT BOOLEAN *State
+ );
+
EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
VOID *mFtwRegistration = NULL;
VOID ***mVarCheckAddressPointer = NULL;
UINTN mVarCheckAddressPointerCount = 0;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
+EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol = { EDKII_VARIABLE_POLICY_PROTOCOL_REVISION,
+ DisableVariablePolicy,
+ ProtocolIsVariablePolicyEnabled,
+ RegisterVariablePolicy,
+ DumpVariablePolicy,
+ LockVariablePolicy };
EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet };
@@ -282,8 +298,13 @@ OnReadyToBoot (
VOID *Context
)
{
+ EFI_STATUS Status;
+
if (!mEndOfDxe) {
MorLockInitAtEndOfDxe ();
+
+ Status = LockVariablePolicy ();
+ ASSERT_EFI_ERROR (Status);
//
// Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.
//
@@ -322,8 +343,12 @@ OnEndOfDxe (
VOID *Context
)
{
+ EFI_STATUS Status;
+
DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
MorLockInitAtEndOfDxe ();
+ Status = LockVariablePolicy ();
+ ASSERT_EFI_ERROR (Status);
mEndOfDxe = TRUE;
mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);
//
@@ -466,6 +491,28 @@ FtwNotificationEvent (
}
+/**
+ This API function returns whether or not the policy engine is
+ currently being enforced.
+
+ @param[out] State Pointer to a return value for whether the policy enforcement
+ is currently enabled.
+
+ @retval EFI_SUCCESS
+ @retval Others An error has prevented this command from completing.
+
+**/
+EFI_STATUS
+EFIAPI
+ProtocolIsVariablePolicyEnabled (
+ OUT BOOLEAN *State
+ )
+{
+ *State = IsVariablePolicyEnabled ();
+ return EFI_SUCCESS;
+}
+
+
/**
Variable Driver main entry point. The Variable driver places the 4 EFI
runtime services in the EFI System Table and installs arch protocols
@@ -576,6 +623,19 @@ VariableServiceInitialize (
);
ASSERT_EFI_ERROR (Status);
+ // Register and initialize the VariablePolicy engine.
+ Status = InitVariablePolicyLib (VariableServiceGetVariable);
+ ASSERT_EFI_ERROR (Status);
+ Status = VarCheckRegisterSetVariableCheckHandler (ValidateSetVariable);
+ ASSERT_EFI_ERROR (Status);
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mHandle,
+ &gEdkiiVariablePolicyProtocolGuid,
+ &mVariablePolicyProtocol,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
new file mode 100644
index 000000000000..6ae69dffe025
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
@@ -0,0 +1,573 @@
+/** @file -- VariablePolicySmmDxe.c
+This protocol allows communication with Variable Policy Engine.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/UefiLib.h>
+#include <Library/DebugLib.h>
+#include <Library/SafeIntLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Protocol/MmCommunication2.h>
+
+#include <Guid/VarCheckPolicyMmi.h>
+
+#include "Variable.h"
+
+EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol;
+EFI_MM_COMMUNICATION2_PROTOCOL *mMmCommunication;
+
+VOID *mMmCommunicationBuffer;
+UINTN mMmCommunicationBufferSize;
+EFI_LOCK mMmCommunicationLock;
+
+/**
+ Internal helper function to consolidate communication method.
+
+ @param[in,out] CommBuffer
+ @param[in,out] CommSize Size of the CommBuffer.
+
+ @retval EFI_STATUS Result from communication method.
+
+**/
+STATIC
+EFI_STATUS
+InternalMmCommunicate (
+ IN OUT VOID *CommBuffer,
+ IN OUT UINTN *CommSize
+ )
+{
+ EFI_STATUS Status;
+ if (CommBuffer == NULL || CommSize == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ Status = mMmCommunication->Communicate (mMmCommunication, CommBuffer, CommBuffer, CommSize);
+ return Status;
+}
+
+
+/**
+ This API function disables the variable policy enforcement. If it's
+ already been called once, will return EFI_ALREADY_STARTED.
+
+ @retval EFI_SUCCESS
+ @retval EFI_ALREADY_STARTED Has already been called once this boot.
+ @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.
+ @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+ProtocolDisableVariablePolicy (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_MM_COMMUNICATE_HEADER *CommHeader;
+ VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
+ UINTN BufferSize;
+
+ // Check the PCD for convenience.
+ // This would also be rejected by the lib, but why go to MM if we don't have to?
+ if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {
+ return EFI_WRITE_PROTECTED;
+ }
+
+ AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ // Set up the MM communication.
+ BufferSize = mMmCommunicationBufferSize;
+ CommHeader = mMmCommunicationBuffer;
+ PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
+ CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
+ CommHeader->MessageLength = BufferSize;
+ PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
+ PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
+ PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_DISABLE;
+
+ Status = InternalMmCommunicate (CommHeader, &BufferSize);
+ DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
+
+ ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ return (EFI_ERROR( Status )) ? Status : PolicyHeader->Result;
+}
+
+
+/**
+ This API function returns whether or not the policy engine is
+ currently being enforced.
+
+ @param[out] State Pointer to a return value for whether the policy enforcement
+ is currently enabled.
+
+ @retval EFI_SUCCESS
+ @retval Others An error has prevented this command from completing.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+ProtocolIsVariablePolicyEnabled (
+ OUT BOOLEAN *State
+ )
+{
+ EFI_STATUS Status;
+ EFI_MM_COMMUNICATE_HEADER *CommHeader;
+ VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
+ VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *CommandParams;
+ UINTN BufferSize;
+
+ if (State == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ // Set up the MM communication.
+ BufferSize = mMmCommunicationBufferSize;
+ CommHeader = mMmCommunicationBuffer;
+ PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
+ CommandParams = (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)(PolicyHeader + 1);
+ CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
+ CommHeader->MessageLength = BufferSize;
+ PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
+ PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
+ PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_IS_ENABLED;
+
+ Status = InternalMmCommunicate (CommHeader, &BufferSize);
+ DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
+
+ if (!EFI_ERROR( Status )) {
+ Status = PolicyHeader->Result;
+ *State = CommandParams->State;
+ }
+
+ ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ return Status;
+}
+
+
+/**
+ This API function validates and registers a new policy with
+ the policy enforcement engine.
+
+ @param[in] NewPolicy Pointer to the incoming policy structure.
+
+ @retval EFI_SUCCESS
+ @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.
+ @retval EFI_ALREADY_STARTED An identical matching policy already exists.
+ @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.
+ @retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.
+ @retval EFI_ABORTED A calculation error has prevented this function from completing.
+ @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+ProtocolRegisterVariablePolicy (
+ IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
+ )
+{
+ EFI_STATUS Status;
+ EFI_MM_COMMUNICATE_HEADER *CommHeader;
+ VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
+ VOID *PolicyBuffer;
+ UINTN BufferSize;
+ UINTN RequiredSize;
+
+ if (NewPolicy == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // First, make sure that the required size does not exceed the capabilities
+ // of the MmCommunication buffer.
+ RequiredSize = OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof(VAR_CHECK_POLICY_COMM_HEADER);
+ Status = SafeUintnAdd( RequiredSize, NewPolicy->Size, &RequiredSize );
+ if (EFI_ERROR( Status ) || RequiredSize > mMmCommunicationBufferSize) {
+ DEBUG(( DEBUG_ERROR, "%a - Policy too large for buffer! %r, %d > %d \n", __FUNCTION__,
+ Status, RequiredSize, mMmCommunicationBufferSize ));
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ // Set up the MM communication.
+ BufferSize = mMmCommunicationBufferSize;
+ CommHeader = mMmCommunicationBuffer;
+ PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
+ PolicyBuffer = (VOID*)(PolicyHeader + 1);
+ CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
+ CommHeader->MessageLength = BufferSize;
+ PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
+ PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
+ PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_REGISTER;
+
+ // Copy the policy into place. This copy is safe because we've already tested above.
+ CopyMem( PolicyBuffer, NewPolicy, NewPolicy->Size );
+
+ Status = InternalMmCommunicate (CommHeader, &BufferSize);
+ DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
+
+ ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ return (EFI_ERROR( Status )) ? Status : PolicyHeader->Result;
+}
+
+
+/**
+ This helper function takes care of the overhead of formatting, sending, and interpreting
+ the results for a single DumpVariablePolicy request.
+
+ @param[in] PageRequested The page of the paginated results from MM. 0 for metadata.
+ @param[out] TotalSize The total size of the entire buffer. Returned as part of metadata.
+ @param[out] PageSize The size of the current page being returned. Not valid as part of metadata.
+ @param[out] HasMore A flag indicating whether there are more pages after this one.
+ @param[out] Buffer The start of the current page from MM.
+
+ @retval EFI_SUCCESS Output params have been updated (either metadata or dump page).
+ @retval EFI_INVALID_PARAMETER One of the output params is NULL.
+ @retval Others Response from MM handler.
+
+**/
+STATIC
+EFI_STATUS
+DumpVariablePolicyHelper (
+ IN UINT32 PageRequested,
+ OUT UINT32 *TotalSize,
+ OUT UINT32 *PageSize,
+ OUT BOOLEAN *HasMore,
+ OUT UINT8 **Buffer
+ )
+{
+ EFI_STATUS Status;
+ EFI_MM_COMMUNICATE_HEADER *CommHeader;
+ VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
+ VAR_CHECK_POLICY_COMM_DUMP_PARAMS *CommandParams;
+ UINTN BufferSize;
+
+ if (TotalSize == NULL || PageSize == NULL || HasMore == NULL || Buffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Set up the MM communication.
+ BufferSize = mMmCommunicationBufferSize;
+ CommHeader = mMmCommunicationBuffer;
+ PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
+ CommandParams = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(PolicyHeader + 1);
+ CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
+ CommHeader->MessageLength = BufferSize;
+ PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
+ PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
+ PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_DUMP;
+
+ CommandParams->PageRequested = PageRequested;
+
+ Status = InternalMmCommunicate (CommHeader, &BufferSize);
+ DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
+
+ if (!EFI_ERROR( Status )) {
+ Status = PolicyHeader->Result;
+ *TotalSize = CommandParams->TotalSize;
+ *PageSize = CommandParams->PageSize;
+ *HasMore = CommandParams->HasMore;
+ *Buffer = (UINT8*)(CommandParams + 1);
+ }
+
+ return Status;
+}
+
+
+/**
+ This API function will dump the entire contents of the variable policy table.
+
+ Similar to GetVariable, the first call can be made with a 0 size and it will return
+ the size of the buffer required to hold the entire table.
+
+ @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.
+ @param[in,out] Size On input, the size of the output buffer. On output, the size
+ of the data returned.
+
+ @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.
+ @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+ProtocolDumpVariablePolicy (
+ OUT UINT8 *Policy OPTIONAL,
+ IN OUT UINT32 *Size
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Source;
+ UINT8 *Destination;
+ UINT32 PolicySize;
+ UINT32 PageSize;
+ BOOLEAN HasMore;
+ UINT32 PageIndex;
+
+ if (Size == NULL || (*Size > 0 && Policy == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ // Repeat this whole process until we either have a failure case or get the entire buffer.
+ do {
+ // First, we must check the zero page to determine the buffer size and
+ // reset the internal state.
+ PolicySize = 0;
+ PageSize = 0;
+ HasMore = FALSE;
+ Status = DumpVariablePolicyHelper (0, &PolicySize, &PageSize, &HasMore, &Source);
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
+ // If we're good, we can at least check the required size now.
+ if (*Size < PolicySize) {
+ *Size = PolicySize;
+ Status = EFI_BUFFER_TOO_SMALL;
+ break;
+ }
+
+ // On further thought, let's update the size either way.
+ *Size = PolicySize;
+ // And get ready to ROCK.
+ Destination = Policy;
+
+ // Keep looping and copying until we're either done or freak out.
+ for (PageIndex = 1; !EFI_ERROR (Status) && HasMore && PageIndex < MAX_UINT32; PageIndex++) {
+ Status = DumpVariablePolicyHelper (PageIndex, &PolicySize, &PageSize, &HasMore, &Source);
+ if (!EFI_ERROR (Status)) {
+ CopyMem (Destination, Source, PageSize);
+ Destination += PageSize;
+ }
+ }
+
+ // Next, we check to see whether
+ } while (Status == EFI_TIMEOUT);
+
+ ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ // There's currently no use for this, but it shouldn't be hard to implement.
+ return Status;
+}
+
+
+/**
+ This API function locks the interface so that no more policy updates
+ can be performed or changes made to the enforcement until the next boot.
+
+ @retval EFI_SUCCESS
+ @retval Others An error has prevented this command from completing.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+ProtocolLockVariablePolicy (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_MM_COMMUNICATE_HEADER *CommHeader;
+ VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
+ UINTN BufferSize;
+
+ AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ // Set up the MM communication.
+ BufferSize = mMmCommunicationBufferSize;
+ CommHeader = mMmCommunicationBuffer;
+ PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
+ CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
+ CommHeader->MessageLength = BufferSize;
+ PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
+ PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
+ PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_LOCK;
+
+ Status = InternalMmCommunicate (CommHeader, &BufferSize);
+ DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
+
+ ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
+
+ return (EFI_ERROR( Status )) ? Status : PolicyHeader->Result;
+}
+
+
+/**
+ This helper function locates the shared comm buffer and assigns it to input pointers.
+
+ @param[in,out] BufferSize On input, the minimum buffer size required INCLUDING the MM communicate header.
+ On output, the size of the matching buffer found.
+ @param[out] LocatedBuffer A pointer to the matching buffer.
+
+ @retval EFI_SUCCESS
+ @retval EFI_INVALID_PARAMETER One of the output pointers was NULL.
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to allocate a comm buffer.
+
+**/
+STATIC
+EFI_STATUS
+InitMmCommonCommBuffer (
+ IN OUT UINTN *BufferSize,
+ OUT VOID **LocatedBuffer
+ )
+{
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
+ // Make sure that we're working with good pointers.
+ if (BufferSize == NULL || LocatedBuffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Allocate the runtime memory for the comm buffer.
+ *LocatedBuffer = AllocateRuntimePool (*BufferSize);
+ if (*LocatedBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ *BufferSize = 0;
+ }
+
+ EfiInitializeLock (&mMmCommunicationLock, TPL_NOTIFY);
+
+ return Status;
+}
+
+
+/**
+ Convert internal pointer addresses to virtual addresses.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[in] Context The pointer to the notification function's context, which
+ is implementation-dependent.
+**/
+STATIC
+VOID
+EFIAPI
+VariablePolicyVirtualAddressCallback (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ EfiConvertPointer (0, (VOID **)&mMmCommunication);
+ EfiConvertPointer (0, (VOID **)&mMmCommunicationBuffer);
+}
+
+
+/**
+ The driver's entry point.
+
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The entry point executed successfully.
+ @retval other Some error occured when executing this entry point.
+
+**/
+EFI_STATUS
+EFIAPI
+VariablePolicySmmDxeMain (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ BOOLEAN ProtocolInstalled;
+ BOOLEAN VirtualAddressChangeRegistered;
+ EFI_EVENT VirtualAddressChangeEvent;
+
+ Status = EFI_SUCCESS;
+ ProtocolInstalled = FALSE;
+ VirtualAddressChangeRegistered = FALSE;
+
+ // Update the minimum buffer size.
+ mMmCommunicationBufferSize = VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE;
+ // Locate the shared comm buffer to use for sending MM commands.
