From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by mx.groups.io with SMTP id smtpd.web12.21989.1605857288846415126 for ; Thu, 19 Nov 2020 23:28:10 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Fri, 20 Nov 2020 15:27:26 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: , , "'Liu, Zhiguang'" , , , "'Ard Biesheuvel'" , , "'Feng, Bob C'" , "'Tian, Hot'" Cc: "'Bret Barkelew'" , "'Bi, Dandan'" , "'Chao Zhang'" , "'Wang, Jian J'" , "'Wu, Hao A'" , "'Liming Gao'" , "'Justen, Jordan L'" , "'Laszlo Ersek'" , "'Andrew Fish'" , "'Ni, Ray'" , "'Bret Barkelew'" , "'Kinney, Michael D'" References: In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gQSBwcm9wb3NhbCB0byByZWR1Y2UgaW5jb21wYXRpYmxlIGNhc2U=?= Date: Fri, 20 Nov 2020 15:27:28 +0800 Message-ID: <018a01d6bf0e$9a499810$cedcc830$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGtnacOwkGkqMN3Fk9qJp92hRhtXgJCxZ1HqhDKMqA= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn Zhiguang: This proposal can reduce the potential library class dependency. Each pa= ckage has its xxxPkgLib.dsc.inc file that includes the library instances fr= om this package.=20 Platform DSC can include the required package lib.dsc.inc file for the l= ibrary instances. Can you work out the code changes to demonstrate this ide= a? Thanks Liming > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: bounce+27952+67752+4905953+8761045@groups.i= o > =E4=BB=A3=E8=A1=A8 Yao, J= iewen > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2020=E5=B9=B411=E6=9C=8820=E6=97= =A5 15:20 > =E6=94=B6=E4=BB=B6=E4=BA=BA: Liu, Zhiguang ; dev= el@edk2.groups.io; > michael.kubacki@outlook.com; awarkentin@vmware.com; Ard Biesheuvel > ; debtech@gmail.com; Feng, Bob C > ; Tian, Hot > =E6=8A=84=E9=80=81: Bret Barkelew ; Bi, Dandan > ; Chao Zhang ; Wang, Jian > J ; Wu, Hao A ; Liming Gao > ; Justen, Jordan L ; La= szlo > Ersek ; Andrew Fish ; Ni, Ray > ; Bret Barkelew ; Kinney, > Michael D ; Liming Gao > > =E4=B8=BB=E9=A2=98: Re: [edk2-devel] A proposal to reduce incompatible c= ase >=20 > I like this idea. MinPlatform also adopt the same strategy - define comm= on > stuff in a dsc include file @ > https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/M= i > nPlatformPkg/Include/Dsc >=20 >=20 > A minor clarification: > For VariablePolicyLib, I think we just need add to MdeModulePkgLib.dsc.i= nc. > We don=E2=80=99t need update UefiPayloadPkgLib.dsc.inc or SecurityPkgLib= .dsc.inc, > right? They are just consumer, not producer. >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Liu, Zhiguang > > Sent: Friday, November 20, 2020 2:52 PM > > To: devel@edk2.groups.io; michael.kubacki@outlook.com; > > awarkentin@vmware.com; Ard Biesheuvel ; > > debtech@gmail.com; Feng, Bob C ; Tian, Hot > > > > Cc: Bret Barkelew ; Yao, Jiewen > > ; Bi, Dandan ; Chao Zhang > > ; Wang, Jian J ; Wu, Ha= o > > A ; Liming Gao ; Justen, > > Jordan L ; Laszlo Ersek = ; > > Andrew Fish ; Ni, Ray ; Bret > Barkelew > > ; Kinney, Michael D > > ; Liming Gao > > Subject: A proposal to reduce incompatible case > > > > Hi all, > > > > As Michael mentioned, there are some platforms do not build and some i= s > > because incompatible code change like this one. > > I think it is a burden for both contributor and maintainer to fix plat= form code > > when meeting such incompatible change. > > I want to proposal one solution to minimum the effort of such code cha= nge. > > > > We could add a package library instance dsc include file under each > package, > > like XXXPkgLib.dsc.inc > > It will specify the default library instance that will be used by modu= les in this > > package. > > For example, we add MdeModulePkgLib.dsc.inc file in MdeModulePkg. > > Some package already has similar dsc include file, such as > > ArmVirtPkg/ArmVirt.dsc.inc and NetworkPkg\Network.dsc.inc. > > In platform dsc file, we include the XXXPkgLib.dsc.inc file at the beg= inning, > if > > the platform uses component from the package. > > We place the inc file in the beginning because we can override the lib= rary > > instance in other part of the platform dsc file. > > > > Whenever the contributor adds a new library dependency in one module, = he > > should also add