+ Status = InitMmCommonCommBuffer( &mMmCommunicationBufferSize, &mMmCommunicationBuffer );
+ if (EFI_ERROR( Status )) {
+ DEBUG((DEBUG_ERROR, "%a - Failed to locate a viable MM comm buffer! %r\n", __FUNCTION__, Status));
+ ASSERT_EFI_ERROR( Status );
+ return Status;
+ }
+
+ // Locate the MmCommunication protocol.
+ Status = gBS->LocateProtocol( &gEfiMmCommunication2ProtocolGuid, NULL, (VOID**)&mMmCommunication );
+ if (EFI_ERROR( Status )) {
+ DEBUG((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol! %r\n", __FUNCTION__, Status));
+ ASSERT_EFI_ERROR( Status );
+ return Status;
+ }
+
+ // Configure the VariablePolicy protocol structure.
+ mVariablePolicyProtocol.Revision = EDKII_VARIABLE_POLICY_PROTOCOL_REVISION;
+ mVariablePolicyProtocol.DisableVariablePolicy = ProtocolDisableVariablePolicy;
+ mVariablePolicyProtocol.IsVariablePolicyEnabled = ProtocolIsVariablePolicyEnabled;
+ mVariablePolicyProtocol.RegisterVariablePolicy = ProtocolRegisterVariablePolicy;
+ mVariablePolicyProtocol.DumpVariablePolicy = ProtocolDumpVariablePolicy;
+ mVariablePolicyProtocol.LockVariablePolicy = ProtocolLockVariablePolicy;
+
+ // Register all the protocols and return the status.
+ Status = gBS->InstallMultipleProtocolInterfaces( &ImageHandle,
+ &gEdkiiVariablePolicyProtocolGuid, &mVariablePolicyProtocol,
+ NULL );
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Failed to install protocol! %r\n", __FUNCTION__, Status ));
+ goto Exit;
+ }
+ else {
+ ProtocolInstalled = TRUE;
+ }
+
+ // Normally, we might want to register a callback
+ // to lock the interface, but this is integrated
+ // into the existing callbacks in VaraiableSmm.c
+ // and VariableDxe.c.
+
+ //
+ // Register a VirtualAddressChange callback for the MmComm protocol and Comm buffer.
+ Status = gBS->CreateEventEx (EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ VariablePolicyVirtualAddressCallback,
+ NULL,
+ &gEfiEventVirtualAddressChangeGuid,
+ &VirtualAddressChangeEvent);
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Failed to create VirtualAddressChange event! %r\n", __FUNCTION__, Status ));
+ goto Exit;
+ }
+ else {
+ VirtualAddressChangeRegistered = TRUE;
+ }
+
+
+Exit:
+ //
+ // If we're about to return a failed status (and unload this driver), we must first undo anything that
+ // has been successfully done.
+ if (EFI_ERROR( Status )) {
+ if (ProtocolInstalled) {
+ gBS->UninstallProtocolInterface( &ImageHandle, &gEdkiiVariablePolicyProtocolGuid, &mVariablePolicyProtocol );
+ }
+ if (VirtualAddressChangeRegistered) {
+ gBS->CloseEvent( VirtualAddressChangeEvent );
+ }
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index caca5c32411b..014aa7985046 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -27,6 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/SmmVarCheck.h>
#include <Library/MmServicesTableLib.h>
+#include <Library/VariablePolicyLib.h>
#include <Guid/SmmVariableCommon.h>
#include "Variable.h"
@@ -689,6 +690,8 @@ SmmVariableHandler (
}
if (!mEndOfDxe) {
MorLockInitAtEndOfDxe ();
+ Status = LockVariablePolicy ();
+ ASSERT_EFI_ERROR (Status);
mEndOfDxe = TRUE;
VarCheckLibInitializeAtEndOfDxe (NULL);
//
@@ -974,8 +977,12 @@ SmmEndOfDxeCallback (
IN EFI_HANDLE Handle
)
{
+ EFI_STATUS Status;
+
DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n"));
MorLockInitAtEndOfDxe ();
+ Status = LockVariablePolicy ();
+ ASSERT_EFI_ERROR (Status);
mEndOfDxe = TRUE;
VarCheckLibInitializeAtEndOfDxe (NULL);
//
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
index 663a1aaa128f..c47e614d81f4 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
@@ -65,6 +65,17 @@ EFI_LOCK mVariableServicesLock;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
EDKII_VAR_CHECK_PROTOCOL mVarCheck;
+/**
+ The logic to initialize the VariablePolicy engine is in its own file.
+
+**/
+EFI_STATUS
+EFIAPI
+VariablePolicySmmDxeMain (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
+
/**
Some Secure Boot Policy Variable may update following other variable changes(SecureBoot follows PK change, etc).
Record their initial State when variable write service is ready.
@@ -1796,6 +1807,9 @@ VariableSmmRuntimeInitialize (
&mVirtualAddressChangeEvent
);
+ // Initialize the VariablePolicy protocol and engine.
+ VariablePolicySmmDxeMain (ImageHandle, SystemTable);
+
return EFI_SUCCESS;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index ceea5d1ff9ac..48ac167906f7 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -10,6 +10,7 @@
# buffer overflow or integer overflow.
#
# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -69,6 +70,7 @@ [LibraryClasses]
TpmMeasurementLib
AuthVariableLib
VarCheckLib
+ VariablePolicyLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index bc3033588d40..bbc8d2080193 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -19,6 +19,7 @@
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -78,6 +79,8 @@ [LibraryClasses]
AuthVariableLib
VarCheckLib
UefiBootServicesTableLib
+ VariablePolicyLib
+ VariablePolicyHelperLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
index 01564e4c5068..b6dbc839e023 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
@@ -14,6 +14,7 @@
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -42,6 +43,7 @@ [Sources]
VariableParsing.c
VariableParsing.h
Variable.h
+ VariablePolicySmmDxe.c
[Packages]
MdePkg/MdePkg.dec
@@ -56,6 +58,8 @@ [LibraryClasses]
DxeServicesTableLib
UefiDriverEntryPoint
TpmMeasurementLib
+ SafeIntLib
+ PcdLib
[Protocols]
gEfiVariableWriteArchProtocolGuid ## PRODUCES
@@ -67,11 +71,15 @@ [Protocols]
gEfiSmmVariableProtocolGuid
gEdkiiVariableLockProtocolGuid ## PRODUCES
gEdkiiVarCheckProtocolGuid ## PRODUCES
+ gEdkiiVariablePolicyProtocolGuid ## PRODUCES
[FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable ## CONSUMES
+
[Guids]
## PRODUCES ## GUID # Signature of Variable store header
## CONSUMES ## GUID # Signature of Variable store header
@@ -99,6 +107,9 @@ [Guids]
## SOMETIMES_CONSUMES ## Variable:L"dbt"
gEfiImageSecurityDatabaseGuid
+ gVarCheckPolicyLibMmiHandlerGuid
+ gEfiEndOfDxeEventGroupGuid
+
[Depex]
gEfiMmCommunication2ProtocolGuid
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 10/13] MdeModulePkg: Allow VariablePolicy state to delete protected variables
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (8 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 09/13] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 11/13] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Bret Barkelew
` (4 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
TcgMorLockSmm provides special protections for
the TCG MOR variables. This will check
IsVariablePolicyEnabled() before enforcing
them to allow variable deletion when policy
engine is disabled.
Only allows deletion, not modification.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 10 ++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 2 ++
2 files changed, 12 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index 6d80eb64341a..085f82035f4b 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -5,6 +5,7 @@
This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseMemoryLib.h>
#include "Variable.h"
+#include <Protocol/VariablePolicy.h>
+
+#include <Library/VariablePolicyLib.h>
+
typedef struct {
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
@@ -341,6 +346,11 @@ SetVariableCheckHandlerMor (
return EFI_SUCCESS;
}
+ // Permit deletion when policy is disabled.
+ if (!IsVariablePolicyEnabled() && ((Attributes == 0) || (DataSize == 0))) {
+ return EFI_SUCCESS;
+ }
+
//
// MorLock variable
//
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 6e17f6cdf588..d8f480be27cc 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -20,6 +20,7 @@
#
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -74,6 +75,7 @@ [LibraryClasses]
StandaloneMmDriverEntryPoint
SynchronizationLib
VarCheckLib
+ VariablePolicyLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 11/13] SecurityPkg: Allow VariablePolicy state to delete authenticated variables
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (9 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 10/13] MdeModulePkg: Allow VariablePolicy state to delete protected variables Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 12/13] MdeModulePkg: Change TCG MOR variables to use VariablePolicy Bret Barkelew
` (3 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Causes AuthService to check
IsVariablePolicyEnabled() before enforcing
write protections to allow variable deletion
when policy engine is disabled.
Only allows deletion, not modification.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 ++++++++++++++++----
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 ++
2 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 2f60331f2c04..4fb609504db7 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -19,12 +19,16 @@
to verify the signature.
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "AuthServiceInternal.h"
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+
//
// Public Exponent of RSA Key.
//
@@ -217,9 +221,12 @@ NeedPhysicallyPresent(
IN EFI_GUID *VendorGuid
)
{
- if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
- || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
- return TRUE;
+ // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
+ if (IsVariablePolicyEnabled()) {
+ if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
+ || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
+ return TRUE;
+ }
}
return FALSE;
@@ -842,7 +849,8 @@ ProcessVariable (
&OrgVariableInfo
);
- if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
+ // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
+ if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) {
//
// Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.
//
@@ -1920,6 +1928,12 @@ VerifyTimeBasedPayload (
PayloadPtr = SigData + SigDataSize;
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
+ // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
+ if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {
+ VerifyStatus = TRUE;
+ goto Exit;
+ }
+
//
// Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes
// parameters of the SetVariable() call and the TimeStamp component of the
@@ -2173,8 +2187,12 @@ VerifyTimeBasedPayload (
Exit:
if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {
- Pkcs7FreeSigners (TopLevelCert);
- Pkcs7FreeSigners (SignerCerts);
+ if (TopLevelCert != NULL) {
+ Pkcs7FreeSigners (TopLevelCert);
+ }
+ if (SignerCerts != NULL) {
+ Pkcs7FreeSigners (SignerCerts);
+ }
}
if (!VerifyStatus) {
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
index 8d4ce14df494..8eadeebcebd7 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
@@ -3,6 +3,7 @@
#
# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2018, ARM Limited. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -41,6 +42,7 @@ [LibraryClasses]
MemoryAllocationLib
BaseCryptLib
PlatformSecureLib
+ VariablePolicyLib
[Guids]
## CONSUMES ## Variable:L"SetupMode"
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 12/13] MdeModulePkg: Change TCG MOR variables to use VariablePolicy
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (10 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 11/13] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 13/13] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Bret Barkelew
` (2 subsequent siblings)
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
These were previously using VarLock, which is
being deprecated.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 ++++++++++++++------
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 52 +++++++++++++++-----
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 2 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 1 +
4 files changed, 82 insertions(+), 25 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
index e7accf4ed806..b85f08c48c11 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
@@ -5,6 +5,7 @@
MOR lock control unsupported.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -17,7 +18,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseMemoryLib.h>
#include "Variable.h"
-extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyHelperLib.h>
/**
This service is an MOR/MorLock checker handler for the SetVariable().
@@ -77,11 +79,6 @@ MorLockInit (
NULL // Data
);
- //
- // Need set this variable to be read-only to prevent other module set it.
- //
- VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid);
-
//
// The MOR variable can effectively improve platform security only when the
// MorLock variable protects the MOR variable. In turn MorLock cannot be made
@@ -99,11 +96,6 @@ MorLockInit (
0, // DataSize
NULL // Data
);
- VariableLockRequestToLock (
- &mVariableLock,
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid
- );
return EFI_SUCCESS;
}
@@ -118,7 +110,39 @@ MorLockInitAtEndOfDxe (
VOID
)
{
- //
- // Do nothing.
- //
+ EFI_STATUS Status;
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
+
+ // First, we obviously need to locate the VariablePolicy protocol.
+ Status = gBS->LocateProtocol( &gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy );
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status ));
+ return;
+ }
+
+ // If we're successful, go ahead and set the policies to protect the target variables.
+ Status = RegisterBasicVariablePolicy( VariablePolicy,
+ &gEfiMemoryOverwriteRequestControlLockGuid,
+ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW );
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status ));
+ }
+ Status = RegisterBasicVariablePolicy( VariablePolicy,
+ &gEfiMemoryOverwriteControlDataGuid,
+ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW );
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status ));
+ }
+
+ return;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index 085f82035f4b..ee37942a6b0c 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Variable.h"
#include <Protocol/VariablePolicy.h>
-
+#include <Library/VariablePolicyHelperLib.h>
#include <Library/VariablePolicyLib.h>
typedef struct {
@@ -422,6 +422,8 @@ MorLockInitAtEndOfDxe (
{
UINTN MorSize;
EFI_STATUS MorStatus;
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *NewPolicy;
if (!mMorLockInitializationRequired) {
//
@@ -494,11 +496,25 @@ MorLockInitAtEndOfDxe (
// The MOR variable is absent; the platform firmware does not support it.
// Lock the variable so that no other module may create it.
//
- VariableLockRequestToLock (
- NULL, // This
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid
- );
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy( &gEfiMemoryOverwriteControlDataGuid,
+ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy );
+ if (!EFI_ERROR( Status )) {
+ Status = RegisterVariablePolicy( NewPolicy );
+ }
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status ));
+ ASSERT_EFI_ERROR( Status );
+ }
+ if (NewPolicy != NULL) {
+ FreePool( NewPolicy );
+ }
//
// Delete the MOR Control Lock variable too (should it exists for some
@@ -514,9 +530,23 @@ MorLockInitAtEndOfDxe (
);
mMorLockPassThru = FALSE;
- VariableLockRequestToLock (
- NULL, // This
- MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
- &gEfiMemoryOverwriteRequestControlLockGuid
- );
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy( &gEfiMemoryOverwriteRequestControlLockGuid,
+ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy );
+ if (!EFI_ERROR( Status )) {
+ Status = RegisterVariablePolicy( NewPolicy );
+ }
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status ));
+ ASSERT_EFI_ERROR( Status );
+ }
+ if (NewPolicy != NULL) {
+ FreePool( NewPolicy );
+ }
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 48ac167906f7..8debc560e6dc 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -71,6 +71,7 @@ [LibraryClasses]
AuthVariableLib
VarCheckLib
VariablePolicyLib
+ VariablePolicyHelperLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -80,6 +81,7 @@ [Protocols]
gEfiVariableWriteArchProtocolGuid ## PRODUCES
gEfiVariableArchProtocolGuid ## PRODUCES
gEdkiiVariableLockProtocolGuid ## PRODUCES
+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES
gEdkiiVarCheckProtocolGuid ## PRODUCES
[Guids]
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index d8f480be27cc..62f2f9252f43 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -76,6 +76,7 @@ [LibraryClasses]
SynchronizationLib
VarCheckLib
VariablePolicyLib
+ VariablePolicyHelperLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [PATCH v9 13/13] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (11 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 12/13] MdeModulePkg: Change TCG MOR variables to use VariablePolicy Bret Barkelew
@ 2020-11-09 6:45 ` Bret Barkelew
2020-11-11 18:43 ` [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-19 12:46 ` Ard Biesheuvel
14 siblings, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-09 6:45 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Liming Gao, Bret Barkelew, Dandan Bi
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Now that everything should be moved to
VariablePolicy, drop support for the
deprecated VarLock SMI interface and
associated functions from variable RuntimeDxe.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-------------
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 1 +
5 files changed, 75 insertions(+), 48 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
index f15219df5eb8..486d85b022e1 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
@@ -3,60 +3,13 @@
and variable lock protocol based on VarCheckLib.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Variable.h"
-/**
- Mark a variable that will become read-only after leaving the DXE phase of execution.
- Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
-
- @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
- @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
- @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
-
- @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
- as pending to be read-only.
- @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
- Or VariableName is an empty string.
- @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
- already been signaled.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
-**/
-EFI_STATUS
-EFIAPI
-VariableLockRequestToLock (
- IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- EFI_STATUS Status;
- VAR_CHECK_VARIABLE_PROPERTY Property;
-
- AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property);
- if (!EFI_ERROR (Status)) {
- Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- } else {
- Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
- Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- Property.Attributes = 0;
- Property.MinSize = 1;
- Property.MaxSize = MAX_UINTN;
- }
- Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property);
-
- DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status));
-
- ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- return Status;
-}
-
/**
Register SetVariable check handler.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
new file mode 100644
index 000000000000..4aa854aaf260
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
@@ -0,0 +1,71 @@
+/** @file -- VariableLockRequestToLock.c
+Temporary location of the RequestToLock shim code while
+projects are moved to VariablePolicy. Should be removed when deprecated.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+#include <Library/VariablePolicyHelperLib.h>
+
+
+/**
+ DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+ Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
+
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
+**/
+EFI_STATUS
+EFIAPI
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *NewPolicy;
+
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy( VendorGuid,
+ VariableName,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy );
+ if (!EFI_ERROR( Status )) {
+ Status = RegisterVariablePolicy( NewPolicy );
+ }
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status ));
+ ASSERT_EFI_ERROR( Status );
+ }
+ if (NewPolicy != NULL) {
+ FreePool( NewPolicy );
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 8debc560e6dc..c9434df631ee 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -49,6 +49,7 @@ [Sources]
VarCheck.c
VariableExLib.c
SpeculationBarrierDxe.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index bbc8d2080193..eaa97a01c6e5 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -58,6 +58,7 @@ [Sources]
VariableExLib.c
TcgMorLockSmm.c
SpeculationBarrierSmm.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 62f2f9252f43..fada0bf3c57f 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -58,6 +58,7 @@ [Sources]
VariableExLib.c
TcgMorLockSmm.c
SpeculationBarrierSmm.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
--
2.28.0.windows.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (12 preceding siblings ...)
2020-11-09 6:45 ` [PATCH v9 13/13] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Bret Barkelew
@ 2020-11-11 18:43 ` Bret Barkelew
2020-11-11 22:34 ` [edk2-devel] " Laszlo Ersek
2020-11-12 14:24 ` 回复: " gaoliming
2020-11-19 12:46 ` Ard Biesheuvel
14 siblings, 2 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-11 18:43 UTC (permalink / raw)
To: edk2-devel-groups-io
[-- Attachment #1: Type: text/plain, Size: 10044 bytes --]
To clarify:
The current solution to the MorLock EndOfDxe issue is to expressly call
LockVariablePolicy() in the same locations that mEndOfDxe is set (which was
the mechanism that previously locked the VariableLock interface). This
solution maintains parity with the old design, which is keeping with the
ethos of minimal changes and similar functionality to VariableLock. It does
not introduce any new dependencies.
The only drawback to this approach is that it preserves the strict ordering
that was also previously required by MorLock, which I will attempt to
address in later updates.
On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
> The 14 patches in this series add the VariablePolicy feature to the core,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding
> libraries,
> a protocol, an SMI communication handler, and VariableServices integration,
> the patches are broken up by individual library additions and then a final
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
>
> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://edk2.groups.io/g/devel/message/53712
> (the code branches shared in that discussion are now out of date, but the
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Bret Barkelew <brbarkel@microsoft.com>
> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> v9 changes:
> * Rebase
> * Address the event ordering issues around MorLock at EndOfDxe
> * Drop problematic tests
> * Address ECC issues
>
> v8 changes:
> * Rebase
> * Small tweaks from final PRs
> * Drank a lot
> * Enrolled several members and a steward in CatFacts
>
> v7 changes:
> * Address comments from Dandan about security of the MM handler
> * Add readme
> * Fix bug around hex characters in BOOT####, etc
> * Add additional testing for hex characters
> * Add additional testing for authenticated variables
>
> v6 changes:
> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
> DeinitVariablePolicyLib()
> * Fix GCC building in shell-based functional test
> * Rebase on latest origin/master
>
> v5 changes:
> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
> * Fix EFIAPI mismatches in the functional unittest
> * Rebase on latest origin/master
>
> v4 changes:
> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
> platforms
> * Rebase on master
> * Migrate to new MmCommunicate2 protocol
> * Fix an oversight in the default return value for InitMmCommonCommBuffer
> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
> variables
>
> V3 changes:
> * Address all non-unittest issues with ECC
> * Make additional style changes
> * Include section name in hunk headers in "ini-style" files
> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
> (now allocates its own buffer)
> * Change names from VARIABLE_POLICY_PROTOCOL and
> gVariablePolicyProtocolGuid
> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
> * Fix GCC warning about initializing externs
> * Add UNI strings for new PCD
> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
> * Reorder patches according to Liming's feedback about adding to platforms
> before changing variable driver
>
> V2 changes:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (13):
> MdeModulePkg: Define the VariablePolicy protocol interface
> MdeModulePkg: Define the VariablePolicyLib
> MdeModulePkg: Define the VariablePolicyHelperLib
> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
> MdeModulePkg: Connect VariablePolicy business logic to
> VariableServices
> MdeModulePkg: Allow VariablePolicy state to delete protected variables
> SecurityPkg: Allow VariablePolicy state to delete authenticated
> variables
> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> | 346 ++++++++
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> | 396 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> | 46 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
> | 85 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> | 830 ++++++++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
> | 52 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
> | 60 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
> | 49 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> | 60 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
> | 71 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> | 573 ++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
> | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
> | 14 +
> SecurityPkg/Library/AuthVariableLib/AuthService.c
> | 30 +-
> ArmVirtPkg/ArmVirt.dsc.inc
> | 4 +
> EmulatorPkg/EmulatorPkg.dsc
> | 3 +
> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> | 54 ++
> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> | 164 ++++
> MdeModulePkg/Include/Library/VariablePolicyLib.h
> | 207 +++++
> MdeModulePkg/Include/Protocol/VariablePolicy.h
> | 157 ++++
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> | 42 +
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> | 12 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> | 35 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> | 12 +
> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
> | 406 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> | 48 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> | 12 +
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
> | 51 ++
> MdeModulePkg/MdeModulePkg.ci.yaml
> | 4 +-
> MdeModulePkg/MdeModulePkg.dec
> | 26 +-
> MdeModulePkg/MdeModulePkg.dsc
> | 9 +
> MdeModulePkg/MdeModulePkg.uni
> | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> | 5 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> | 4 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> | 11 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> | 4 +
> OvmfPkg/OvmfPkgIa32.dsc
> | 5 +
> OvmfPkg/OvmfPkgIa32X64.dsc
> | 5 +
> OvmfPkg/OvmfPkgX64.dsc
> | 5 +
> OvmfPkg/OvmfXen.dsc
> | 4 +
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> | 2 +
> UefiPayloadPkg/UefiPayloadPkgIa32.dsc
> | 4 +
> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
> | 4 +
> 43 files changed, 3845 insertions(+), 80 deletions(-)
> create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
> create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
> create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
> --
> 2.28.0.windows.1
>
>
[-- Attachment #2: Type: text/html, Size: 13491 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-11 18:43 ` [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
@ 2020-11-11 22:34 ` Laszlo Ersek
2020-11-12 14:24 ` 回复: " gaoliming
1 sibling, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2020-11-11 22:34 UTC (permalink / raw)
To: devel, bret
On 11/11/20 19:43, Bret Barkelew wrote:
> To clarify:
>
> The current solution to the MorLock EndOfDxe issue is to expressly call
> LockVariablePolicy() in the same locations that mEndOfDxe is set (which was
> the mechanism that previously locked the VariableLock interface). This
> solution maintains parity with the old design, which is keeping with the
> ethos of minimal changes and similar functionality to VariableLock. It does
> not introduce any new dependencies.
>
> The only drawback to this approach is that it preserves the strict ordering
> that was also previously required by MorLock, which I will attempt to
> address in later updates.
Thank you for the explanation!
Laszlo
>
> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
>
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>>
>> Since the integration requires multiple changes, including adding
>> libraries,
>> a protocol, an SMI communication handler, and VariableServices integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>>
>> Platform porting instructions are described in this wiki entry:
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>>
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>>
>> Most recently, this subject was discussed in this thread:
>> https://edk2.groups.io/g/devel/message/53712
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>>
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>>
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>>
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
>> DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>>
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>>
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
>> platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
>> variables
>>
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>> (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and
>> gVariablePolicyProtocolGuid
>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>> before changing variable driver
>>
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>>
>> Bret Barkelew (13):
>> MdeModulePkg: Define the VariablePolicy protocol interface
>> MdeModulePkg: Define the VariablePolicyLib
>> MdeModulePkg: Define the VariablePolicyHelperLib
>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>> MdeModulePkg: Connect VariablePolicy business logic to
>> VariableServices
>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>> variables
>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> | 346 ++++++++
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> | 396 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> | 46 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> | 85 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> | 830 ++++++++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
>> | 52 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
>> | 60 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
>> | 49 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
>> | 60 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> | 71 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> | 573 ++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
>> | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
>> | 14 +
>> SecurityPkg/Library/AuthVariableLib/AuthService.c
>> | 30 +-
>> ArmVirtPkg/ArmVirt.dsc.inc
>> | 4 +
>> EmulatorPkg/EmulatorPkg.dsc
>> | 3 +
>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> | 54 ++
>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> | 164 ++++
>> MdeModulePkg/Include/Library/VariablePolicyLib.h
>> | 207 +++++
>> MdeModulePkg/Include/Protocol/VariablePolicy.h
>> | 157 ++++
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> | 42 +
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> | 12 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> | 35 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> | 406 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> | 48 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>> | 51 ++
>> MdeModulePkg/MdeModulePkg.ci.yaml
>> | 4 +-
>> MdeModulePkg/MdeModulePkg.dec
>> | 26 +-
>> MdeModulePkg/MdeModulePkg.dsc
>> | 9 +
>> MdeModulePkg/MdeModulePkg.uni
>> | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>> | 5 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
>> | 4 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>> | 11 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
>> | 4 +
>> OvmfPkg/OvmfPkgIa32.dsc
>> | 5 +
>> OvmfPkg/OvmfPkgIa32X64.dsc
>> | 5 +
>> OvmfPkg/OvmfPkgX64.dsc
>> | 5 +
>> OvmfPkg/OvmfXen.dsc
>> | 4 +
>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>> | 2 +
>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc
>> | 4 +
>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
>> | 4 +
>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>> create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>> create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>
>> --
>> 2.28.0.windows.1
>>
>>
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* 回复: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-11 18:43 ` [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-11 22:34 ` [edk2-devel] " Laszlo Ersek
@ 2020-11-12 14:24 ` gaoliming
2020-11-12 16:45 ` Bret Barkelew
1 sibling, 1 reply; 33+ messages in thread
From: gaoliming @ 2020-11-12 14:24 UTC (permalink / raw)
To: devel, bret; +Cc: gaoliming, lersek, michael.d.kinney
[-- Attachment #1: Type: text/plain, Size: 11805 bytes --]
Bret:
V9 version change is mainly for MdeModule Variable driver. The change is good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Besides, I find V9 doesn’t include the patch 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy. Because this patch doesn’t pass ECC, will you plan to add it later?
Thanks
Liming
发件人: bounce+27952+67296+4905953+8761045@groups.io <bounce+27952+67296+4905953+8761045@groups.io> 代表 Bret Barkelew
发送时间: 2020年11月12日 2:44
收件人: edk2-devel-groups-io <devel@edk2.groups.io>
主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
To clarify:
The current solution to the MorLock EndOfDxe issue is to expressly call LockVariablePolicy() in the same locations that mEndOfDxe is set (which was the mechanism that previously locked the VariableLock interface). This solution maintains parity with the old design, which is keeping with the ethos of minimal changes and similar functionality to VariableLock. It does not introduce any new dependencies.
The only drawback to this approach is that it preserves the strict ordering that was also previously required by MorLock, which I will attempt to address in later updates.
On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
The 14 patches in this series add the VariablePolicy feature to the core,
deprecate Edk2VarLock (while adding a compatibility layer to reduce code
churn), and integrate the VariablePolicy libraries and protocols into
Variable Services.
Since the integration requires multiple changes, including adding libraries,
a protocol, an SMI communication handler, and VariableServices integration,
the patches are broken up by individual library additions and then a final
integration. Security-sensitive changes like bypassing Authenticated
Variable enforcement are also broken out into individual patches so that
attention can be called directly to them.
Platform porting instructions are described in this wiki entry:
https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
Discussion of the feature can be found in multiple places throughout
the last year on the RFC channel, staging branches, and in devel.
Most recently, this subject was discussed in this thread:
https://edk2.groups.io/g/devel/message/53712
(the code branches shared in that discussion are now out of date, but the
whitepapers and discussion are relevant).
Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >
Cc: Dandan Bi <dandan.bi@intel.com <mailto:dandan.bi@intel.com> >
Cc: Chao Zhang <chao.b.zhang@intel.com <mailto:chao.b.zhang@intel.com> >
Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >
Cc: Hao A Wu <hao.a.wu@intel.com <mailto:hao.a.wu@intel.com> >
Cc: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com> >
Cc: Jordan Justen <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com> >
Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com> >
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com <mailto:ard.biesheuvel@arm.com> >
Cc: Andrew Fish <afish@apple.com <mailto:afish@apple.com> >
Cc: Ray Ni <ray.ni@intel.com <mailto:ray.ni@intel.com> >
Cc: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
v9 changes:
* Rebase
* Address the event ordering issues around MorLock at EndOfDxe
* Drop problematic tests
* Address ECC issues
v8 changes:
* Rebase
* Small tweaks from final PRs
* Drank a lot
* Enrolled several members and a steward in CatFacts
v7 changes:
* Address comments from Dandan about security of the MM handler
* Add readme
* Fix bug around hex characters in BOOT####, etc
* Add additional testing for hex characters
* Add additional testing for authenticated variables
v6 changes:
* Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
* Fix GCC building in shell-based functional test
* Rebase on latest origin/master
v5 changes:
* Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
* Fix EFIAPI mismatches in the functional unittest
* Rebase on latest origin/master
v4 changes:
* Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
* Rebase on master
* Migrate to new MmCommunicate2 protocol
* Fix an oversight in the default return value for InitMmCommonCommBuffer
* Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
V3 changes:
* Address all non-unittest issues with ECC
* Make additional style changes
* Include section name in hunk headers in "ini-style" files
* Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
(now allocates its own buffer)
* Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
* Fix GCC warning about initializing externs
* Add UNI strings for new PCD
* Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
* Reorder patches according to Liming's feedback about adding to platforms
before changing variable driver
V2 changes:
* Fixed implementation for RuntimeDxe
* Add PCD to block DisableVariablePolicy
* Fix the DumpVariablePolicy pagination in SMM
Bret Barkelew (13):
MdeModulePkg: Define the VariablePolicy protocol interface
MdeModulePkg: Define the VariablePolicyLib
MdeModulePkg: Define the VariablePolicyHelperLib
MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
MdeModulePkg: Connect VariablePolicy business logic to
VariableServices
MdeModulePkg: Allow VariablePolicy state to delete protected variables
SecurityPkg: Allow VariablePolicy state to delete authenticated
variables
MdeModulePkg: Change TCG MOR variables to use VariablePolicy
MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
ArmVirtPkg/ArmVirt.dsc.inc | 4 +
EmulatorPkg/EmulatorPkg.dsc | 3 +
MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
MdeModulePkg/MdeModulePkg.dec | 26 +-
MdeModulePkg/MdeModulePkg.dsc | 9 +
MdeModulePkg/MdeModulePkg.uni | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
OvmfPkg/OvmfPkgX64.dsc | 5 +
OvmfPkg/OvmfXen.dsc | 4 +
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
43 files changed, 3845 insertions(+), 80 deletions(-)
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
--
2.28.0.windows.1
[-- Attachment #2: Type: text/html, Size: 20381 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-12 14:24 ` 回复: " gaoliming
@ 2020-11-12 16:45 ` Bret Barkelew
2020-11-13 1:20 ` Bret Barkelew
0 siblings, 1 reply; 33+ messages in thread
From: Bret Barkelew @ 2020-11-12 16:45 UTC (permalink / raw)
To: gaoliming; +Cc: edk2-devel-groups-io, Laszlo Ersek, Michael D Kinney
[-- Attachment #1: Type: text/plain, Size: 11468 bytes --]
Yes, I'm working on a more sustainable solution for the test cases and have
opened this bug to track it.
3073 – Provide test cases/apps for VarPol (tianocore.org)
<https://bugzilla.tianocore.org/show_bug.cgi?id=3073>
I just didn't want that to hold up the rest of the code that's already been
signed off on.
On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn> wrote:
> Bret:
>
> V9 version change is mainly for MdeModule Variable driver. The change is
> good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>
>
>
> Besides, I find V9 doesn’t include the patch
> 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy.
> Because this patch doesn’t pass ECC, will you plan to add it later?
>
>
>
> Thanks
>
> Liming
>
> *发件人:* bounce+27952+67296+4905953+8761045@groups.io <
> bounce+27952+67296+4905953+8761045@groups.io> *代表 *Bret Barkelew
> *发送时间:* 2020年11月12日 2:44
> *收件人:* edk2-devel-groups-io <devel@edk2.groups.io>
> *主题:* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>
>
>
> To clarify:
>
>
>
> The current solution to the MorLock EndOfDxe issue is to expressly call
> LockVariablePolicy() in the same locations that mEndOfDxe is set (which was
> the mechanism that previously locked the VariableLock interface). This
> solution maintains parity with the old design, which is keeping with the
> ethos of minimal changes and similar functionality to VariableLock. It does
> not introduce any new dependencies.
>
>
>
> The only drawback to this approach is that it preserves the strict
> ordering that was also previously required by MorLock, which I will attempt
> to address in later updates.
>
>
>
> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
>
> The 14 patches in this series add the VariablePolicy feature to the core,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding
> libraries,
> a protocol, an SMI communication handler, and VariableServices integration,
> the patches are broken up by individual library additions and then a final
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
>
> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://edk2.groups.io/g/devel/message/53712
> (the code branches shared in that discussion are now out of date, but the
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Bret Barkelew <brbarkel@microsoft.com>
> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> v9 changes:
> * Rebase
> * Address the event ordering issues around MorLock at EndOfDxe
> * Drop problematic tests
> * Address ECC issues
>
> v8 changes:
> * Rebase
> * Small tweaks from final PRs
> * Drank a lot
> * Enrolled several members and a steward in CatFacts
>
> v7 changes:
> * Address comments from Dandan about security of the MM handler
> * Add readme
> * Fix bug around hex characters in BOOT####, etc
> * Add additional testing for hex characters
> * Add additional testing for authenticated variables
>
> v6 changes:
> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
> DeinitVariablePolicyLib()
> * Fix GCC building in shell-based functional test
> * Rebase on latest origin/master
>
> v5 changes:
> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
> * Fix EFIAPI mismatches in the functional unittest
> * Rebase on latest origin/master
>
> v4 changes:
> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
> platforms
> * Rebase on master
> * Migrate to new MmCommunicate2 protocol
> * Fix an oversight in the default return value for InitMmCommonCommBuffer
> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
> variables
>
> V3 changes:
> * Address all non-unittest issues with ECC
> * Make additional style changes
> * Include section name in hunk headers in "ini-style" files
> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
> (now allocates its own buffer)
> * Change names from VARIABLE_POLICY_PROTOCOL and
> gVariablePolicyProtocolGuid
> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
> * Fix GCC warning about initializing externs
> * Add UNI strings for new PCD
> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
> * Reorder patches according to Liming's feedback about adding to platforms
> before changing variable driver
>
> V2 changes:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (13):
> MdeModulePkg: Define the VariablePolicy protocol interface
> MdeModulePkg: Define the VariablePolicyLib
> MdeModulePkg: Define the VariablePolicyHelperLib
> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
> MdeModulePkg: Connect VariablePolicy business logic to
> VariableServices
> MdeModulePkg: Allow VariablePolicy state to delete protected variables
> SecurityPkg: Allow VariablePolicy state to delete authenticated
> variables
> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> | 346 ++++++++
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> | 396 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> | 46 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
> | 85 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> | 830 ++++++++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
> | 52 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
> | 60 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
> | 49 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> | 60 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
> | 71 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> | 573 ++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
> | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
> | 14 +
> SecurityPkg/Library/AuthVariableLib/AuthService.c
> | 30 +-
> ArmVirtPkg/ArmVirt.dsc.inc
> | 4 +
> EmulatorPkg/EmulatorPkg.dsc
> | 3 +
> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> | 54 ++
> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> | 164 ++++
> MdeModulePkg/Include/Library/VariablePolicyLib.h
> | 207 +++++
> MdeModulePkg/Include/Protocol/VariablePolicy.h
> | 157 ++++
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> | 42 +
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> | 12 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> | 35 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> | 12 +
> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
> | 406 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> | 48 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> | 12 +
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
> | 51 ++
> MdeModulePkg/MdeModulePkg.ci.yaml
> | 4 +-
> MdeModulePkg/MdeModulePkg.dec
> | 26 +-
> MdeModulePkg/MdeModulePkg.dsc
> | 9 +
> MdeModulePkg/MdeModulePkg.uni
> | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> | 5 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> | 4 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> | 11 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> | 4 +
> OvmfPkg/OvmfPkgIa32.dsc
> | 5 +
> OvmfPkg/OvmfPkgIa32X64.dsc
> | 5 +
> OvmfPkg/OvmfPkgX64.dsc
> | 5 +
> OvmfPkg/OvmfXen.dsc
> | 4 +
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> | 2 +
> UefiPayloadPkg/UefiPayloadPkgIa32.dsc
> | 4 +
> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
> | 4 +
> 43 files changed, 3845 insertions(+), 80 deletions(-)
> create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
> create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
> create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
> --
> 2.28.0.windows.1
>
>
>
[-- Attachment #2: Type: text/html, Size: 17365 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-12 16:45 ` Bret Barkelew
@ 2020-11-13 1:20 ` Bret Barkelew
2020-11-13 2:05 ` 回复: " gaoliming
[not found] ` <1646EF0A6B8F843A.414@groups.io>
0 siblings, 2 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-13 1:20 UTC (permalink / raw)
To: gaoliming; +Cc: edk2-devel-groups-io, Laszlo Ersek, Michael D Kinney
[-- Attachment #1: Type: text/plain, Size: 12042 bytes --]
Looks like I should have everything I need on this patch set. Can I assume
that someone will stage it to make it into 2011-stable?
On Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew <bret@corthon.com> wrote:
> Yes, I'm working on a more sustainable solution for the test cases and
> have opened this bug to track it.
> 3073 – Provide test cases/apps for VarPol (tianocore.org)
> <https://bugzilla.tianocore.org/show_bug.cgi?id=3073>
>
> I just didn't want that to hold up the rest of the code that's already
> been signed off on.
>
> On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn>
> wrote:
>
>> Bret:
>>
>> V9 version change is mainly for MdeModule Variable driver. The change is
>> good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>>
>>
>>
>> Besides, I find V9 doesn’t include the patch
>> 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy.
>> Because this patch doesn’t pass ECC, will you plan to add it later?
>>
>>
>>
>> Thanks
>>
>> Liming
>>
>> *发件人:* bounce+27952+67296+4905953+8761045@groups.io <
>> bounce+27952+67296+4905953+8761045@groups.io> *代表 *Bret Barkelew
>> *发送时间:* 2020年11月12日 2:44
>> *收件人:* edk2-devel-groups-io <devel@edk2.groups.io>
>> *主题:* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>>
>>
>>
>> To clarify:
>>
>>
>>
>> The current solution to the MorLock EndOfDxe issue is to expressly call
>> LockVariablePolicy() in the same locations that mEndOfDxe is set (which was
>> the mechanism that previously locked the VariableLock interface). This
>> solution maintains parity with the old design, which is keeping with the
>> ethos of minimal changes and similar functionality to VariableLock. It does
>> not introduce any new dependencies.
>>
>>
>>
>> The only drawback to this approach is that it preserves the strict
>> ordering that was also previously required by MorLock, which I will attempt
>> to address in later updates.
>>
>>
>>
>> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
>>
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>>
>> Since the integration requires multiple changes, including adding
>> libraries,
>> a protocol, an SMI communication handler, and VariableServices
>> integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>>
>> Platform porting instructions are described in this wiki entry:
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>>
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>>
>> Most recently, this subject was discussed in this thread:
>> https://edk2.groups.io/g/devel/message/53712
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>>
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>>
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>>
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
>> DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>>
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>>
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
>> platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
>> variables
>>
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>> (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and
>> gVariablePolicyProtocolGuid
>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>> before changing variable driver
>>
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>>
>> Bret Barkelew (13):
>> MdeModulePkg: Define the VariablePolicy protocol interface
>> MdeModulePkg: Define the VariablePolicyLib
>> MdeModulePkg: Define the VariablePolicyHelperLib
>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>> MdeModulePkg: Connect VariablePolicy business logic to
>> VariableServices
>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>> variables
>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> | 346 ++++++++
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> | 396 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> | 46 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> | 85 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> | 830 ++++++++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
>> | 52 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
>> | 60 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
>> | 49 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
>> | 60 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> | 71 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> | 573 ++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
>> | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
>> | 14 +
>> SecurityPkg/Library/AuthVariableLib/AuthService.c
>> | 30 +-
>> ArmVirtPkg/ArmVirt.dsc.inc
>> | 4 +
>> EmulatorPkg/EmulatorPkg.dsc
>> | 3 +
>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> | 54 ++
>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> | 164 ++++
>> MdeModulePkg/Include/Library/VariablePolicyLib.h
>> | 207 +++++
>> MdeModulePkg/Include/Protocol/VariablePolicy.h
>> | 157 ++++
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> | 42 +
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> | 12 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> | 35 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> | 406 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> | 48 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>> | 51 ++
>> MdeModulePkg/MdeModulePkg.ci.yaml
>> | 4 +-
>> MdeModulePkg/MdeModulePkg.dec
>> | 26 +-
>> MdeModulePkg/MdeModulePkg.dsc
>> | 9 +
>> MdeModulePkg/MdeModulePkg.uni
>> | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>> | 5 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
>> | 4 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>> | 11 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
>> | 4 +
>> OvmfPkg/OvmfPkgIa32.dsc
>> | 5 +
>> OvmfPkg/OvmfPkgIa32X64.dsc
>> | 5 +
>> OvmfPkg/OvmfPkgX64.dsc
>> | 5 +
>> OvmfPkg/OvmfXen.dsc
>> | 4 +
>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>> | 2 +
>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc
>> | 4 +
>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
>> | 4 +
>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>> create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>> create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>
>> --
>> 2.28.0.windows.1
>>
>>
>>
>
[-- Attachment #2: Type: text/html, Size: 17795 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* 回复: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-13 1:20 ` Bret Barkelew
@ 2020-11-13 2:05 ` gaoliming
2020-11-13 19:59 ` Laszlo Ersek
[not found] ` <1646EF0A6B8F843A.414@groups.io>
1 sibling, 1 reply; 33+ messages in thread
From: gaoliming @ 2020-11-13 2:05 UTC (permalink / raw)
To: 'Bret Barkelew'
Cc: 'edk2-devel-groups-io', 'Laszlo Ersek',
'Michael D Kinney'
[-- Attachment #1: Type: text/plain, Size: 13159 bytes --]
Bret:
Yes. I think this patch set pass code review. If no objection, I will merge it next Monday.
Thanks
Liming
发件人: Bret Barkelew <bret@corthon.com>
发送时间: 2020年11月13日 9:21
收件人: gaoliming <gaoliming@byosoft.com.cn>
抄送: edk2-devel-groups-io <devel@edk2.groups.io>; Laszlo Ersek <lersek@redhat.com>; Michael D Kinney <michael.d.kinney@intel.com>
主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
Looks like I should have everything I need on this patch set. Can I assume that someone will stage it to make it into 2011-stable?
On Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
Yes, I'm working on a more sustainable solution for the test cases and have opened this bug to track it.
3073 – Provide test cases/apps for VarPol (tianocore.org) <https://bugzilla.tianocore.org/show_bug.cgi?id=3073>
I just didn't want that to hold up the rest of the code that's already been signed off on.
On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> > wrote:
Bret:
V9 version change is mainly for MdeModule Variable driver. The change is good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Besides, I find V9 doesn’t include the patch 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy. Because this patch doesn’t pass ECC, will you plan to add it later?
Thanks
Liming
发件人: bounce+27952+67296+4905953+8761045@groups.io <mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io> <bounce+27952+67296+4905953+8761045@groups.io <mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io> > 代表 Bret Barkelew
发送时间: 2020年11月12日 2:44
收件人: edk2-devel-groups-io <devel@edk2.groups.io <mailto:devel@edk2.groups.io> >
主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
To clarify:
The current solution to the MorLock EndOfDxe issue is to expressly call LockVariablePolicy() in the same locations that mEndOfDxe is set (which was the mechanism that previously locked the VariableLock interface). This solution maintains parity with the old design, which is keeping with the ethos of minimal changes and similar functionality to VariableLock. It does not introduce any new dependencies.
The only drawback to this approach is that it preserves the strict ordering that was also previously required by MorLock, which I will attempt to address in later updates.
On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
The 14 patches in this series add the VariablePolicy feature to the core,
deprecate Edk2VarLock (while adding a compatibility layer to reduce code
churn), and integrate the VariablePolicy libraries and protocols into
Variable Services.
Since the integration requires multiple changes, including adding libraries,
a protocol, an SMI communication handler, and VariableServices integration,
the patches are broken up by individual library additions and then a final
integration. Security-sensitive changes like bypassing Authenticated
Variable enforcement are also broken out into individual patches so that
attention can be called directly to them.
Platform porting instructions are described in this wiki entry:
https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
Discussion of the feature can be found in multiple places throughout
the last year on the RFC channel, staging branches, and in devel.
Most recently, this subject was discussed in this thread:
https://edk2.groups.io/g/devel/message/53712
(the code branches shared in that discussion are now out of date, but the
whitepapers and discussion are relevant).
Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >
Cc: Dandan Bi <dandan.bi@intel.com <mailto:dandan.bi@intel.com> >
Cc: Chao Zhang <chao.b.zhang@intel.com <mailto:chao.b.zhang@intel.com> >
Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >
Cc: Hao A Wu <hao.a.wu@intel.com <mailto:hao.a.wu@intel.com> >
Cc: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com> >
Cc: Jordan Justen <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com> >
Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com> >
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com <mailto:ard.biesheuvel@arm.com> >
Cc: Andrew Fish <afish@apple.com <mailto:afish@apple.com> >
Cc: Ray Ni <ray.ni@intel.com <mailto:ray.ni@intel.com> >
Cc: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
v9 changes:
* Rebase
* Address the event ordering issues around MorLock at EndOfDxe
* Drop problematic tests
* Address ECC issues
v8 changes:
* Rebase
* Small tweaks from final PRs
* Drank a lot
* Enrolled several members and a steward in CatFacts
v7 changes:
* Address comments from Dandan about security of the MM handler
* Add readme
* Fix bug around hex characters in BOOT####, etc
* Add additional testing for hex characters
* Add additional testing for authenticated variables
v6 changes:
* Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
* Fix GCC building in shell-based functional test
* Rebase on latest origin/master
v5 changes:
* Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
* Fix EFIAPI mismatches in the functional unittest
* Rebase on latest origin/master
v4 changes:
* Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
* Rebase on master
* Migrate to new MmCommunicate2 protocol
* Fix an oversight in the default return value for InitMmCommonCommBuffer
* Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
V3 changes:
* Address all non-unittest issues with ECC
* Make additional style changes
* Include section name in hunk headers in "ini-style" files
* Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
(now allocates its own buffer)
* Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
* Fix GCC warning about initializing externs
* Add UNI strings for new PCD
* Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
* Reorder patches according to Liming's feedback about adding to platforms
before changing variable driver
V2 changes:
* Fixed implementation for RuntimeDxe
* Add PCD to block DisableVariablePolicy
* Fix the DumpVariablePolicy pagination in SMM
Bret Barkelew (13):
MdeModulePkg: Define the VariablePolicy protocol interface
MdeModulePkg: Define the VariablePolicyLib
MdeModulePkg: Define the VariablePolicyHelperLib
MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
MdeModulePkg: Connect VariablePolicy business logic to
VariableServices
MdeModulePkg: Allow VariablePolicy state to delete protected variables
SecurityPkg: Allow VariablePolicy state to delete authenticated
variables
MdeModulePkg: Change TCG MOR variables to use VariablePolicy
MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
ArmVirtPkg/ArmVirt.dsc.inc | 4 +
EmulatorPkg/EmulatorPkg.dsc | 3 +
MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
MdeModulePkg/MdeModulePkg.dec | 26 +-
MdeModulePkg/MdeModulePkg.dsc | 9 +
MdeModulePkg/MdeModulePkg.uni | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
OvmfPkg/OvmfPkgX64.dsc | 5 +
OvmfPkg/OvmfXen.dsc | 4 +
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
43 files changed, 3845 insertions(+), 80 deletions(-)
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
--
2.28.0.windows.1
[-- Attachment #2: Type: text/html, Size: 25586 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: 回复: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-13 2:05 ` 回复: " gaoliming
@ 2020-11-13 19:59 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2020-11-13 19:59 UTC (permalink / raw)
To: gaoliming, 'Bret Barkelew'
Cc: 'edk2-devel-groups-io', 'Michael D Kinney'
On 11/13/20 03:05, gaoliming wrote:
> Bret:
>
> Yes. I think this patch set pass code review. If no objection, I will merge it next Monday.
No objection from me.
Thanks
Laszlo
>
>
>
> Thanks
>
> Liming
>
> 发件人: Bret Barkelew <bret@corthon.com>
> 发送时间: 2020年11月13日 9:21
> 收件人: gaoliming <gaoliming@byosoft.com.cn>
> 抄送: edk2-devel-groups-io <devel@edk2.groups.io>; Laszlo Ersek <lersek@redhat.com>; Michael D Kinney <michael.d.kinney@intel.com>
> 主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>
>
>
> Looks like I should have everything I need on this patch set. Can I assume that someone will stage it to make it into 2011-stable?
>
>
>
> On Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
>
> Yes, I'm working on a more sustainable solution for the test cases and have opened this bug to track it.
> 3073 – Provide test cases/apps for VarPol (tianocore.org) <https://bugzilla.tianocore.org/show_bug.cgi?id=3073>
>
>
>
> I just didn't want that to hold up the rest of the code that's already been signed off on.
>
>
>
> On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> > wrote:
>
> Bret:
>
> V9 version change is mainly for MdeModule Variable driver. The change is good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
>
>
>
> Besides, I find V9 doesn’t include the patch 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy. Because this patch doesn’t pass ECC, will you plan to add it later?
>
>
>
> Thanks
>
> Liming
>
> 发件人: bounce+27952+67296+4905953+8761045@groups.io <mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io> <bounce+27952+67296+4905953+8761045@groups.io <mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io> > 代表 Bret Barkelew
> 发送时间: 2020年11月12日 2:44
> 收件人: edk2-devel-groups-io <devel@edk2.groups.io <mailto:devel@edk2.groups.io> >
> 主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>
>
>
> To clarify:
>
>
>
> The current solution to the MorLock EndOfDxe issue is to expressly call LockVariablePolicy() in the same locations that mEndOfDxe is set (which was the mechanism that previously locked the VariableLock interface). This solution maintains parity with the old design, which is keeping with the ethos of minimal changes and similar functionality to VariableLock. It does not introduce any new dependencies.
>
>
>
> The only drawback to this approach is that it preserves the strict ordering that was also previously required by MorLock, which I will attempt to address in later updates.
>
>
>
> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
>
> The 14 patches in this series add the VariablePolicy feature to the core,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding libraries,
> a protocol, an SMI communication handler, and VariableServices integration,
> the patches are broken up by individual library additions and then a final
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://edk2.groups.io/g/devel/message/53712
> (the code branches shared in that discussion are now out of date, but the
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >
> Cc: Dandan Bi <dandan.bi@intel.com <mailto:dandan.bi@intel.com> >
> Cc: Chao Zhang <chao.b.zhang@intel.com <mailto:chao.b.zhang@intel.com> >
> Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >
> Cc: Hao A Wu <hao.a.wu@intel.com <mailto:hao.a.wu@intel.com> >
> Cc: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com> >
> Cc: Jordan Justen <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com> >
> Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com> >
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com <mailto:ard.biesheuvel@arm.com> >
> Cc: Andrew Fish <afish@apple.com <mailto:afish@apple.com> >
> Cc: Ray Ni <ray.ni@intel.com <mailto:ray.ni@intel.com> >
> Cc: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
>
> v9 changes:
> * Rebase
> * Address the event ordering issues around MorLock at EndOfDxe
> * Drop problematic tests
> * Address ECC issues
>
> v8 changes:
> * Rebase
> * Small tweaks from final PRs
> * Drank a lot
> * Enrolled several members and a steward in CatFacts
>
> v7 changes:
> * Address comments from Dandan about security of the MM handler
> * Add readme
> * Fix bug around hex characters in BOOT####, etc
> * Add additional testing for hex characters
> * Add additional testing for authenticated variables
>
> v6 changes:
> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
> * Fix GCC building in shell-based functional test
> * Rebase on latest origin/master
>
> v5 changes:
> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
> * Fix EFIAPI mismatches in the functional unittest
> * Rebase on latest origin/master
>
> v4 changes:
> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
> * Rebase on master
> * Migrate to new MmCommunicate2 protocol
> * Fix an oversight in the default return value for InitMmCommonCommBuffer
> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>
> V3 changes:
> * Address all non-unittest issues with ECC
> * Make additional style changes
> * Include section name in hunk headers in "ini-style" files
> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
> (now allocates its own buffer)
> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
> * Fix GCC warning about initializing externs
> * Add UNI strings for new PCD
> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
> * Reorder patches according to Liming's feedback about adding to platforms
> before changing variable driver
>
> V2 changes:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (13):
> MdeModulePkg: Define the VariablePolicy protocol interface
> MdeModulePkg: Define the VariablePolicyLib
> MdeModulePkg: Define the VariablePolicyHelperLib
> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
> MdeModulePkg: Connect VariablePolicy business logic to
> VariableServices
> MdeModulePkg: Allow VariablePolicy state to delete protected variables
> SecurityPkg: Allow VariablePolicy state to delete authenticated
> variables
> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
> EmulatorPkg/EmulatorPkg.dsc | 3 +
> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
> MdeModulePkg/MdeModulePkg.dec | 26 +-
> MdeModulePkg/MdeModulePkg.dsc | 9 +
> MdeModulePkg/MdeModulePkg.uni | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
> OvmfPkg/OvmfPkgIa32.dsc | 5 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
> OvmfPkg/OvmfPkgX64.dsc | 5 +
> OvmfPkg/OvmfXen.dsc | 4 +
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
> 43 files changed, 3845 insertions(+), 80 deletions(-)
> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* 回复: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
[not found] ` <1646EF0A6B8F843A.414@groups.io>
@ 2020-11-17 1:00 ` gaoliming
0 siblings, 0 replies; 33+ messages in thread
From: gaoliming @ 2020-11-17 1:00 UTC (permalink / raw)
To: devel, gaoliming, 'Bret Barkelew'
Cc: 'Laszlo Ersek', 'Michael D Kinney'
[-- Attachment #1: Type: text/plain, Size: 13837 bytes --]
Create PR https://github.com/tianocore/edk2/pull/1128 for this patch set.
发件人: bounce+27952+67415+4905953+8761045@groups.io <bounce+27952+67415+4905953+8761045@groups.io> 代表 gaoliming
发送时间: 2020年11月13日 10:05
收件人: 'Bret Barkelew' <bret@corthon.com>
抄送: 'edk2-devel-groups-io' <devel@edk2.groups.io>; 'Laszlo Ersek' <lersek@redhat.com>; 'Michael D Kinney' <michael.d.kinney@intel.com>
主题: 回复: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
Bret:
Yes. I think this patch set pass code review. If no objection, I will merge it next Monday.
Thanks
Liming
发件人: Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> >
发送时间: 2020年11月13日 9:21
收件人: gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
抄送: edk2-devel-groups-io <devel@edk2.groups.io <mailto:devel@edk2.groups.io> >; Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com> >; Michael D Kinney <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com> >
主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
Looks like I should have everything I need on this patch set. Can I assume that someone will stage it to make it into 2011-stable?
On Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
Yes, I'm working on a more sustainable solution for the test cases and have opened this bug to track it.
3073 <https://bugzilla.tianocore.org/show_bug.cgi?id=3073> – Provide test cases/apps for VarPol (tianocore.org)
I just didn't want that to hold up the rest of the code that's already been signed off on.
On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> > wrote:
Bret:
V9 version change is mainly for MdeModule Variable driver. The change is good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Besides, I find V9 doesn’t include the patch 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy. Because this patch doesn’t pass ECC, will you plan to add it later?
Thanks
Liming
发件人: bounce+27952+67296+4905953+8761045@groups.io <mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io> <bounce+27952+67296+4905953+8761045@groups.io <mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io> > 代表 Bret Barkelew
发送时间: 2020年11月12日 2:44
收件人: edk2-devel-groups-io <devel@edk2.groups.io <mailto:devel@edk2.groups.io> >
主题: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
To clarify:
The current solution to the MorLock EndOfDxe issue is to expressly call LockVariablePolicy() in the same locations that mEndOfDxe is set (which was the mechanism that previously locked the VariableLock interface). This solution maintains parity with the old design, which is keeping with the ethos of minimal changes and similar functionality to VariableLock. It does not introduce any new dependencies.
The only drawback to this approach is that it preserves the strict ordering that was also previously required by MorLock, which I will attempt to address in later updates.
On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com <mailto:bret@corthon.com> > wrote:
The 14 patches in this series add the VariablePolicy feature to the core,
deprecate Edk2VarLock (while adding a compatibility layer to reduce code
churn), and integrate the VariablePolicy libraries and protocols into
Variable Services.
Since the integration requires multiple changes, including adding libraries,
a protocol, an SMI communication handler, and VariableServices integration,
the patches are broken up by individual library additions and then a final
integration. Security-sensitive changes like bypassing Authenticated
Variable enforcement are also broken out into individual patches so that
attention can be called directly to them.
Platform porting instructions are described in this wiki entry:
https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
Discussion of the feature can be found in multiple places throughout
the last year on the RFC channel, staging branches, and in devel.
Most recently, this subject was discussed in this thread:
https://edk2.groups.io/g/devel/message/53712
(the code branches shared in that discussion are now out of date, but the
whitepapers and discussion are relevant).
Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >
Cc: Dandan Bi <dandan.bi@intel.com <mailto:dandan.bi@intel.com> >
Cc: Chao Zhang <chao.b.zhang@intel.com <mailto:chao.b.zhang@intel.com> >
Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >
Cc: Hao A Wu <hao.a.wu@intel.com <mailto:hao.a.wu@intel.com> >
Cc: Liming Gao <liming.gao@intel.com <mailto:liming.gao@intel.com> >
Cc: Jordan Justen <jordan.l.justen@intel.com <mailto:jordan.l.justen@intel.com> >
Cc: Laszlo Ersek <lersek@redhat.com <mailto:lersek@redhat.com> >
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com <mailto:ard.biesheuvel@arm.com> >
Cc: Andrew Fish <afish@apple.com <mailto:afish@apple.com> >
Cc: Ray Ni <ray.ni@intel.com <mailto:ray.ni@intel.com> >
Cc: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com <mailto:brbarkel@microsoft.com> >
v9 changes:
* Rebase
* Address the event ordering issues around MorLock at EndOfDxe
* Drop problematic tests
* Address ECC issues
v8 changes:
* Rebase
* Small tweaks from final PRs
* Drank a lot
* Enrolled several members and a steward in CatFacts
v7 changes:
* Address comments from Dandan about security of the MM handler
* Add readme
* Fix bug around hex characters in BOOT####, etc
* Add additional testing for hex characters
* Add additional testing for authenticated variables
v6 changes:
* Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
* Fix GCC building in shell-based functional test
* Rebase on latest origin/master
v5 changes:
* Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
* Fix EFIAPI mismatches in the functional unittest
* Rebase on latest origin/master
v4 changes:
* Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
* Rebase on master
* Migrate to new MmCommunicate2 protocol
* Fix an oversight in the default return value for InitMmCommonCommBuffer
* Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
V3 changes:
* Address all non-unittest issues with ECC
* Make additional style changes
* Include section name in hunk headers in "ini-style" files
* Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
(now allocates its own buffer)
* Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
* Fix GCC warning about initializing externs
* Add UNI strings for new PCD
* Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
* Reorder patches according to Liming's feedback about adding to platforms
before changing variable driver
V2 changes:
* Fixed implementation for RuntimeDxe
* Add PCD to block DisableVariablePolicy
* Fix the DumpVariablePolicy pagination in SMM
Bret Barkelew (13):
MdeModulePkg: Define the VariablePolicy protocol interface
MdeModulePkg: Define the VariablePolicyLib
MdeModulePkg: Define the VariablePolicyHelperLib
MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
MdeModulePkg: Connect VariablePolicy business logic to
VariableServices
MdeModulePkg: Allow VariablePolicy state to delete protected variables
SecurityPkg: Allow VariablePolicy state to delete authenticated
variables
MdeModulePkg: Change TCG MOR variables to use VariablePolicy
MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
ArmVirtPkg/ArmVirt.dsc.inc | 4 +
EmulatorPkg/EmulatorPkg.dsc | 3 +
MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
MdeModulePkg/MdeModulePkg.dec | 26 +-
MdeModulePkg/MdeModulePkg.dsc | 9 +
MdeModulePkg/MdeModulePkg.uni | 7 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
OvmfPkg/OvmfPkgX64.dsc | 5 +
OvmfPkg/OvmfXen.dsc | 4 +
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
43 files changed, 3845 insertions(+), 80 deletions(-)
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
--
2.28.0.windows.1
[-- Attachment #2: Type: text/html, Size: 27737 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
` (13 preceding siblings ...)