a default library instance in the package library inst= ance dsc > > include file. > > > > For example, in this case, > > Contributor will add the below information in UefiPayloadPkgLib.dsc.in= c, > > SecurityPkgLib.dsc.inc and MdeModulePkgLib.dsc.inc > > > > [LibraryClasses] > > > > > VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= i > > b.inf > > > > > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Va > > riablePolicyHelperLib.inf > > [LibraryClasses.common.DXE_RUNTIME_DRIVER] > > > > > VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= i > > bRuntimeDxe.inf > > > > If the platform already includes these inc files, the code change won'= t break > > any build. > > If the platform wants to choose another library instance, it can speci= fy in the > > dsc file, and will override the configuration in inc files. > > This feature can even reduce the code in platform dsc file if platform= choose > > to use default library instance. > > The problem is that it may compiles redundant modules if the > > > > Please give comments about this proposal. > > > > Thanks > > Zhiguang > > > > > > > -----Original Message----- > > > From: devel@edk2.groups.io On Behalf Of > > Michael > > > Kubacki > > > Sent: Friday, November 20, 2020 4:16 AM > > > To: devel@edk2.groups.io; awarkentin@vmware.com; Ard Biesheuvel > > > ; debtech@gmail.com > > > Cc: Bret Barkelew ; Yao, Jiewen > > ; > > > Bi, Dandan ; Chao Zhang > > ; > > > Wang, Jian J ; Wu, Hao A = ; > > > Liming Gao ; Justen, Jordan L > > > ; Laszlo Ersek ; Andre= w > > Fish > > > ; Ni, Ray ; Bret Barkelew > > > > > > Subject: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy fe= ature > > > > > > While I'm not currently a maintainer in either repo, I believe the c= urrent > > > process is not ideal. I highlighted some of my observations > > > here: https://edk2.groups.io/g/devel/message/65902. > > > > > > Again, I don't have a strong vested interest in this but I do think = some level > > of a > > > more well defined process needs to be reached between repo maintiner= s > > to > > > ease feature development in the future. > > > > > > Thanks, > > > Michael > > > > > > On 11/19/2020 12:02 PM, Andrei Warkentin wrote: > > > > Hi Bret, > > > > > > > > To be honest, I don't recall seeing anything. Again, maybe I shoul= d > > > > have been more proactive, but that's probably the net reality for = most > > > > people. It would be unreasonable to expect you to test every platf= orm, > > > > but it is very reasonable to assume that if you know you're adding > > > > build breakage to every platform (that is trivial to fix), that yo= u > > > > would be taking care of it... Principle of least surprise. And yes= , in > > > > some weird corner case perhaps that would be insufficient (again, = I > > > > don't think anyone would expect you to compile test every platform= ), > > > > but it would take care of 99% of obvious fall-out. > > > > > > > > For reference, there are occasional clean-ups that happen to the e= dk2 > > > > tree, and I've never seen anyone claim "not my problem" to deal wi= th > > > > the obvious fall-out resulting from renames and such. > > > > > > > > A > > > > ------------------------------------------------------------------= ---- > > > > -- > > > > *From:* devel@edk2.groups.io on behalf of > > Bret > > > > Barkelew via groups.io > > > > *Sent:* Thursday, November 19, 2020 10:15 AM > > > > *To:* Ard Biesheuvel > > > > *Cc:* Bret Barkelew ; devel@edk2.groups.io > > > > ; Jiewen Yao ; Dandan > > Bi > > > > ; Chao Zhang ; Jian J > > > > Wang ; Hao A Wu ; > > Liming > > > > Gao ; Jordan Justen > ; > > > > Laszlo Ersek ; Andrew Fish ; > Ray > > > > Ni ; Bret Barkelew > > > > *Subject:* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolic= y > > > > feature Those bugs and recommendations were sent out months ago. > > > > Several platforms have staged the changes already. > > > > > > > > You need to add the library class to your DSC. > > > > > > > > -- > > > > [ Insert obscure pop-culture reference here. ] > > > > > > > >> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel > > > > wrote: > > > >> > > > >> =EF=BB=BFOn 11/9/20 7:45 AM, Bret Barkelew wrote: > > > >>> The 