2020-11-11 18:43 ` [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
@ 2020-11-19 12:46 ` Ard Biesheuvel
2020-11-19 16:15 ` Bret Barkelew
14 siblings, 1 reply; 33+ messages in thread
From: Ard Biesheuvel @ 2020-11-19 12:46 UTC (permalink / raw)
To: Bret Barkelew, devel
Cc: Jiewen Yao, Dandan Bi, Chao Zhang, Jian J Wang, Hao A Wu,
Liming Gao, Jordan Justen, Laszlo Ersek, Andrew Fish, Ray Ni,
Bret Barkelew
On 11/9/20 7:45 AM, Bret Barkelew wrote:
> The 14 patches in this series add the VariablePolicy feature to the core,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding libraries,
> a protocol, an SMI communication handler, and VariableServices integration,
> the patches are broken up by individual library additions and then a final
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://edk2.groups.io/g/devel/message/53712
> (the code branches shared in that discussion are now out of date, but the
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Bret Barkelew <brbarkel@microsoft.com>
> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
This series has now made it into edk2, and has subsequently broken every
single platform in edk2-platforms. Is anyone intending to propose any
fixes for this?
> v9 changes:
> * Rebase
> * Address the event ordering issues around MorLock at EndOfDxe
> * Drop problematic tests
> * Address ECC issues
>
> v8 changes:
> * Rebase
> * Small tweaks from final PRs
> * Drank a lot
> * Enrolled several members and a steward in CatFacts
>
> v7 changes:
> * Address comments from Dandan about security of the MM handler
> * Add readme
> * Fix bug around hex characters in BOOT####, etc
> * Add additional testing for hex characters
> * Add additional testing for authenticated variables
>
> v6 changes:
> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
> * Fix GCC building in shell-based functional test
> * Rebase on latest origin/master
>
> v5 changes:
> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
> * Fix EFIAPI mismatches in the functional unittest
> * Rebase on latest origin/master
>
> v4 changes:
> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
> * Rebase on master
> * Migrate to new MmCommunicate2 protocol
> * Fix an oversight in the default return value for InitMmCommonCommBuffer
> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>
> V3 changes:
> * Address all non-unittest issues with ECC
> * Make additional style changes
> * Include section name in hunk headers in "ini-style" files
> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
> (now allocates its own buffer)
> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
> * Fix GCC warning about initializing externs
> * Add UNI strings for new PCD
> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
> * Reorder patches according to Liming's feedback about adding to platforms
> before changing variable driver
>
> V2 changes:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (13):
> MdeModulePkg: Define the VariablePolicy protocol interface
> MdeModulePkg: Define the VariablePolicyLib
> MdeModulePkg: Define the VariablePolicyHelperLib
> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
> MdeModulePkg: Connect VariablePolicy business logic to
> VariableServices
> MdeModulePkg: Allow VariablePolicy state to delete protected variables
> SecurityPkg: Allow VariablePolicy state to delete authenticated
> variables
> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
> EmulatorPkg/EmulatorPkg.dsc | 3 +
> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
> MdeModulePkg/MdeModulePkg.dec | 26 +-
> MdeModulePkg/MdeModulePkg.dsc | 9 +
> MdeModulePkg/MdeModulePkg.uni | 7 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
> OvmfPkg/OvmfPkgIa32.dsc | 5 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
> OvmfPkg/OvmfPkgX64.dsc | 5 +
> OvmfPkg/OvmfXen.dsc | 4 +
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
> 43 files changed, 3845 insertions(+), 80 deletions(-)
> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 12:46 ` Ard Biesheuvel
@ 2020-11-19 16:15 ` Bret Barkelew
2020-11-19 16:19 ` Ard Biesheuvel
2020-11-19 20:02 ` [edk2-devel] " Andrei Warkentin
0 siblings, 2 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-19 16:15 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Bret Barkelew, devel, Jiewen Yao, Dandan Bi, Chao Zhang,
Jian J Wang, Hao A Wu, Liming Gao, Jordan Justen, Laszlo Ersek,
Andrew Fish, Ray Ni, Bret Barkelew
Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
You need to add the library class to your DSC.
--
[ Insert obscure pop-culture reference here. ]
> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel <ard.biesheuvel@arm.com> wrote:
>
> On 11/9/20 7:45 AM, Bret Barkelew wrote:
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>> Since the integration requires multiple changes, including adding libraries,
>> a protocol, an SMI communication handler, and VariableServices integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>> Platform porting instructions are described in this wiki entry:
>> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>> Most recently, this subject was discussed in this thread:
>> https://edk2.groups.io/g/devel/message/53712
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> This series has now made it into edk2, and has subsequently broken every single platform in edk2-platforms. Is anyone intending to propose any fixes for this?
>
>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>> (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>> before changing variable driver
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>> Bret Barkelew (13):
>> MdeModulePkg: Define the VariablePolicy protocol interface
>> MdeModulePkg: Define the VariablePolicyLib
>> MdeModulePkg: Define the VariablePolicyHelperLib
>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>> MdeModulePkg: Connect VariablePolicy business logic to
>> VariableServices
>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>> variables
>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
>> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
>> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
>> EmulatorPkg/EmulatorPkg.dsc | 3 +
>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
>> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
>> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
>> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
>> MdeModulePkg/MdeModulePkg.dec | 26 +-
>> MdeModulePkg/MdeModulePkg.dsc | 9 +
>> MdeModulePkg/MdeModulePkg.uni | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
>> OvmfPkg/OvmfPkgIa32.dsc | 5 +
>> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
>> OvmfPkg/OvmfPkgX64.dsc | 5 +
>> OvmfPkg/OvmfXen.dsc | 4 +
>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 16:15 ` Bret Barkelew
@ 2020-11-19 16:19 ` Ard Biesheuvel
2020-11-19 16:23 ` [EXTERNAL] " Bret Barkelew
[not found] ` <1648F558ACA0C0F8.8629@groups.io>
2020-11-19 20:02 ` [edk2-devel] " Andrei Warkentin
1 sibling, 2 replies; 33+ messages in thread
From: Ard Biesheuvel @ 2020-11-19 16:19 UTC (permalink / raw)
To: Bret Barkelew
Cc: Bret Barkelew, devel, Jiewen Yao, Dandan Bi, Jian J Wang,
Hao A Wu, Liming Gao, Jordan Justen, Laszlo Ersek, Andrew Fish,
Ray Ni, Bret Barkelew
On 11/19/20 5:15 PM, Bret Barkelew wrote:
> Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
>
> You need to add the library class to your DSC.
>
I know it has been painful to get these changes in, and I am glad that
you stuck with it. But that does not make it OK to simply break every
platform in edk2-platforms/ and not take any responsibility whatsoever
for fixing it. If it is such a trivial fix, why didn't you fix it yourself?
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 16:19 ` Ard Biesheuvel
@ 2020-11-19 16:23 ` Bret Barkelew
[not found] ` <1648F558ACA0C0F8.8629@groups.io>
1 sibling, 0 replies; 33+ messages in thread
From: Bret Barkelew @ 2020-11-19 16:23 UTC (permalink / raw)
To: Ard Biesheuvel, Bret Barkelew
Cc: Bret Barkelew, devel@edk2.groups.io, Yao, Jiewen, Dandan Bi,
Jian J Wang, Hao A Wu, Liming Gao, Jordan Justen, Laszlo Ersek,
Andrew Fish, Ni, Ray
[-- Attachment #1: Type: text/plain, Size: 1626 bytes --]
I followed the process that was agreed upon in this list: I opened bugs to every platform maintainer with explicit details of what needed to be changed and waited a full month before making any further progress with the main patches (adding a month to the completion time).
I’m wrapping things up to take a vacation next week, but if there are still problems when I return, I can probably contribute to one or two platforms.
- Bret
________________________________
From: Ard Biesheuvel <ard.biesheuvel@arm.com>
Sent: Thursday, November 19, 2020 8:19:37 AM
To: Bret Barkelew <debtech@gmail.com>
Cc: Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>
Subject: [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
On 11/19/20 5:15 PM, Bret Barkelew wrote:
> Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
>
> You need to add the library class to your DSC.
>
I know it has been painful to get these changes in, and I am glad that
you stuck with it. But that does not make it OK to simply break every
platform in edk2-platforms/ and not take any responsibility whatsoever
for fixing it. If it is such a trivial fix, why didn't you fix it yourself?
[-- Attachment #2: Type: text/html, Size: 2499 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
[not found] ` <1648F558ACA0C0F8.8629@groups.io>
@ 2020-11-19 16:26 ` Bret Barkelew
2020-11-19 16:35 ` Ard Biesheuvel
0 siblings, 1 reply; 33+ messages in thread
From: Bret Barkelew @ 2020-11-19 16:26 UTC (permalink / raw)
To: devel@edk2.groups.io, Ard Biesheuvel, Bret Barkelew
Cc: Bret Barkelew, devel@edk2.groups.io, Yao, Jiewen, Dandan Bi,
Jian J Wang, Hao A Wu, Liming Gao, Jordan Justen, Laszlo Ersek,
Andrew Fish, Ni, Ray
[-- Attachment #1: Type: text/plain, Size: 2525 bytes --]
I should clarify that it wasn’t an official process. It was just a suggestion that reached some consensus.
- Bret
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
Sent: Thursday, November 19, 2020 8:23:45 AM
To: Ard Biesheuvel <ard.biesheuvel@arm.com>; Bret Barkelew <debtech@gmail.com>
Cc: Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
Subject: Re: [edk2-devel] [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
I followed the process that was agreed upon in this list: I opened bugs to every platform maintainer with explicit details of what needed to be changed and waited a full month before making any further progress with the main patches (adding a month to the completion time).
I’m wrapping things up to take a vacation next week, but if there are still problems when I return, I can probably contribute to one or two platforms.
- Bret
________________________________
From: Ard Biesheuvel <ard.biesheuvel@arm.com>
Sent: Thursday, November 19, 2020 8:19:37 AM
To: Bret Barkelew <debtech@gmail.com>
Cc: Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>
Subject: [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
On 11/19/20 5:15 PM, Bret Barkelew wrote:
> Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
>
> You need to add the library class to your DSC.
>
I know it has been painful to get these changes in, and I am glad that
you stuck with it. But that does not make it OK to simply break every
platform in edk2-platforms/ and not take any responsibility whatsoever
for fixing it. If it is such a trivial fix, why didn't you fix it yourself?
[-- Attachment #2: Type: text/html, Size: 3928 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 16:26 ` [edk2-devel] " Bret Barkelew
@ 2020-11-19 16:35 ` Ard Biesheuvel
2020-11-20 10:34 ` Laszlo Ersek
0 siblings, 1 reply; 33+ messages in thread
From: Ard Biesheuvel @ 2020-11-19 16:35 UTC (permalink / raw)
To: Bret Barkelew, devel@edk2.groups.io, Bret Barkelew
Cc: Bret Barkelew, Yao, Jiewen, Dandan Bi, Jian J Wang, Hao A Wu,
Liming Gao, Jordan Justen, Laszlo Ersek, Andrew Fish, Ni, Ray
On 11/19/20 5:26 PM, Bret Barkelew wrote:
> I should clarify that it wasn’t an official process. It was just a
> suggestion that reached some consensus.
>
Fair enough. I haven't been as active on the mailing list recently, so I
may have missed some of this.
I was just slightly shocked that every single platform got broken by
this change.
> ------------------------------------------------------------------------
> *From:* devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret
> Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
> *Sent:* Thursday, November 19, 2020 8:23:45 AM
> *To:* Ard Biesheuvel <ard.biesheuvel@arm.com>; Bret Barkelew
> <debtech@gmail.com>
> *Cc:* Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io
> <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi
> <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu
> <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan
> Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>;
> Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
> *Subject:* Re: [edk2-devel] [EXTERNAL] Re: [PATCH v9 00/13] Add the
> VariablePolicy feature
> I followed the process that was agreed upon in this list: I opened bugs
> to every platform maintainer with explicit details of what needed to be
> changed and waited a full month before making any further progress with
> the main patches (adding a month to the completion time).
>
> I’m wrapping things up to take a vacation next week, but if there are
> still problems when I return, I can probably contribute to one or two
> platforms.
>
> - Bret
> ------------------------------------------------------------------------
> *From:* Ard Biesheuvel <ard.biesheuvel@arm.com>
> *Sent:* Thursday, November 19, 2020 8:19:37 AM
> *To:* Bret Barkelew <debtech@gmail.com>
> *Cc:* Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io
> <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi
> <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu
> <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan
> Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>;
> Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>; Bret Barkelew
> <Bret.Barkelew@microsoft.com>
> *Subject:* [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
> On 11/19/20 5:15 PM, Bret Barkelew wrote:
>> Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
>>
>> You need to add the library class to your DSC.
>>
>
> I know it has been painful to get these changes in, and I am glad that
> you stuck with it. But that does not make it OK to simply break every
> platform in edk2-platforms/ and not take any responsibility whatsoever
> for fixing it. If it is such a trivial fix, why didn't you fix it yourself?
>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 16:15 ` Bret Barkelew
2020-11-19 16:19 ` Ard Biesheuvel
@ 2020-11-19 20:02 ` Andrei Warkentin
2020-11-19 20:16 ` Michael Kubacki
2020-11-19 20:41 ` Bret Barkelew
1 sibling, 2 replies; 33+ messages in thread
From: Andrei Warkentin @ 2020-11-19 20:02 UTC (permalink / raw)
To: Ard Biesheuvel, devel@edk2.groups.io, debtech@gmail.com
Cc: Bret Barkelew, Jiewen Yao, Dandan Bi, Chao Zhang, Jian J Wang,
Hao A Wu, Liming Gao, Jordan Justen, Laszlo Ersek, Andrew Fish,
Ray Ni, Bret Barkelew
[-- Attachment #1: Type: text/plain, Size: 13320 bytes --]
Hi Bret,
To be honest, I don't recall seeing anything. Again, maybe I should have been more proactive, but that's probably the net reality for most people. It would be unreasonable to expect you to test every platform, but it is very reasonable to assume that if you know you're adding build breakage to every platform (that is trivial to fix), that you would be taking care of it... Principle of least surprise. And yes, in some weird corner case perhaps that would be insufficient (again, I don't think anyone would expect you to compile test every platform), but it would take care of 99% of obvious fall-out.
For reference, there are occasional clean-ups that happen to the edk2 tree, and I've never seen anyone claim "not my problem" to deal with the obvious fall-out resulting from renames and such.
A
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <debtech=gmail.com@groups.io>
Sent: Thursday, November 19, 2020 10:15 AM
To: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Jiewen Yao <jiewen.yao@intel.com>; Dandan Bi <dandan.bi@intel.com>; Chao Zhang <chao.b.zhang@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao <liming.gao@intel.com>; Jordan Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ray Ni <ray.ni@intel.com>; Bret Barkelew <brbarkel@microsoft.com>
Subject: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
You need to add the library class to your DSC.
--
[ Insert obscure pop-culture reference here. ]
> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel <ard.biesheuvel@arm.com> wrote:
>
> On 11/9/20 7:45 AM, Bret Barkelew wrote:
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>> Since the integration requires multiple changes, including adding libraries,
>> a protocol, an SMI communication handler, and VariableServices integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>> Platform porting instructions are described in this wiki entry:
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247128819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LLKZ7qeffR0WCvLbYuHtQIuwJGhXY0mVqB2w9B0q180%3D&reserved=0
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>> Most recently, this subject was discussed in this thread:
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&reserved=0
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> This series has now made it into edk2, and has subsequently broken every single platform in edk2-platforms. Is anyone intending to propose any fixes for this?
>
>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>> (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>> before changing variable driver
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>> Bret Barkelew (13):
>> MdeModulePkg: Define the VariablePolicy protocol interface
>> MdeModulePkg: Define the VariablePolicyLib
>> MdeModulePkg: Define the VariablePolicyHelperLib
>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>> MdeModulePkg: Connect VariablePolicy business logic to
>> VariableServices
>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>> variables
>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
>> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
>> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
>> EmulatorPkg/EmulatorPkg.dsc | 3 +
>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
>> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
>> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
>> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
>> MdeModulePkg/MdeModulePkg.dec | 26 +-
>> MdeModulePkg/MdeModulePkg.dsc | 9 +
>> MdeModulePkg/MdeModulePkg.uni | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
>> OvmfPkg/OvmfPkgIa32.dsc | 5 +
>> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
>> OvmfPkg/OvmfPkgX64.dsc | 5 +
>> OvmfPkg/OvmfXen.dsc | 4 +
>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
[-- Attachment #2: Type: text/html, Size: 23194 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 20:02 ` [edk2-devel] " Andrei Warkentin
@ 2020-11-19 20:16 ` Michael Kubacki
2020-11-19 20:41 ` Bret Barkelew
1 sibling, 0 replies; 33+ messages in thread
From: Michael Kubacki @ 2020-11-19 20:16 UTC (permalink / raw)
To: devel, awarkentin, Ard Biesheuvel, debtech@gmail.com
Cc: Bret Barkelew, Jiewen Yao, Dandan Bi, Chao Zhang, Jian J Wang,
Hao A Wu, Liming Gao, Jordan Justen, Laszlo Ersek, Andrew Fish,
Ray Ni, Bret Barkelew
While I'm not currently a maintainer in either repo, I believe the
current process is not ideal. I highlighted some of my observations
here: https://edk2.groups.io/g/devel/message/65902.
Again, I don't have a strong vested interest in this but I do think some
level of a more well defined process needs to be reached between repo
maintiners to ease feature development in the future.
Thanks,
Michael
On 11/19/2020 12:02 PM, Andrei Warkentin wrote:
> Hi Bret,
>
> To be honest, I don't recall seeing anything. Again, maybe I should have
> been more proactive, but that's probably the net reality for most
> people. It would be unreasonable to expect you to test every platform,
> but it is very reasonable to assume that if you know you're adding build
> breakage to every platform (that is trivial to fix), that you would be
> taking care of it... Principle of least surprise. And yes, in some weird
> corner case perhaps that would be insufficient (again, I don't think
> anyone would expect you to compile test every platform), but it would
> take care of 99% of obvious fall-out.
>
> For reference, there are occasional clean-ups that happen to the edk2
> tree, and I've never seen anyone claim "not my problem" to deal with the
> obvious fall-out resulting from renames and such.
>
> A
> ------------------------------------------------------------------------
> *From:* devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret
> Barkelew via groups.io <debtech=gmail.com@groups.io>
> *Sent:* Thursday, November 19, 2020 10:15 AM
> *To:* Ard Biesheuvel <ard.biesheuvel@arm.com>
> *Cc:* Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io
> <devel@edk2.groups.io>; Jiewen Yao <jiewen.yao@intel.com>; Dandan Bi
> <dandan.bi@intel.com>; Chao Zhang <chao.b.zhang@intel.com>; Jian J Wang
> <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao
> <liming.gao@intel.com>; Jordan Justen <jordan.l.justen@intel.com>;
> Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ray Ni
> <ray.ni@intel.com>; Bret Barkelew <brbarkel@microsoft.com>
> *Subject:* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
> Those bugs and recommendations were sent out months ago. Several
> platforms have staged the changes already.
>
> You need to add the library class to your DSC.
>
> --
> [ Insert obscure pop-culture reference here. ]
>
>> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel <ard.biesheuvel@arm.com> wrote:
>>
>> On 11/9/20 7:45 AM, Bret Barkelew wrote:
>>> The 14 patches in this series add the VariablePolicy feature to the core,
>>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>>> churn), and integrate the VariablePolicy libraries and protocols into
>>> Variable Services.
>>> Since the integration requires multiple changes, including adding libraries,
>>> a protocol, an SMI communication handler, and VariableServices integration,
>>> the patches are broken up by individual library additions and then a final
>>> integration. Security-sensitive changes like bypassing Authenticated
>>> Variable enforcement are also broken out into individual patches so that
>>> attention can be called directly to them.
>>> Platform porting instructions are described in this wiki entry:
>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247128819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LLKZ7qeffR0WCvLbYuHtQIuwJGhXY0mVqB2w9B0q180%3D&reserved=0
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247128819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LLKZ7qeffR0WCvLbYuHtQIuwJGhXY0mVqB2w9B0q180%3D&reserved=0>
>>> Discussion of the feature can be found in multiple places throughout
>>> the last year on the RFC channel, staging branches, and in devel.
>>> Most recently, this subject was discussed in this thread:
>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&reserved=0
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&reserved=0>
>>> (the code branches shared in that discussion are now out of date, but the
>>> whitepapers and discussion are relevant).
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Dandan Bi <dandan.bi@intel.com>
>>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>> Cc: Hao A Wu <hao.a.wu@intel.com>
>>> Cc: Liming Gao <liming.gao@intel.com>
>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>> Cc: Andrew Fish <afish@apple.com>
>>> Cc: Ray Ni <ray.ni@intel.com>
>>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>>
>> This series has now made it into edk2, and has subsequently broken every single platform in edk2-platforms. Is anyone intending to propose any fixes for this?
>>
>>
>>> v9 changes:
>>> * Rebase
>>> * Address the event ordering issues around MorLock at EndOfDxe
>>> * Drop problematic tests
>>> * Address ECC issues
>>> v8 changes:
>>> * Rebase
>>> * Small tweaks from final PRs
>>> * Drank a lot
>>> * Enrolled several members and a steward in CatFacts
>>> v7 changes:
>>> * Address comments from Dandan about security of the MM handler
>>> * Add readme
>>> * Fix bug around hex characters in BOOT####, etc
>>> * Add additional testing for hex characters
>>> * Add additional testing for authenticated variables
>>> v6 changes:
>>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
>>> * Fix GCC building in shell-based functional test
>>> * Rebase on latest origin/master
>>> v5 changes:
>>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>>> * Fix EFIAPI mismatches in the functional unittest
>>> * Rebase on latest origin/master
>>> v4 changes:
>>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
>>> * Rebase on master
>>> * Migrate to new MmCommunicate2 protocol
>>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>>> V3 changes:
>>> * Address all non-unittest issues with ECC
>>> * Make additional style changes
>>> * Include section name in hunk headers in "ini-style" files
>>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>>> (now allocates its own buffer)
>>> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
>>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>>> * Fix GCC warning about initializing externs
>>> * Add UNI strings for new PCD
>>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>>> * Reorder patches according to Liming's feedback about adding to platforms
>>> before changing variable driver
>>> V2 changes:
>>> * Fixed implementation for RuntimeDxe
>>> * Add PCD to block DisableVariablePolicy
>>> * Fix the DumpVariablePolicy pagination in SMM
>>> Bret Barkelew (13):
>>> MdeModulePkg: Define the VariablePolicy protocol interface
>>> MdeModulePkg: Define the VariablePolicyLib
>>> MdeModulePkg: Define the VariablePolicyHelperLib
>>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>>> MdeModulePkg: Connect VariablePolicy business logic to
>>> VariableServices
>>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>>> variables
>>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
>>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
>>> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
>>> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
>>> EmulatorPkg/EmulatorPkg.dsc | 3 +
>>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
>>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
>>> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
>>> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
>>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
>>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
>>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
>>> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
>>> MdeModulePkg/MdeModulePkg.dec | 26 +-
>>> MdeModulePkg/MdeModulePkg.dsc | 9 +
>>> MdeModulePkg/MdeModulePkg.uni | 7 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
>>> OvmfPkg/OvmfPkgIa32.dsc | 5 +
>>> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
>>> OvmfPkg/OvmfPkgX64.dsc | 5 +
>>> OvmfPkg/OvmfXen.dsc | 4 +
>>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
>>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
>>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
>>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 20:02 ` [edk2-devel] " Andrei Warkentin
2020-11-19 20:16 ` Michael Kubacki
@ 2020-11-19 20:41 ` Bret Barkelew
2020-11-20 10:53 ` Laszlo Ersek
1 sibling, 1 reply; 33+ messages in thread
From: Bret Barkelew @ 2020-11-19 20:41 UTC (permalink / raw)
To: Andrei Warkentin, Ard Biesheuvel, devel@edk2.groups.io,
debtech@gmail.com
Cc: Bret Barkelew, Yao, Jiewen, Dandan Bi, Chao Zhang, Jian J Wang,
Hao A Wu, liming.gao, Jordan Justen, Laszlo Ersek, Andrew Fish,
Ni, Ray
[-- Attachment #1.1: Type: text/plain, Size: 16091 bytes --]
Is there a way for me to still say “not my problem” but sound like less of a jerk while doing it? Maybe, maybe not. I guess I’ve always tried to be a lovable ass and emphasize the “lovable” while minimizing the “ass”.
I did some digging and discovered that it’s true that the RPi projects did not receive the same info as some of the others because apparently that project cannot be targeted by Bugzilla bugs. Take, for example, this one for CoffeeLake:
2738 – CoffeelakeSiliconPkg: Add the VariablePolicy engine to your EDK2 platform (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=2738>
I apologize for that. Don’t know who to talk to about getting your project added.
I think that – philosophically – what I was trying to do is make sure that I document the required platform changes well enough that any platform could easily make them on their own time. After all, if the docs aren’t clear enough for edk2-platforms, what hope do any of our industry consumers have?
- Bret
From: Andrei Warkentin<mailto:awarkentin@vmware.com>
Sent: Thursday, November 19, 2020 12:02 PM
To: Ard Biesheuvel<mailto:ard.biesheuvel@arm.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; debtech@gmail.com<mailto:debtech@gmail.com>
Cc: Bret Barkelew<mailto:bret@corthon.com>; Yao, Jiewen<mailto:jiewen.yao@intel.com>; Dandan Bi<mailto:dandan.bi@intel.com>; Chao Zhang<mailto:chao.b.zhang@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Hao A Wu<mailto:hao.a.wu@intel.com>; liming.gao<mailto:liming.gao@intel.com>; Jordan Justen<mailto:jordan.l.justen@intel.com>; Laszlo Ersek<mailto:lersek@redhat.com>; Andrew Fish<mailto:afish@apple.com>; Ni, Ray<mailto:ray.ni@intel.com>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
Hi Bret,
To be honest, I don't recall seeing anything. Again, maybe I should have been more proactive, but that's probably the net reality for most people. It would be unreasonable to expect you to test every platform, but it is very reasonable to assume that if you know you're adding build breakage to every platform (that is trivial to fix), that you would be taking care of it... Principle of least surprise. And yes, in some weird corner case perhaps that would be insufficient (again, I don't think anyone would expect you to compile test every platform), but it would take care of 99% of obvious fall-out.
For reference, there are occasional clean-ups that happen to the edk2 tree, and I've never seen anyone claim "not my problem" to deal with the obvious fall-out resulting from renames and such.
A
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <debtech=gmail.com@groups.io>
Sent: Thursday, November 19, 2020 10:15 AM
To: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Jiewen Yao <jiewen.yao@intel.com>; Dandan Bi <dandan.bi@intel.com>; Chao Zhang <chao.b.zhang@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao <liming.gao@intel.com>; Jordan Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ray Ni <ray.ni@intel.com>; Bret Barkelew <brbarkel@microsoft.com>
Subject: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
You need to add the library class to your DSC.
--
[ Insert obscure pop-culture reference here. ]
> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel <ard.biesheuvel@arm.com> wrote:
>
> On 11/9/20 7:45 AM, Bret Barkelew wrote:
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>> Since the integration requires multiple changes, including adding libraries,
>> a protocol, an SMI communication handler, and VariableServices integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>> Platform porting instructions are described in this wiki entry:
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247128819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LLKZ7qeffR0WCvLbYuHtQIuwJGhXY0mVqB2w9B0q180%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ca7adba0050614e2b511608d88cc609f0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637414129505929483%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=a5rbCHus%2BDVQSYmWYaOsV5aIF8WfAjH4jaEt0WZXBwM%3D&reserved=0>
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>> Most recently, this subject was discussed in this thread:
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ca7adba0050614e2b511608d88cc609f0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637414129505939477%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=J3dLJeVPCKyqNXG3F2%2F8mQceMJTCD%2BsJnzZKXZmTn8Q%3D&reserved=0>
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> This series has now made it into edk2, and has subsequently broken every single platform in edk2-platforms. Is anyone intending to propose any fixes for this?
>
>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>> (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>> before changing variable driver
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>> Bret Barkelew (13):
>> MdeModulePkg: Define the VariablePolicy protocol interface
>> MdeModulePkg: Define the VariablePolicyLib
>> MdeModulePkg: Define the VariablePolicyHelperLib
>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>> MdeModulePkg: Connect VariablePolicy business logic to
>> VariableServices
>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>> variables
>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
>> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
>> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
>> EmulatorPkg/EmulatorPkg.dsc | 3 +
>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
>> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
>> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
>> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
>> MdeModulePkg/MdeModulePkg.dec | 26 +-
>> MdeModulePkg/MdeModulePkg.dsc | 9 +
>> MdeModulePkg/MdeModulePkg.uni | 7 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
>> OvmfPkg/OvmfPkgIa32.dsc | 5 +
>> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
>> OvmfPkg/OvmfPkgX64.dsc | 5 +
>> OvmfPkg/OvmfXen.dsc | 4 +
>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
[-- Attachment #1.2: Type: text/html, Size: 27559 bytes --]
[-- Attachment #2: 18F49CA7C2DD4D94B44B46E120428324.png --]
[-- Type: image/png, Size: 159 bytes --]
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 16:35 ` Ard Biesheuvel
@ 2020-11-20 10:34 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2020-11-20 10:34 UTC (permalink / raw)
To: Ard Biesheuvel, Bret Barkelew, devel@edk2.groups.io,
Bret Barkelew
Cc: Bret Barkelew, Yao, Jiewen, Dandan Bi, Jian J Wang, Hao A Wu,
Liming Gao, Jordan Justen, Andrew Fish, Ni, Ray
On 11/19/20 17:35, Ard Biesheuvel wrote:
> On 11/19/20 5:26 PM, Bret Barkelew wrote:
>> I should clarify that it wasn’t an official process. It was just a
>> suggestion that reached some consensus.
>>
>
> Fair enough. I haven't been as active on the mailing list recently, so I
> may have missed some of this.