14 patches in this series add the VariablePolicy feature to = the > > > >>> core, deprecate Edk2VarLock (while adding a compatibility layer = to > > > >>> reduce code churn), and integrate the VariablePolicy libraries a= nd > > > >>> protocols into Variable Services. > > > >>> Since the integration requires multiple changes, including addin= g > > > >>> libraries, a protocol, an SMI communication handler, and > > > >>> VariableServices integration, the patches are broken up by > > > >>> individual library additions and then a final integration. > > > >>> Security-sensitive changes like bypassing Authenticated Variable > > > >>> enforcement are also broken out into individual patches so that > > attention > > > can be called directly to them. > > > >>> Platform porting instructions are described in this wiki entry: > > > >>> > > https://nam04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgi > > > >>> > > thub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-P > > > >>> rotocol---Enhanced-Method-for-Managing-Variables%23platform- > > porting& > > > >>> > > > > > > amp;data=3D04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bf > f > > 7e > > > 08d > > > >>> > > > > > > 88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414 > 0 > > 5 > > > 82471 > > > >>> > > > > > > 28819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > u > > M > > > zIiLC > > > >>> > > > > > > JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3DLLKZ7qeffR0WCvLbY > > uH > > > tQI > > > >>> uwJGhXY0mVqB2w9B0q180%3D&reserved=3D0 > > > > > > > > > hub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy- > > Prot > > > > ocol---Enhanced-Method-for-Managing-Variables%23platform- > > > porting&d > > > > > > > > > > ata=3D04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d > > 88 > > > cb573 > > > > > > > > > > 90%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C6374140582471 > 2 > > 8 > > > 819%7CU > > > > > > > > > > nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI > > 6Ik > > > 1ha > > > > > > > > > > WwiLCJXVCI6Mn0%3D%7C1000&sdata=3DLLKZ7qeffR0WCvLbYuHtQIuwJG > > hX > > > Y0mVqB2 > > > > w9B0q180%3D&reserved=3D0> > > > >>> Discussion of the feature can be found in multiple places throug= hout > > > >>> the last year on the RFC channel, staging branches, and in devel= . > > > >>> Most recently, this subject was discussed in this thread: > > > >>> > > https://nam04.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fed > > > >>> > > > > > > k2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=3D04%7C01%7C > a > > wa > > > rke > > > >>> > > > > > > ntin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca > > 3c > > > ee4 > > > >>> > > > > > > b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown% > 7 > > CT > > > WFpbGZ > > > >>> > > > > > > sb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M > > n0 > > > >>> %3D%7C1000&sdata=3DGYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIG > ve > > CTT > > > 17mlfc%3 > > > >>> D&reserved=3D0 > > > > > > > > > > > > > > > > 2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&data=3D04%7C01%7Ca > > war > > > kenti > > > > > > > > > > n%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3c > e > > e > > > 4b4aa4 > > > > > > > > > > d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTW > F > > pb > > > GZsb3d8ey > > > > > > > > > > JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D > % > > 7 > > > C100 > > > > > > > > > > 0&sdata=3DGYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&a > > mp > > > ;reser > > > > ved=3D0> > > > >>> (the code branches shared in that discussion are now out of date= , > > > >>> but the whitepapers and discussion are relevant). > > > >>> Cc: Jiewen Yao > > > >>> Cc: Dandan Bi > > > >>> Cc: Chao Zhang > > > >>> Cc: Jian J Wang > > > >>> Cc: Hao A Wu > > > >>> Cc: Liming Gao > > > >>> Cc: Jordan Justen > > > >>> Cc: Laszlo Ersek > > > >>> Cc: Ard Biesheuvel > > > >>> Cc: Andrew Fish > > > >>> Cc: Ray Ni > > > >>> Cc: Bret Barkelew > > > >>> Signed-off-by: Bret Barkelew > > > >> > > > >> This series has now made it into edk2, and has subsequently broke= n > > every > > > single platform in edk2-platforms. Is anyone intending to propose an= y fixes > > for > > > this? > > > >> > > > >> > > > >>> v9 changes: > > > >>> * Rebase > > > >>> * Address the event ordering issues around MorLock at EndOfDxe > > > >>> * Drop problematic tests > > > >>> * Address ECC issues > > > >>> v8 changes: > > > >>> * Rebase > > > >>> * Small tweaks from final PRs > > > >>> * Drank a lot > > > >>> * Enrolled several members and a steward in CatFacts > > > >>> v7 changes: > > > >>> * Address comments from Dandan about security of the MM handler > > > >>> * Add readme > > > >>> * Fix bug around hex characters in BOOT####, etc > > > >>> * Add additional testing for hex characters > > > >>> * Add additional testing for authenticated variables > > > >>> v6 changes: > > > >>> * Fix an issue with uninitialized Status in InitVariablePolicyLi= b() > > > >>>and DeinitVariablePolicyLib() > > > >>> * Fix GCC building in shell-based functional test > > > >>> * Rebase on latest origin/master > > > >>> v5 changes: > > > >>> * Fix the CONST mismatch in VariablePolicy.h and > > > >>>VariablePolicySmmDxe.c > > > >>> * Fix EFIAPI mismatches in the functional unittest > > > >>> * Rebase on latest origin/master > > > >>> v4 changes: > > > >>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD > > from > > > >>>platforms > > > >>> * Rebase on master > > > >>> * Migrate to new MmCommunicate2 protocol > > > >>> * Fix an oversight in the default return value for > > > >>>InitMmCommonCommBuffer > > > >>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consu= me > > > >>>variables > > > >>> V3 changes: > > > >>> * Address all non-unittest issues with ECC > > > >>> * Make additional style changes > > > >>> * Include section name in hunk headers in "ini-style" files > > > >>> * Remove requirement for the > > EdkiiPiSmmCommunicationsRegionTable > > > >>>driver > > > >>> (now allocates its own buffer) > > > >>> * Change names from VARIABLE_POLICY_PROTOCOL and > > > >>>gVariablePolicyProtocolGuid > > > >>> to EDKII_VARIABLE_POLICY_PROTOCOL and > > > >>>gEdkiiVariablePolicyProtocolGuid > > > >>> * Fix GCC warning about initializing externs > > > >>> * Add UNI strings for new PCD > > > >>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg > > > >>> * Reorder patches according to Liming's feedback about adding to > > > >>>platforms > > > >>> before changing variable driver > > > >>> V2 changes: > > > >>> * Fixed implementation for RuntimeDxe > > > >>> * Add PCD to block DisableVariablePolicy > > > >>> * Fix the DumpVariablePolicy pagination in SMM Bret Barkelew > (13): > > > >>> MdeModulePkg: Define the VariablePolicy protocol interface > > > >>> MdeModulePkg: Define the VariablePolicyLib > > > >>> MdeModulePkg: Define the VariablePolicyHelperLib > > > >>> MdeModulePkg: Define the VarCheckPolicyLib and SMM interface > > > >>> OvmfPkg: Add VariablePolicy engine to OvmfPkg platform > > > >>> EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform > > > >>> ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform > > > >>> UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg > > > >>>platform > > > >>> MdeModulePkg: Connect VariablePolicy business logic to > > > >>> VariableServices > > > >>> MdeModulePkg: Allow VariablePolicy state to delete protected > > > >>>variables > > > >>> SecurityPkg: Allow VariablePolicy state to delete authenticate= d > > > >>> variables > > > >>> MdeModulePkg: Change TCG MOR variables to use VariablePolicy > > > >>> MdeModulePkg: Drop VarLock from RuntimeDxe variable driver > > > >>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > > > >>>| 346 ++++++++ > > > >>> > > > >>>MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelper > Li > > b. > > > >>>c | 396 ++++++++++ > > > >>> > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNul= l. > c > > > >>>| 46 ++ > > > >>> > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRun= ti > > me > > > >>>Dxe.c | 85 ++ > > > >>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > > >>>| 830 ++++++++++++++++++++ > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c > > > > > > >>>| 52 +- > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm. > c > > > > > > >>>| 60 +- > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c > > > >>>| 49 +- > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > > > >>>| 60 ++ > > > >>> > > > >>>MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequest > T > > oLo > > > ck. > > > >>>c | 71 ++ > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySm > mD > > xe.c > > > > > > >>>| 573 ++++++++++++++ > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > > > > > > >>>| 7 + > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRunt > im > > eDx > > > e.c > > > >>>| 14 + > > > >>> SecurityPkg/Library/AuthVariableLib/AuthService.c > > > >>>| 30 +- > > > >>> ArmVirtPkg/ArmVirt.dsc.inc > > > >>>| 4 + > > > >>> EmulatorPkg/EmulatorPkg.dsc > > > >>>| 3 + > > > >>> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > > > >>>| 54 ++ > > > >>> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h > > > >>>| 164 ++++ > > > >>> MdeModulePkg/Include/Library/VariablePolicyLib.h > > > >>>| 207 +++++ > > > >>> MdeModulePkg/Include/Protocol/VariablePolicy.h > > > >>>| 157 ++++ > > > >>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > > > >>>| 42 + > > > >>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > > > >>>| 12 + > > > >>> > > > >>>MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelper > Li > > b. > > > >>>inf | 35 + > > > >>> > > > >>>MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelper > Li > > b. > > > >>>uni | 12 + > > > >>> MdeModulePkg/Library/VariablePolicyLib/ReadMe.md > > > >>>| 406 ++++++++++ > > > >>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > > > >>>| 48 ++ > > > >>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > > > >>>| 12 + > > > >>> > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDx > e > > .in > > > >>>f | 51 ++ > > > >>> MdeModulePkg/MdeModulePkg.ci.yaml > > > >>>| 4 +- > > > >>> MdeModulePkg/MdeModulePkg.dec > > > >>>| 26 +- > > > >>> MdeModulePkg/MdeModulePkg.dsc > > > >>>| 9 + > > > >>> MdeModulePkg/MdeModulePkg.uni > > > >>>| 7 + > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeD > xe > > .inf > > > > > > >>>| 5 + > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > > > > > > >>>| 4 + > > > >>> > > > >>>MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntim > e > > Dxe. > > > inf > > > >>>| 11 + > > > >>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandalon > e > > Mm.i > > > nf > > > >>>| 4 + > > > >>> OvmfPkg/OvmfPkgIa32.dsc > > > >>>| 5 + > > > >>> OvmfPkg/OvmfPkgIa32X64.dsc > > > >>>| 5 + > > > >>> OvmfPkg/OvmfPkgX64.dsc > > > >>>| 5 + > > > >>> OvmfPkg/OvmfXen.dsc > > > >>>| 4 + > > > >>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > > >>>| 2 + > > > >>> UefiPayloadPkg/UefiPayloadPkgIa32.dsc > > > >>>| 4 + > > > >>> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc > > > >>>| 4 + > > > >>> 43 files changed, 3845 insertions(+), 80 deletions(-) > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelper > Li > > b. > > > >>>c > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNul= l. > c > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRun= ti > > me > > > >>>Dxe.c > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > > > >>> create mode 100644 > > > >>>MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequest > T > > oLo > > > ck. > > > >>>c > > > >>> create mode 100644 > > > >>>MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmD > x > > e.c > > > >>> create mode 100644 > > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > > > >>> create mode 100644 > > > >>>MdeModulePkg/Include/Library/VariablePolicyHelperLib.h > > > >>> create mode 100644 > > MdeModulePkg/Include/Library/VariablePolicyLib.h > > > >>> create mode 100644 > > MdeModulePkg/Include/Protocol/VariablePolicy.h > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelper > Li > > b. > > > >>>inf > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelper > Li > > b. > > > >>>uni > > > >>> create mode 100644 > > > MdeModulePkg/Library/VariablePolicyLib/ReadMe.md > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > > > >>> create mode 100644 > > > >>>MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDx > e > > .in > > > >>>f > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >=20 >=20 >=20 >=20 >=20