Right, I remember at some point there was a big influx of new BZs for
adopting VariablePolicy in edk2-platforms platforms... In fact if I run
a search in the TianoCore bugzilla for "variablepolicy", 15 open bugs
are returned -- from which 14 exist for various components (DSC/FDF
files) in the "Edk2 Platforms" project. Most seem to originate from
mid-to-end of May 2020.
Anyway, *if* I wanted to assign blame here, I'd absolutely assign it to
the fact that edk2-platforms exists separately from edk2... I don't have
a *clue* how we could catch breakage like this *in the general case*,
even with CI.
I don't know if I'll ever find my peace with edk2-platforms *not* being
covered by any git-grep that I run in edk2...
> I was just slightly shocked that every single platform got broken by
> this change.
Hopefully fixing up the platforms won't be very difficult. IIRC, it was
one of the design goals to restrict platform level changes to lib
classes / lib instance hooking into drivers / maybe some PCD changes.
Thanks,
Laszlo
>
>
>> ------------------------------------------------------------------------
>> *From:* devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret
>> Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
>> *Sent:* Thursday, November 19, 2020 8:23:45 AM
>> *To:* Ard Biesheuvel <ard.biesheuvel@arm.com>; Bret Barkelew
>> <debtech@gmail.com>
>> *Cc:* Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io
>> <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi
>> <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu
>> <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan
>> Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>;
>> Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>
>> *Subject:* Re: [edk2-devel] [EXTERNAL] Re: [PATCH v9 00/13] Add the
>> VariablePolicy feature
>> I followed the process that was agreed upon in this list: I opened
>> bugs to every platform maintainer with explicit details of what needed
>> to be changed and waited a full month before making any further
>> progress with the main patches (adding a month to the completion time).
>>
>> I’m wrapping things up to take a vacation next week, but if there are
>> still problems when I return, I can probably contribute to one or two
>> platforms.
>>
>> - Bret
>> ------------------------------------------------------------------------
>> *From:* Ard Biesheuvel <ard.biesheuvel@arm.com>
>> *Sent:* Thursday, November 19, 2020 8:19:37 AM
>> *To:* Bret Barkelew <debtech@gmail.com>
>> *Cc:* Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io
>> <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; Dandan Bi
>> <dandan.bi@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu
>> <hao.a.wu@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Jordan
>> Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>;
>> Andrew Fish <afish@apple.com>; Ni, Ray <ray.ni@intel.com>; Bret
>> Barkelew <Bret.Barkelew@microsoft.com>
>> *Subject:* [EXTERNAL] Re: [PATCH v9 00/13] Add the VariablePolicy feature
>> On 11/19/20 5:15 PM, Bret Barkelew wrote:
>>> Those bugs and recommendations were sent out months ago. Several
>>> platforms have staged the changes already.
>>>
>>> You need to add the library class to your DSC.
>>>
>>
>> I know it has been painful to get these changes in, and I am glad that
>> you stuck with it. But that does not make it OK to simply break every
>> platform in edk2-platforms/ and not take any responsibility whatsoever
>> for fixing it. If it is such a trivial fix, why didn't you fix it
>> yourself?
>>
>>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
2020-11-19 20:41 ` Bret Barkelew
@ 2020-11-20 10:53 ` Laszlo Ersek
0 siblings, 0 replies; 33+ messages in thread
From: Laszlo Ersek @ 2020-11-20 10:53 UTC (permalink / raw)
To: Bret Barkelew, Andrei Warkentin, Ard Biesheuvel,
devel@edk2.groups.io, debtech@gmail.com
Cc: Bret Barkelew, Yao, Jiewen, Dandan Bi, Chao Zhang, Jian J Wang,
Hao A Wu, liming.gao, Jordan Justen, Andrew Fish, Ni, Ray
On 11/19/20 21:41, Bret Barkelew wrote:
> Is there a way for me to still say “not my problem” but sound like less of a jerk while doing it? Maybe, maybe not. I guess I’ve always tried to be a lovable ass and emphasize the “lovable” while minimizing the “ass”.
>
> I did some digging and discovered that it’s true that the RPi projects did not receive the same info as some of the others because apparently that project cannot be targeted by Bugzilla bugs. Take, for example, this one for CoffeeLake:
> 2738 – CoffeelakeSiliconPkg: Add the VariablePolicy engine to your EDK2 platform (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=2738>
>
> I apologize for that. Don’t know who to talk to about getting your project added.
I confirm Bret filed a huge bunch of BZs for advertizing the fallout.
Again, that was in May.
If I look at the bugmail traffic back then, it seems like -- aka "I
remember it like" -- Bret ran a script that iterated over all the
platforms that had a matching component in Bugzilla, and for each such
component, the script filed a bug titled "Add the VariablePolicy engine
to your EDK2 platform". The "Package" field on each ticket was set by
the script correctly, as far as I remember.
Because I found the bug titles a little lacking in expressivity, I then
dug in and manually prefixed each title with the affected package's name.
I also seem to have run "GetMaintainer.py" manually, for (almost) every
DSC file underlying these BZs, and CC'ing the designated maintainers
manually on the corresponding BZs.
Again, checking my bugmail folder, the above reports cover the following
contiguous BZ ranges:
- #2731 through #2751 (21 tickets)
- #2754 through #2761 (8 tickets)
I think due diligence was observed. The problem was most likely that
some platforms didn't have corresponding "Component" values under the
"EDK2 Platforms" project in Bugzilla.
(In fact Bret's script was so diligent that it created tickets for some
unaffected components too, which we then ruled out manually, with the
help of Liming and maybe others. Examples: 2736, 2737, 2738, 2740, ....
Additionally, there was at least one mis-execution of the script, whcih
created duplicates. Examples: 2731, 2732, 2733, 2734, 2735, ....)
For creating a new Component in Bugzilla, please contact Mike Kinney.
And, please watch out for bugmail.
Thanks
Laszlo
> I think that – philosophically – what I was trying to do is make sure that I document the required platform changes well enough that any platform could easily make them on their own time. After all, if the docs aren’t clear enough for edk2-platforms, what hope do any of our industry consumers have?
>
> - Bret
>
> From: Andrei Warkentin<mailto:awarkentin@vmware.com>
> Sent: Thursday, November 19, 2020 12:02 PM
> To: Ard Biesheuvel<mailto:ard.biesheuvel@arm.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; debtech@gmail.com<mailto:debtech@gmail.com>
> Cc: Bret Barkelew<mailto:bret@corthon.com>; Yao, Jiewen<mailto:jiewen.yao@intel.com>; Dandan Bi<mailto:dandan.bi@intel.com>; Chao Zhang<mailto:chao.b.zhang@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Hao A Wu<mailto:hao.a.wu@intel.com>; liming.gao<mailto:liming.gao@intel.com>; Jordan Justen<mailto:jordan.l.justen@intel.com>; Laszlo Ersek<mailto:lersek@redhat.com>; Andrew Fish<mailto:afish@apple.com>; Ni, Ray<mailto:ray.ni@intel.com>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>
> Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>
> Hi Bret,
>
> To be honest, I don't recall seeing anything. Again, maybe I should have been more proactive, but that's probably the net reality for most people. It would be unreasonable to expect you to test every platform, but it is very reasonable to assume that if you know you're adding build breakage to every platform (that is trivial to fix), that you would be taking care of it... Principle of least surprise. And yes, in some weird corner case perhaps that would be insufficient (again, I don't think anyone would expect you to compile test every platform), but it would take care of 99% of obvious fall-out.
>
> For reference, there are occasional clean-ups that happen to the edk2 tree, and I've never seen anyone claim "not my problem" to deal with the obvious fall-out resulting from renames and such.
>
> A
>
> From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <debtech=gmail.com@groups.io>
> Sent: Thursday, November 19, 2020 10:15 AM
> To: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Bret Barkelew <bret@corthon.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Jiewen Yao <jiewen.yao@intel.com>; Dandan Bi <dandan.bi@intel.com>; Chao Zhang <chao.b.zhang@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Liming Gao <liming.gao@intel.com>; Jordan Justen <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Andrew Fish <afish@apple.com>; Ray Ni <ray.ni@intel.com>; Bret Barkelew <brbarkel@microsoft.com>
> Subject: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>
> Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.
>
> You need to add the library class to your DSC.
>
> --
> [ Insert obscure pop-culture reference here. ]
>
>> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel <ard.biesheuvel@arm.com> wrote:
>>
>> On 11/9/20 7:45 AM, Bret Barkelew wrote:
>>> The 14 patches in this series add the VariablePolicy feature to the core,
>>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>>> churn), and integrate the VariablePolicy libraries and protocols into
>>> Variable Services.
>>> Since the integration requires multiple changes, including adding libraries,
>>> a protocol, an SMI communication handler, and VariableServices integration,
>>> the patches are broken up by individual library additions and then a final
>>> integration. Security-sensitive changes like bypassing Authenticated
>>> Variable enforcement are also broken out into individual patches so that
>>> attention can be called directly to them.
>>> Platform porting instructions are described in this wiki entry:
>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247128819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LLKZ7qeffR0WCvLbYuHtQIuwJGhXY0mVqB2w9B0q180%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ca7adba0050614e2b511608d88cc609f0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637414129505929483%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=a5rbCHus%2BDVQSYmWYaOsV5aIF8WfAjH4jaEt0WZXBwM%3D&reserved=0>
>>> Discussion of the feature can be found in multiple places throughout
>>> the last year on the RFC channel, staging branches, and in devel.
>>> Most recently, this subject was discussed in this thread:
>>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ca7adba0050614e2b511608d88cc609f0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637414129505939477%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=J3dLJeVPCKyqNXG3F2%2F8mQceMJTCD%2BsJnzZKXZmTn8Q%3D&reserved=0>
>>> (the code branches shared in that discussion are now out of date, but the
>>> whitepapers and discussion are relevant).
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Dandan Bi <dandan.bi@intel.com>
>>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>> Cc: Hao A Wu <hao.a.wu@intel.com>
>>> Cc: Liming Gao <liming.gao@intel.com>
>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>> Cc: Andrew Fish <afish@apple.com>
>>> Cc: Ray Ni <ray.ni@intel.com>
>>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>>
>> This series has now made it into edk2, and has subsequently broken every single platform in edk2-platforms. Is anyone intending to propose any fixes for this?
>>
>>
>>> v9 changes:
>>> * Rebase
>>> * Address the event ordering issues around MorLock at EndOfDxe
>>> * Drop problematic tests
>>> * Address ECC issues
>>> v8 changes:
>>> * Rebase
>>> * Small tweaks from final PRs
>>> * Drank a lot
>>> * Enrolled several members and a steward in CatFacts
>>> v7 changes:
>>> * Address comments from Dandan about security of the MM handler
>>> * Add readme
>>> * Fix bug around hex characters in BOOT####, etc
>>> * Add additional testing for hex characters
>>> * Add additional testing for authenticated variables
>>> v6 changes:
>>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
>>> * Fix GCC building in shell-based functional test
>>> * Rebase on latest origin/master
>>> v5 changes:
>>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>>> * Fix EFIAPI mismatches in the functional unittest
>>> * Rebase on latest origin/master
>>> v4 changes:
>>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
>>> * Rebase on master
>>> * Migrate to new MmCommunicate2 protocol
>>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>>> V3 changes:
>>> * Address all non-unittest issues with ECC
>>> * Make additional style changes
>>> * Include section name in hunk headers in "ini-style" files
>>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>>> (now allocates its own buffer)
>>> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
>>> to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>>> * Fix GCC warning about initializing externs
>>> * Add UNI strings for new PCD
>>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>>> * Reorder patches according to Liming's feedback about adding to platforms
>>> before changing variable driver
>>> V2 changes:
>>> * Fixed implementation for RuntimeDxe
>>> * Add PCD to block DisableVariablePolicy
>>> * Fix the DumpVariablePolicy pagination in SMM
>>> Bret Barkelew (13):
>>> MdeModulePkg: Define the VariablePolicy protocol interface
>>> MdeModulePkg: Define the VariablePolicyLib
>>> MdeModulePkg: Define the VariablePolicyHelperLib
>>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>>> MdeModulePkg: Connect VariablePolicy business logic to
>>> VariableServices
>>> MdeModulePkg: Allow VariablePolicy state to delete protected variables
>>> SecurityPkg: Allow VariablePolicy state to delete authenticated
>>> variables
>>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 346 ++++++++
>>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c | 46 ++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c | 85 ++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 830 ++++++++++++++++++++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 52 +-
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 60 +-
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 60 ++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 573 ++++++++++++++
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 7 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 14 +
>>> SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +-
>>> ArmVirtPkg/ArmVirt.dsc.inc | 4 +
>>> EmulatorPkg/EmulatorPkg.dsc | 3 +
>>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 54 ++
>>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++
>>> MdeModulePkg/Include/Library/VariablePolicyLib.h | 207 +++++
>>> MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++
>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 42 +
>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 +
>>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 +
>>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
>>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md | 406 ++++++++++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 48 ++
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni | 12 +
>>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf | 51 ++
>>> MdeModulePkg/MdeModulePkg.ci.yaml | 4 +-
>>> MdeModulePkg/MdeModulePkg.dec | 26 +-
>>> MdeModulePkg/MdeModulePkg.dsc | 9 +
>>> MdeModulePkg/MdeModulePkg.uni | 7 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 5 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 4 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 11 +
>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 4 +
>>> OvmfPkg/OvmfPkgIa32.dsc | 5 +
>>> OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
>>> OvmfPkg/OvmfPkgX64.dsc | 5 +
>>> OvmfPkg/OvmfXen.dsc | 4 +
>>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 +
>>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
>>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
>>> 43 files changed, 3845 insertions(+), 80 deletions(-)
>>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>> create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>>> create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>>> create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>> create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>> create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>
>
>
>
>
>
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2020-11-20 10:53 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 01/13] MdeModulePkg: Define the VariablePolicy protocol interface Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 02/13] MdeModulePkg: Define the VariablePolicyLib Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 03/13] MdeModulePkg: Define the VariablePolicyHelperLib Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 04/13] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 05/13] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 06/13] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 07/13] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 08/13] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 09/13] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 10/13] MdeModulePkg: Allow VariablePolicy state to delete protected variables Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 11/13] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 12/13] MdeModulePkg: Change TCG MOR variables to use VariablePolicy Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 13/13] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Bret Barkelew
2020-11-11 18:43 ` [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-11 22:34 ` [edk2-devel] " Laszlo Ersek
2020-11-12 14:24 ` 回复: " gaoliming
2020-11-12 16:45 ` Bret Barkelew
2020-11-13 1:20 ` Bret Barkelew
2020-11-13 2:05 ` 回复: " gaoliming
2020-11-13 19:59 ` Laszlo Ersek
[not found] ` <1646EF0A6B8F843A.414@groups.io>
2020-11-17 1:00 ` gaoliming
2020-11-19 12:46 ` Ard Biesheuvel
2020-11-19 16:15 ` Bret Barkelew
2020-11-19 16:19 ` Ard Biesheuvel
2020-11-19 16:23 ` [EXTERNAL] " Bret Barkelew
[not found] ` <1648F558ACA0C0F8.8629@groups.io>
2020-11-19 16:26 ` [edk2-devel] " Bret Barkelew
2020-11-19 16:35 ` Ard Biesheuvel
2020-11-20 10:34 ` Laszlo Ersek
2020-11-19 20:02 ` [edk2-devel] " Andrei Warkentin
2020-11-19 20:16 ` Michael Kubacki
2020-11-19 20:41 ` Bret Barkelew
2020-11-20 10:53 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox