From: "gaoliming via groups.io" <gaoliming=byosoft.com.cn@groups.io>
To: <devel@edk2.groups.io>, <mikuback@linux.microsoft.com>
Cc: "'Dandan Bi'" <dandan.bi@intel.com>,
"'Hao A Wu'" <hao.a.wu@intel.com>,
"'Jian J Wang'" <jian.j.wang@intel.com>
Subject: 回复: [edk2-devel] [PATCH v1 1/3] MdeModulePkg/VariablePolicy: Add more granular variable policy querying
Date: Tue, 24 Oct 2023 13:11:59 +0800 [thread overview]
Message-ID: <01de01da0638$9dd09a00$d971ce00$@byosoft.com.cn> (raw)
In-Reply-To: <20230919143300.398-2-mikuback@linux.microsoft.com>
Michael:
The change is good to me. Reviewed-by: Liming Gao
<gaoliming@byosoft.com.cn>
Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Michael
> Kubacki
> 发送时间: 2023年9月19日 22:33
> 收件人: devel@edk2.groups.io
> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
> Jian J Wang <jian.j.wang@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>
> 主题: [edk2-devel] [PATCH v1 1/3] MdeModulePkg/VariablePolicy: Add more
> granular variable policy querying
>
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>
> Introduces two new APIs to EDKII_VARIABLE_POLICY_PROTOCOL:
> 1. GetVariablePolicyInfo()
> 2. GetLockOnVariableStateVariablePolicyInfo()
>
> These allow a caller to retrieve policy information associated with
> a UEFI variable given the variable name and vendor GUID.
>
> GetVariablePolicyInfo() - Returns the variable policy applied to the
> UEFI variable. If the variable policy is applied toward an individual
> UEFI variable, that name can optionally be returned.
>
> GetLockOnVariableStateVariablePolicyInfo() - Returns the Lock on
> Variable State policy applied to the UEFI variable. If the Lock on
> Variable State policy is applied to a specific variable name, that
> name can optionally be returned.
>
> These functions can be useful for a variety of purposes such as
> auditing, testing, and functional flows.
>
> Also fixed some variable name typos in code touched by the changes.
>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> ---
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c |
> 174 ++++++++--
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c |
> 304 +++++++++++++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> | 4 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c |
> 346 +++++++++++++++++++-
> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> | 39 ++-
> MdeModulePkg/Include/Library/VariablePolicyLib.h |
> 107 ++++++
> MdeModulePkg/Include/Protocol/VariablePolicy.h |
> 133 +++++++-
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 1
> +
> 8 files changed, 1062 insertions(+), 46 deletions(-)
>
> diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> index 5de46133bb26..1448af85555a 100644
> --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> @@ -76,14 +76,20 @@ VarCheckPolicyLibMmiHandler (
> VOID *InternalCommBuffer;
> EFI_STATUS Status;
> EFI_STATUS SubCommandStatus;
> - VAR_CHECK_POLICY_COMM_HEADER
> *PolicyCommmHeader;
> - VAR_CHECK_POLICY_COMM_HEADER
> *InternalPolicyCommmHeader;
> + VAR_CHECK_POLICY_COMM_HEADER
> *PolicyCommHeader;
> + VAR_CHECK_POLICY_COMM_HEADER
> *InternalPolicyCommHeader;
> VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS
> *IsEnabledParams;
> VAR_CHECK_POLICY_COMM_DUMP_PARAMS *DumpParamsIn;
> VAR_CHECK_POLICY_COMM_DUMP_PARAMS
> *DumpParamsOut;
> + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS
> *GetInfoParamsInternal;
> + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS
> *GetInfoParamsExternal;
> + CHAR16
> *InternalCopyOfOutputVariableName;
> + CHAR16
> *ExternalCopyOfOutputVariableName;
> UINT8 *DumpInputBuffer;
> UINT8 *DumpOutputBuffer;
> + UINTN
> AllowedOutputVariableNameSize;
> UINTN DumpTotalPages;
> + UINTN LocalSize;
> VARIABLE_POLICY_ENTRY *PolicyEntry;
> UINTN ExpectedSize;
> UINT32 TempSize;
> @@ -122,21 +128,21 @@ VarCheckPolicyLibMmiHandler (
> //
> InternalCommBuffer = &mSecurityEvalBuffer[0];
> CopyMem (InternalCommBuffer, CommBuffer, InternalCommBufferSize);
> - PolicyCommmHeader = CommBuffer;
> - InternalPolicyCommmHeader = InternalCommBuffer;
> + PolicyCommHeader = CommBuffer;
> + InternalPolicyCommHeader = InternalCommBuffer;
> // Check the revision and the signature of the comm header.
> - if ((InternalPolicyCommmHeader->Signature !=
> VAR_CHECK_POLICY_COMM_SIG) ||
> - (InternalPolicyCommmHeader->Revision !=
> VAR_CHECK_POLICY_COMM_REVISION))
> + if ((InternalPolicyCommHeader->Signature !=
> VAR_CHECK_POLICY_COMM_SIG) ||
> + (InternalPolicyCommHeader->Revision !=
> VAR_CHECK_POLICY_COMM_REVISION))
> {
> DEBUG ((DEBUG_INFO, "%a - Signature or revision are incorrect!\n",
> __func__));
> // We have verified the buffer is not null and have enough size to
hold
> Result field.
> - PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> return EFI_SUCCESS;
> }
>
> // If we're in the middle of a paginated dump and any other command is
> sent,
> // pagination cache must be cleared.
> - if ((mPaginationCache != NULL) &&
> (InternalPolicyCommmHeader->Command != mCurrentPaginationCommand))
> {
> + if ((mPaginationCache != NULL) &&
> (InternalPolicyCommHeader->Command != mCurrentPaginationCommand)) {
> FreePool (mPaginationCache);
> mPaginationCache = NULL;
> mPaginationCacheSize = 0;
> @@ -146,10 +152,10 @@ VarCheckPolicyLibMmiHandler (
> //
> // Now we can process the command as it was sent.
> //
> - PolicyCommmHeader->Result = EFI_ABORTED; // Set a default return
> for incomplete commands.
> - switch (InternalPolicyCommmHeader->Command) {
> + PolicyCommHeader->Result = EFI_ABORTED; // Set a default return
> for incomplete commands.
> + switch (InternalPolicyCommHeader->Command) {
> case VAR_CHECK_POLICY_COMMAND_DISABLE:
> - PolicyCommmHeader->Result = DisableVariablePolicy ();
> + PolicyCommHeader->Result = DisableVariablePolicy ();
> break;
>
> case VAR_CHECK_POLICY_COMMAND_IS_ENABLED:
> @@ -158,14 +164,14 @@ VarCheckPolicyLibMmiHandler (
> ExpectedSize += sizeof
> (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS);
> if (InternalCommBufferSize < ExpectedSize) {
> DEBUG ((DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __func__, InternalCommBufferSize, ExpectedSize));
> - PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> break;
> }
>
> // Now that we know we've got a valid size, we can fill in the rest
of
> the data.
> - IsEnabledParams =
> (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *)((UINT8
> *)CommBuffer + sizeof (VAR_CHECK_POLICY_COMM_HEADER));
> - IsEnabledParams->State = IsVariablePolicyEnabled ();
> - PolicyCommmHeader->Result = EFI_SUCCESS;
> + IsEnabledParams =
> (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *)((UINT8
> *)CommBuffer + sizeof (VAR_CHECK_POLICY_COMM_HEADER));
> + IsEnabledParams->State = IsVariablePolicyEnabled ();
> + PolicyCommHeader->Result = EFI_SUCCESS;
> break;
>
> case VAR_CHECK_POLICY_COMMAND_REGISTER:
> @@ -174,7 +180,7 @@ VarCheckPolicyLibMmiHandler (
> ExpectedSize += sizeof (VARIABLE_POLICY_ENTRY);
> if (InternalCommBufferSize < ExpectedSize) {
> DEBUG ((DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __func__, InternalCommBufferSize, ExpectedSize));
> - PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> break;
> }
>
> @@ -187,11 +193,11 @@ VarCheckPolicyLibMmiHandler (
> (InternalCommBufferSize < ExpectedSize))
> {
> DEBUG ((DEBUG_INFO, "%a - Bad policy entry contents!\n",
> __func__));
> - PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> break;
> }
>
> - PolicyCommmHeader->Result = RegisterVariablePolicy (PolicyEntry);
> + PolicyCommHeader->Result = RegisterVariablePolicy (PolicyEntry);
> break;
>
> case VAR_CHECK_POLICY_COMMAND_DUMP:
> @@ -200,13 +206,13 @@ VarCheckPolicyLibMmiHandler (
> ExpectedSize += sizeof
> (VAR_CHECK_POLICY_COMM_DUMP_PARAMS) +
> VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
> if (InternalCommBufferSize < ExpectedSize) {
> DEBUG ((DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __func__, InternalCommBufferSize, ExpectedSize));
> - PolicyCommmHeader->Result = EFI_INVALID_PARAMETER;
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> break;
> }
>
> // Now that we know we've got a valid size, we can fill in the rest
of
> the data.
> - DumpParamsIn = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS
> *)(InternalPolicyCommmHeader + 1);
> - DumpParamsOut = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS
> *)(PolicyCommmHeader + 1);
> + DumpParamsIn = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS
> *)(InternalPolicyCommHeader + 1);
> + DumpParamsOut = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS
> *)(PolicyCommHeader + 1);
>
> // If we're requesting the first page, initialize the cache and get
the
> sizes.
> if (DumpParamsIn->PageRequested == 0) {
> @@ -289,17 +295,131 @@ VarCheckPolicyLibMmiHandler (
> }
>
> // There's currently no use for this, but it shouldn't be hard to
> implement.
> - PolicyCommmHeader->Result = SubCommandStatus;
> + PolicyCommHeader->Result = SubCommandStatus;
> break;
>
> case VAR_CHECK_POLICY_COMMAND_LOCK:
> - PolicyCommmHeader->Result = LockVariablePolicy ();
> + PolicyCommHeader->Result = LockVariablePolicy ();
> + break;
> +
> + case VAR_CHECK_POLICY_COMMAND_GET_INFO:
> + case VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO:
> + ExpectedSize +=
> VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END +
> VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE;
> +
> + if (InternalCommBufferSize < ExpectedSize) {
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> + break;
> + }
> +
> + GetInfoParamsInternal =
> (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS
> *)(InternalPolicyCommHeader + 1);
> + GetInfoParamsExternal =
> (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS *)(PolicyCommHeader +
> 1);
> +
> + SubCommandStatus = SafeUintnSub (
> +
> VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE,
> +
> GetInfoParamsInternal->InputVariableNameSize,
> + &AllowedOutputVariableNameSize
> + );
> + if (EFI_ERROR (SubCommandStatus)) {
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> + break;
> + }
> +
> + if (GetInfoParamsInternal->OutputVariableNameSize > 0) {
> + SubCommandStatus = SafeUintnAdd (
> + ((UINTN)GetInfoParamsInternal +
> VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END),
> +
> (UINTN)GetInfoParamsInternal->InputVariableNameSize,
> + (UINTN
> *)&InternalCopyOfOutputVariableName
> + );
> + if (EFI_ERROR (SubCommandStatus)) {
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> + break;
> + }
> + } else {
> + InternalCopyOfOutputVariableName = NULL;
> + }
> +
> + ZeroMem (&GetInfoParamsInternal->OutputPolicyEntry, sizeof
> (GetInfoParamsInternal->OutputPolicyEntry));
> + ZeroMem (&GetInfoParamsExternal->OutputPolicyEntry, sizeof
> (GetInfoParamsExternal->OutputPolicyEntry));
> +
> + LocalSize =
> (UINTN)GetInfoParamsInternal->OutputVariableNameSize;
> +
> + if (InternalPolicyCommHeader->Command ==
> VAR_CHECK_POLICY_COMMAND_GET_INFO) {
> + SubCommandStatus = GetVariablePolicyInfo (
> +
> GetInfoParamsInternal->InputVariableName,
> +
> &GetInfoParamsInternal->InputVendorGuid,
> + &LocalSize,
> +
> &GetInfoParamsInternal->OutputPolicyEntry.VariablePolicy,
> + InternalCopyOfOutputVariableName
> + );
> + } else if (InternalPolicyCommHeader->Command ==
> VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO) {
> + SubCommandStatus = GetLockOnVariableStateVariablePolicyInfo
> (
> +
> GetInfoParamsInternal->InputVariableName,
> +
> &GetInfoParamsInternal->InputVendorGuid,
> + &LocalSize,
> +
> &GetInfoParamsInternal->OutputPolicyEntry.LockOnVarStatePolicy,
> + InternalCopyOfOutputVariableName
> + );
> + } else {
> + PolicyCommHeader->Result = EFI_INVALID_PARAMETER;
> + break;
> + }
> +
> + if (EFI_ERROR (SubCommandStatus) && (SubCommandStatus !=
> EFI_BUFFER_TOO_SMALL)) {
> + PolicyCommHeader->Result = SubCommandStatus;
> + break;
> + }
> +
> + if (EFI_ERROR (SafeUintnToUint32 (LocalSize,
> &GetInfoParamsInternal->OutputVariableNameSize))) {
> + PolicyCommHeader->Result = EFI_BAD_BUFFER_SIZE;
> + break;
> + }
> +
> + ASSERT (sizeof (GetInfoParamsInternal->OutputPolicyEntry) == sizeof
> (GetInfoParamsExternal->OutputPolicyEntry));
> + CopyMem (
> + &GetInfoParamsExternal->OutputPolicyEntry,
> + &GetInfoParamsInternal->OutputPolicyEntry,
> + sizeof (GetInfoParamsExternal->OutputPolicyEntry)
> + );
> +
> + GetInfoParamsExternal->OutputVariableNameSize =
> GetInfoParamsInternal->OutputVariableNameSize;
> + if (SubCommandStatus == EFI_BUFFER_TOO_SMALL) {
> + PolicyCommHeader->Result = EFI_BUFFER_TOO_SMALL;
> + break;
> + }
> +
> + SubCommandStatus = SafeUintnAdd (
> + ((UINTN)GetInfoParamsExternal +
> VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END),
> +
> (UINTN)GetInfoParamsInternal->InputVariableNameSize,
> + (UINTN
> *)&ExternalCopyOfOutputVariableName
> + );
> + if (EFI_ERROR (SubCommandStatus)) {
> + PolicyCommHeader->Result = EFI_BAD_BUFFER_SIZE;
> + break;
> + }
> +
> + if (GetInfoParamsInternal->OutputVariableNameSize > 0) {
> + SubCommandStatus = StrnCpyS (
> + ExternalCopyOfOutputVariableName,
> + AllowedOutputVariableNameSize,
> + InternalCopyOfOutputVariableName,
> +
> (UINTN)GetInfoParamsInternal->OutputVariableNameSize
> + );
> + ASSERT_EFI_ERROR (SubCommandStatus);
> + } else {
> + // The comm buffer should always have the space for the variable
> policy output
> + // variable name. Fill it with NULL chars if a variable name is
not
> present so
> + // it has a consistent value in the case of variable name
absence.
> + SetMem (ExternalCopyOfOutputVariableName,
> AllowedOutputVariableNameSize, CHAR_NULL);
> + }
> +
> + PolicyCommHeader->Result = SubCommandStatus;
> +
> break;
>
> default:
> // Mark unknown requested command as EFI_UNSUPPORTED.
> - DEBUG ((DEBUG_INFO, "%a - Invalid command requested! %d\n",
> __func__, PolicyCommmHeader->Command));
> - PolicyCommmHeader->Result = EFI_UNSUPPORTED;
> + DEBUG ((DEBUG_INFO, "%a - Invalid command requested! %d\n",
> __func__, PolicyCommHeader->Command));
> + PolicyCommHeader->Result = EFI_UNSUPPORTED;
> break;
> }
>
> @@ -307,8 +427,8 @@ VarCheckPolicyLibMmiHandler (
> DEBUG_VERBOSE,
> "%a - Command %d returning %r.\n",
> __func__,
> - PolicyCommmHeader->Command,
> - PolicyCommmHeader->Result
> + PolicyCommHeader->Command,
> + PolicyCommHeader->Result
> ));
>
> return Status;
> diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> index 214f76ab9626..768662829dbf 100644
> --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #include <Uefi.h>
>
> +#include <Library/BaseLib.h>
> #include <Library/SafeIntLib.h>
> #include <Library/MemoryAllocationLib.h>
> #include <Library/BaseMemoryLib.h>
> @@ -684,6 +685,309 @@ DumpVariablePolicy (
> return EFI_SUCCESS;
> }
>
> +/**
> + This function will return variable policy information for a UEFI
variable
> with a
> + registered variable policy.
> +
> + @param[in] VariableName The
> name of the variable to use for the policy search.
> + @param[in] VendorGuid The
> vendor GUID of the variable to use for the policy search.
> + @param[in,out] VariablePolicyVariableNameBufferSize On input, the
> size, in bytes, of the VariablePolicyVariableName
> + buffer.
> +
> + On
> output, the size, in bytes, needed to store the variable
> + policy
> variable name.
> +
> + If
> testing for the VariablePolicyVariableName buffer size
> +
> needed, set this value to zero so EFI_BUFFER_TOO_SMALL is
> +
> guaranteed to be returned if the variable policy variable name
> + is
> found.
> + @param[out] VariablePolicy Pointer to
> a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariablePolicyVariableName Pointer to
> a buffer where the variable name used for the
> +
> variable policy will be written if a variable name is
> +
> registered.
> +
> + If the
> variable policy is not associated with a variable name
> + (e.g.
> applied to variable vendor namespace) and this parameter
> + is
> given, this parameter will not be modified and
> +
> VariablePolicyVariableNameBufferSize will be set to zero to
> +
> indicate a name was not present.
> +
> + If the
> pointer given is not NULL,
> +
> VariablePolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A variable policy entry was
> found and returned successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariablePolicyVariableName buffer value is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> + VariablePolicyVariableName
> is non-NULL and VariablePolicyVariableNameBufferSize
> + is NULL.
> + @retval EFI_NOT_FOUND A variable policy was not
> found for the given UEFI variable name and vendor GUID.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetVariablePolicyInfo (
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN
> *VariablePolicyVariableNameBufferSize OPTIONAL,
> + OUT VARIABLE_POLICY_ENTRY *VariablePolicy,
> + OUT CHAR16 *VariablePolicyVariableName
> OPTIONAL
> + )
> +{
> + EFI_STATUS Status;
> + UINT8 MatchPriority;
> + UINTN LocalVariablePolicyVariableNameBufferSize;
> + UINTN
> RequiredVariablePolicyVariableNameBufferSize;
> + VARIABLE_POLICY_ENTRY *MatchPolicy;
> +
> + Status = EFI_SUCCESS;
> +
> + if (!IsVariablePolicyLibInitialized ()) {
> + return EFI_NOT_READY;
> + }
> +
> + if ((VariableName == NULL) || (VendorGuid == NULL) || (VariablePolicy
==
> NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + MatchPolicy = GetBestPolicyMatch (
> + VariableName,
> + VendorGuid,
> + &MatchPriority
> + );
> + if (MatchPolicy != NULL) {
> + CopyMem (VariablePolicy, MatchPolicy, sizeof (*VariablePolicy));
> +
> + if (VariablePolicyVariableNameBufferSize == NULL) {
> + if (VariablePolicyVariableName != NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return Status;
> + }
> +
> + if (MatchPolicy->Size != MatchPolicy->OffsetToName) {
> + if (MatchPolicy->Size < MatchPolicy->OffsetToName) {
> + ASSERT (MatchPolicy->Size > MatchPolicy->OffsetToName);
> + return EFI_BAD_BUFFER_SIZE;
> + }
> +
> + RequiredVariablePolicyVariableNameBufferSize =
> (UINTN)(MatchPolicy->Size - MatchPolicy->OffsetToName);
> + ASSERT (RequiredVariablePolicyVariableNameBufferSize > 0);
> +
> + if (*VariablePolicyVariableNameBufferSize <
> RequiredVariablePolicyVariableNameBufferSize) {
> + // Let the caller get the size needed to hold the policy variable
> name
> + *VariablePolicyVariableNameBufferSize =
> RequiredVariablePolicyVariableNameBufferSize;
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + if (VariablePolicyVariableName == NULL) {
> + // If the policy variable name size given is valid, then a valid
policy
> variable name buffer should be provided
> + *VariablePolicyVariableNameBufferSize =
> RequiredVariablePolicyVariableNameBufferSize;
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + LocalVariablePolicyVariableNameBufferSize =
> *VariablePolicyVariableNameBufferSize;
> +
> + // Actual string size should match expected string size
> + if (
> + ((StrnLenS (GET_POLICY_NAME (MatchPolicy),
> RequiredVariablePolicyVariableNameBufferSize) + 1) * sizeof (CHAR16))
> + != RequiredVariablePolicyVariableNameBufferSize)
> + {
> + ASSERT_EFI_ERROR (EFI_BAD_BUFFER_SIZE);
> + return EFI_BAD_BUFFER_SIZE;
> + }
> +
> + *VariablePolicyVariableNameBufferSize =
> RequiredVariablePolicyVariableNameBufferSize;
> +
> + Status = StrnCpyS (
> + VariablePolicyVariableName,
> + LocalVariablePolicyVariableNameBufferSize / sizeof
> (CHAR16),
> + GET_POLICY_NAME (MatchPolicy),
> + RequiredVariablePolicyVariableNameBufferSize / sizeof
> (CHAR16)
> + );
> + ASSERT_EFI_ERROR (Status);
> + } else {
> + // A variable policy variable name is not present. Return values
> according to interface.
> + *VariablePolicyVariableNameBufferSize = 0;
> + }
> +
> + return Status;
> + }
> +
> + return EFI_NOT_FOUND;
> +}
> +
> +/**
> + This function will return the Lock on Variable State policy information
for
> the policy
> + associated with the given UEFI variable.
> +
> + @param[in] VariableName
> The name of the variable to use for the policy search.
> + @param[in] VendorGuid
> The vendor GUID of the variable to use for the policy
> +
> search.
> + @param[in,out] VariableLockPolicyVariableNameBufferSize On input,
> the size, in bytes, of the
> +
> VariableLockPolicyVariableName buffer.
> +
> +
> On output, the size, in bytes, needed to store the variable
> +
> policy variable name.
> +
> + If
> testing for the VariableLockPolicyVariableName buffer
> +
> size needed, set this value to zero so EFI_BUFFER_TOO_SMALL
> + is
> guaranteed to be returned if the variable policy variable
> +
> name is found.
> + @param[out] VariablePolicy
> Pointer to a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariableLockPolicyVariableName
> Pointer to a buffer where the variable name used for the
> +
> variable lock on variable state policy will be written if
> + a
> variable name is registered.
> +
> + If
> the lock on variable policy is not associated with a
> +
> variable name (e.g. applied to variable vendor namespace)
> +
> and this parameter is given, this parameter will not be
> +
> modified and VariableLockPolicyVariableNameBufferSize will
> +
> be set to zero to indicate a name was not present.
> +
> + If
> the pointer given is not NULL,
> +
> VariableLockPolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A Lock on Variable State
> variable policy entry was found and returned
> + successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariableLockPolicyVariableName buffer is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> +
> VariableLockPolicyVariableName is non-NULL and
> +
> VariableLockPolicyVariableNameBufferSize is NULL.
> + @retval EFI_NOT_FOUND A Lock on Variable State
> variable policy was not found for the given UEFI
> + variable name and vendor
> GUID.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetLockOnVariableStateVariablePolicyInfo (
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN
> *VariableLockPolicyVariableNameBufferSize OPTIONAL,
> + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy,
> + OUT CHAR16
> *VariableLockPolicyVariableName OPTIONAL
> + )
> +{
> + EFI_STATUS Status;
> + UINT8 MatchPriority;
> + UINTN
> RequiredVariablePolicyVariableNameBufferSize;
> + UINTN
> RequiredVariableLockPolicyVariableNameBufferSize;
> + UINTN
> LocalVariablePolicyLockVariableNameBufferSize;
> + UINTN
> LockOnVarStatePolicyEndOffset;
> + CHAR16
> *LocalVariableLockPolicyVariableName;
> + VARIABLE_LOCK_ON_VAR_STATE_POLICY *LocalLockOnVarStatePolicy;
> + VARIABLE_POLICY_ENTRY *MatchPolicy;
> +
> + Status = EFI_SUCCESS;
> +
> + if (!IsVariablePolicyLibInitialized ()) {
> + return EFI_NOT_READY;
> + }
> +
> + if ((VariableName == NULL) || (VendorGuid == NULL) || (VariablePolicy
==
> NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + MatchPolicy = GetBestPolicyMatch (
> + VariableName,
> + VendorGuid,
> + &MatchPriority
> + );
> + if (MatchPolicy != NULL) {
> + if (MatchPolicy->LockPolicyType !=
> VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
> + return EFI_NOT_FOUND;
> + }
> +
> + Status = SafeUintnAdd (
> + sizeof (VARIABLE_POLICY_ENTRY),
> + sizeof (VARIABLE_LOCK_ON_VAR_STATE_POLICY),
> + &LockOnVarStatePolicyEndOffset
> + );
> + if (EFI_ERROR (Status) || (LockOnVarStatePolicyEndOffset >
> (UINTN)MatchPolicy->Size)) {
> + return EFI_BAD_BUFFER_SIZE;
> + }
> +
> + LocalLockOnVarStatePolicy =
> (VARIABLE_LOCK_ON_VAR_STATE_POLICY *)(MatchPolicy + 1);
> + CopyMem (VariablePolicy, LocalLockOnVarStatePolicy, sizeof
> (*LocalLockOnVarStatePolicy));
> +
> + if ((VariableLockPolicyVariableNameBufferSize == NULL)) {
> + if (VariableLockPolicyVariableName != NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + return Status;
> + }
> +
> + // The name offset should be less than or equal to the total policy
size.
> + if (MatchPolicy->Size < MatchPolicy->OffsetToName) {
> + return EFI_BAD_BUFFER_SIZE;
> + }
> +
> + RequiredVariablePolicyVariableNameBufferSize =
> (UINTN)(MatchPolicy->Size - MatchPolicy->OffsetToName);
> + RequiredVariableLockPolicyVariableNameBufferSize =
> MatchPolicy->Size -
> +
> (LockOnVarStatePolicyEndOffset +
> RequiredVariablePolicyVariableNameBufferSize);
> +
> + LocalVariablePolicyLockVariableNameBufferSize =
> *VariableLockPolicyVariableNameBufferSize;
> + *VariableLockPolicyVariableNameBufferSize =
> RequiredVariableLockPolicyVariableNameBufferSize;
> +
> + if (LocalVariablePolicyLockVariableNameBufferSize <
> RequiredVariableLockPolicyVariableNameBufferSize) {
> + // Let the caller get the size needed to hold the policy variable
name
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + if (VariableLockPolicyVariableName == NULL) {
> + // If the policy variable name size given is valid, then a valid
policy
> variable name buffer should be provided
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (RequiredVariableLockPolicyVariableNameBufferSize == 0) {
> + return Status;
> + }
> +
> + LocalVariableLockPolicyVariableName = (CHAR16 *)((UINT8
> *)LocalLockOnVarStatePolicy + sizeof (*LocalLockOnVarStatePolicy));
> + *VariableLockPolicyVariableNameBufferSize =
> RequiredVariableLockPolicyVariableNameBufferSize;
> +
> + // Actual string size should match expected string size (if a
variable
> name is present)
> + if (
> + (RequiredVariablePolicyVariableNameBufferSize > 0) &&
> + (((StrnLenS (GET_POLICY_NAME (MatchPolicy),
> RequiredVariablePolicyVariableNameBufferSize) + 1) * sizeof (CHAR16)) !=
> + RequiredVariablePolicyVariableNameBufferSize))
> + {
> + ASSERT_EFI_ERROR (EFI_BAD_BUFFER_SIZE);
> + return EFI_BAD_BUFFER_SIZE;
> + }
> +
> + // Actual string size should match expected string size (if here,
variable
> lock variable name is present)
> + if (
> + ((StrnLenS (LocalVariableLockPolicyVariableName,
> RequiredVariableLockPolicyVariableNameBufferSize) + 1) * sizeof
> (CHAR16)) !=
> + RequiredVariableLockPolicyVariableNameBufferSize)
> + {
> + ASSERT_EFI_ERROR (EFI_BAD_BUFFER_SIZE);
> + return EFI_BAD_BUFFER_SIZE;
> + }
> +
> + Status = StrnCpyS (
> + VariableLockPolicyVariableName,
> + LocalVariablePolicyLockVariableNameBufferSize / sizeof
> (CHAR16),
> + LocalVariableLockPolicyVariableName,
> + RequiredVariableLockPolicyVariableNameBufferSize /
> sizeof (CHAR16)
> + );
> + ASSERT_EFI_ERROR (Status);
> +
> + return Status;
> + }
> +
> + return EFI_NOT_FOUND;
> +}
> +
> /**
> This API function returns whether or not the policy engine is
> currently being enforced.
> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> index d5c409c914d1..c4ccdfd20f74 100644
> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> @@ -33,7 +33,9 @@ EDKII_VARIABLE_POLICY_PROTOCOL
> mVariablePolicyProtocol = {
> ProtocolIsVariablePolicyEnabled,
> RegisterVariablePolicy,
> DumpVariablePolicy,
> - LockVariablePolicy
> + LockVariablePolicy,
> + GetVariablePolicyInfo,
> + GetLockOnVariableStateVariablePolicyInfo
> };
> EDKII_VAR_CHECK_PROTOCOL mVarCheck = {
> VarCheckRegisterSetVariableCheckHandler,
> diff --git
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> index 6151a2ba0b18..0dd72dde27ce 100644
> ---
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> +++
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> @@ -410,6 +410,338 @@ ProtocolLockVariablePolicy (
> return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result;
> }
>
> +/**
> + Internal implementation to retrieve variable information for a given
UEFI
> variable that is shared
> + between different policy types.
> +
> + Currently, the two policy structure types supported (and all that is
defined)
> are VARIABLE_POLICY_ENTRY
> + and VARIABLE_LOCK_ON_VAR_STATE_POLICY.
> +
> + @param[in] Command The
> command value to use in the communicate call.
> + @param[in] VariableName The
> name of the variable to use for the policy search.
> + @param[in] VendorGuid The
> vendor GUID of the variable to use for the policy search.
> + @param[in,out] VariablePolicyVariableNameBufferSize On input, the
> size, in bytes, of the VariablePolicyVariableName
> + buffer.
> +
> + On
> output, the size, in bytes, needed to store the variable
> + policy
> variable name.
> +
> + If
> testing for the VariablePolicyVariableName buffer size
> +
> needed, set this value to zero so EFI_BUFFER_TOO_SMALL is
> +
> guaranteed to be returned if the variable policy variable name
> + is
> found.
> + @param[out] VariablePolicy Pointer to
> a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariablePolicyVariableName Pointer to
> a buffer where the variable name used for the
> +
> variable policy will be written if a variable name is
> +
> registered.
> +
> + If the
> variable policy is not associated with a variable name
> + (e.g.
> applied to variable vendor namespace) and this parameter
> + is
> given, this parameter will not be modified and
> +
> VariablePolicyVariableNameBufferSize will be set to zero to
> +
> indicate a name was not present.
> +
> + If the
> pointer given is not NULL,
> +
> VariablePolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A variable policy entry was
> found and returned successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariablePolicyVariableName buffer value is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> + VariablePolicyVariableName
> is non-NULL and VariablePolicyVariableNameBufferSize
> + is NULL. It can also be
> returned if the Command value provided is invalid.
> + @retval EFI_NOT_FOUND A variable policy was not
> found for the given UEFI variable name and vendor GUID.
> +
> +
> +**/
> +STATIC
> +EFI_STATUS
> +InternalProtocolGetVariablePolicyInfo (
> + IN UINT32 Command,
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN *VariablePolicyVariableNameBufferSize, OPTIONAL
> + OUT VOID *VariablePolicy,
> + OUT CHAR16
> *VariablePolicyVariableName OPTIONAL
> + )
> +{
> + EFI_STATUS Status;
> + CHAR16 *OutputVariableName;
> + EFI_MM_COMMUNICATE_HEADER *CommHeader;
> + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
> + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS *CommandParams;
> + UINTN
> AllowedOutputVariableNameSize;
> + UINTN BufferSize;
> + UINTN VariableNameSize;
> +
> + if ((VariableName == NULL) || (VendorGuid == NULL) || (VariablePolicy
==
> NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + switch (Command) {
> + case VAR_CHECK_POLICY_COMMAND_GET_INFO:
> + case VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO:
> + break;
> + default:
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
> +
> + VariableNameSize = StrnSizeS (
> + VariableName,
> +
> (VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE -
> VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END)
> + );
> + if (VariableNameSize >=
> (VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE -
> VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto Done;
> + }
> +
> + if ((VariablePolicyVariableName != NULL) &&
> (VariablePolicyVariableNameBufferSize == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + goto Done;
> + }
> +
> + BufferSize = mMmCommunicationBufferSize;
> + CommHeader = mMmCommunicationBuffer;
> +
> + Status = SafeUintnSub (
> + VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE,
> + VariableNameSize,
> + &AllowedOutputVariableNameSize
> + );
> + if (EFI_ERROR (Status)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto Done;
> + }
> +
> + if (VariablePolicyVariableNameBufferSize != NULL) {
> + AllowedOutputVariableNameSize = MIN
> (AllowedOutputVariableNameSize, *VariablePolicyVariableNameBufferSize);
> + } else {
> + AllowedOutputVariableNameSize = 0;
> + }
> +
> + PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER
> *)&CommHeader->Data;
> + CommandParams = (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS
> *)(PolicyHeader + 1);
> +
> + CopyGuid (&CommHeader->HeaderGuid,
> &gVarCheckPolicyLibMmiHandlerGuid);
> + CommHeader->MessageLength = BufferSize - OFFSET_OF
> (EFI_MM_COMMUNICATE_HEADER, Data);
> + PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
> + PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
> + PolicyHeader->Command = Command;
> +
> + ZeroMem ((VOID *)&CommandParams->OutputPolicyEntry, sizeof
> (CommandParams->OutputPolicyEntry));
> + CopyGuid (&CommandParams->InputVendorGuid, VendorGuid);
> + Status = SafeUintnToUint32 (VariableNameSize,
> &CommandParams->InputVariableNameSize);
> + if (EFI_ERROR (Status)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto Done;
> + }
> +
> + Status = SafeUintnToUint32 (AllowedOutputVariableNameSize,
> &CommandParams->OutputVariableNameSize);
> + if (EFI_ERROR (Status)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto Done;
> + }
> +
> + if (AllowedOutputVariableNameSize > 0) {
> + Status = StrnCpyS (
> + CommandParams->InputVariableName,
> + AllowedOutputVariableNameSize / sizeof (CHAR16),
> + VariableName,
> + (UINTN)CommandParams->InputVariableNameSize /
> sizeof (CHAR16)
> + );
> + ASSERT_EFI_ERROR (Status);
> + }
> +
> + Status = InternalMmCommunicate (CommHeader, &BufferSize);
> + if (Status == EFI_SUCCESS) {
> + CopyMem (
> + VariablePolicy,
> + (VOID *)&CommandParams->OutputPolicyEntry,
> + (Command == VAR_CHECK_POLICY_COMMAND_GET_INFO) ?
> + sizeof (CommandParams->OutputPolicyEntry.VariablePolicy) :
> + sizeof (CommandParams->OutputPolicyEntry.LockOnVarStatePolicy)
> + );
> +
> + if (VariablePolicyVariableNameBufferSize == NULL) {
> + if (VariablePolicyVariableName != NULL) {
> + Status = EFI_INVALID_PARAMETER;
> + }
> +
> + goto Done;
> + }
> +
> + if (PolicyHeader->Result == EFI_BUFFER_TOO_SMALL) {
> + *VariablePolicyVariableNameBufferSize =
> (UINTN)CommandParams->OutputVariableNameSize;
> + goto Done;
> + }
> +
> + if (PolicyHeader->Result == EFI_SUCCESS) {
> + if (CommandParams->OutputVariableNameSize > 0) {
> + Status = SafeUintnAdd (
> + ((UINTN)CommandParams +
> VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END),
> +
> (UINTN)CommandParams->InputVariableNameSize,
> + (UINTN *)&OutputVariableName
> + );
> + if (EFI_ERROR (Status)) {
> + Status = EFI_BAD_BUFFER_SIZE;
> + goto Done;
> + }
> +
> + Status = StrnCpyS (
> + VariablePolicyVariableName,
> + *VariablePolicyVariableNameBufferSize / sizeof
> (CHAR16),
> + OutputVariableName,
> +
> (UINTN)CommandParams->OutputVariableNameSize
> + );
> + ASSERT_EFI_ERROR (Status);
> + *VariablePolicyVariableNameBufferSize =
> (UINTN)CommandParams->OutputVariableNameSize;
> + } else {
> + // A variable policy variable name is not present. Return values
> according to interface.
> + *VariablePolicyVariableNameBufferSize = 0;
> + }
> + }
> + }
> +
> +Done:
> + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
> +
> + return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result;
> +}
> +
> +/**
> + This function will return variable policy information for a UEFI
variable
> with a
> + registered variable policy.
> +
> + @param[in] VariableName The
> name of the variable to use for the policy search.
> + @param[in] VendorGuid The
> vendor GUID of the variable to use for the policy search.
> + @param[in,out] VariablePolicyVariableNameBufferSize On input, the
> size, in bytes, of the VariablePolicyVariableName
> + buffer.
> +
> + On
> output, the size, in bytes, needed to store the variable
> + policy
> variable name.
> +
> + If
> testing for the VariablePolicyVariableName buffer size
> +
> needed, set this value to zero so EFI_BUFFER_TOO_SMALL is
> +
> guaranteed to be returned if the variable policy variable name
> + is
> found.
> + @param[out] VariablePolicy Pointer to
> a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariablePolicyVariableName Pointer to
> a buffer where the variable name used for the
> +
> variable policy will be written if a variable name is
> +
> registered.
> +
> + If the
> variable policy is not associated with a variable name
> + (e.g.
> applied to variable vendor namespace) and this parameter
> + is
> given, this parameter will not be modified and
> +
> VariablePolicyVariableNameBufferSize will be set to zero to
> +
> indicate a name was not present.
> +
> + If the
> pointer given is not NULL,
> +
> VariablePolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A variable policy entry was
> found and returned successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariablePolicyVariableName buffer value is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> + VariablePolicyVariableName
> is non-NULL and VariablePolicyVariableNameBufferSize
> + is NULL.
> + @retval EFI_NOT_FOUND A variable policy was not
> found for the given UEFI variable name and vendor GUID.
> +
> +**/
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +ProtocolGetVariablePolicyInfo (
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN *VariablePolicyVariableNameBufferSize, OPTIONAL
> + OUT VARIABLE_POLICY_ENTRY *VariablePolicy,
> + OUT CHAR16
> *VariablePolicyVariableName OPTIONAL
> + )
> +{
> + return InternalProtocolGetVariablePolicyInfo (
> + VAR_CHECK_POLICY_COMMAND_GET_INFO,
> + VariableName,
> + VendorGuid,
> + VariablePolicyVariableNameBufferSize,
> + VariablePolicy,
> + VariablePolicyVariableName
> + );
> +}
> +
> +/**
> + This function will return the Lock on Variable State policy information
for
> the policy
> + associated with the given UEFI variable.
> +
> + @param[in] VariableName
> The name of the variable to use for the policy search.
> + @param[in] VendorGuid
> The vendor GUID of the variable to use for the policy
> +
> search.
> + @param[in,out] VariableLockPolicyVariableNameBufferSize On input,
> the size, in bytes, of the
> +
> VariableLockPolicyVariableName buffer.
> +
> +
> On output, the size, in bytes, needed to store the variable
> +
> policy variable name.
> +
> + If
> testing for the VariableLockPolicyVariableName buffer
> + P
> size needed, set this value to zero so EFI_BUFFER_TOO_SMALL
> + is
> guaranteed to be returned if the variable policy variable
> +
> name is found.
> + @param[out] VariablePolicy
> Pointer to a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariableLockPolicyVariableName
> Pointer to a buffer where the variable name used for the
> +
> variable lock on variable state policy will be written if
> + a
> variable name is registered.
> +
> + If
> the lock on variable policy is not associated with a
> +
> variable name (e.g. applied to variable vendor namespace)
> +
> and this parameter is given, this parameter will not be
> +
> modified and VariableLockPolicyVariableNameBufferSize will
> +
> be set to zero to indicate a name was not present.
> +
> + If
> the pointer given is not NULL,
> +
> VariableLockPolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A Lock on Variable State
> variable policy entry was found and returned
> + successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariableLockPolicyVariableName buffer is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> +
> VariableLockPolicyVariableName is non-NULL and
> +
> VariableLockPolicyVariableNameBufferSize is NULL.
> + @retval EFI_NOT_FOUND A Lock on Variable State
> variable policy was not found for the given UEFI
> + variable name and vendor
> GUID.
> +
> +**/
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +ProtocolGetLockOnVariableStateVariablePolicyInfo (
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN *VariableLockPolicyVariableNameBufferSize, OPTIONAL
> + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy,
> + OUT CHAR16
> *VariableLockPolicyVariableName OPTIONAL
> + )
> +{
> + return InternalProtocolGetVariablePolicyInfo (
> +
> VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO,
> + VariableName,
> + VendorGuid,
> + VariableLockPolicyVariableNameBufferSize,
> + VariablePolicy,
> + VariableLockPolicyVariableName
> + );
> +}
> +
> /**
> This helper function locates the shared comm buffer and assigns it to
input
> pointers.
>
> @@ -514,12 +846,14 @@ VariablePolicySmmDxeMain (
> }
>
> // Configure the VariablePolicy protocol structure.
> - mVariablePolicyProtocol.Revision =
> EDKII_VARIABLE_POLICY_PROTOCOL_REVISION;
> - mVariablePolicyProtocol.DisableVariablePolicy =
> ProtocolDisableVariablePolicy;
> - mVariablePolicyProtocol.IsVariablePolicyEnabled =
> ProtocolIsVariablePolicyEnabled;
> - mVariablePolicyProtocol.RegisterVariablePolicy =
> ProtocolRegisterVariablePolicy;
> - mVariablePolicyProtocol.DumpVariablePolicy =
> ProtocolDumpVariablePolicy;
> - mVariablePolicyProtocol.LockVariablePolicy =
> ProtocolLockVariablePolicy;
> + mVariablePolicyProtocol.Revision
> = EDKII_VARIABLE_POLICY_PROTOCOL_REVISION;
> + mVariablePolicyProtocol.DisableVariablePolicy =
> ProtocolDisableVariablePolicy;
> + mVariablePolicyProtocol.IsVariablePolicyEnabled =
> ProtocolIsVariablePolicyEnabled;
> + mVariablePolicyProtocol.RegisterVariablePolicy =
> ProtocolRegisterVariablePolicy;
> + mVariablePolicyProtocol.DumpVariablePolicy
> = ProtocolDumpVariablePolicy;
> + mVariablePolicyProtocol.LockVariablePolicy =
> ProtocolLockVariablePolicy;
> + mVariablePolicyProtocol.GetVariablePolicyInfo =
> ProtocolGetVariablePolicyInfo;
> + mVariablePolicyProtocol.GetLockOnVariableStateVariablePolicyInfo =
> ProtocolGetLockOnVariableStateVariablePolicyInfo;
>
> // Register all the protocols and return the status.
> Status = gBS->InstallMultipleProtocolInterfaces (
> diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> index ff3d4a1fd68a..a692fa40c946 100644
> --- a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> +++ b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> @@ -32,23 +32,52 @@ typedef struct
> _VAR_CHECK_POLICY_COMM_DUMP_PARAMS {
> BOOLEAN HasMore;
> } VAR_CHECK_POLICY_COMM_DUMP_PARAMS;
>
> +typedef union {
> + VARIABLE_POLICY_ENTRY VariablePolicy;
> + VARIABLE_LOCK_ON_VAR_STATE_POLICY LockOnVarStatePolicy;
> +} VAR_CHECK_POLICY_OUTPUT_POLICY_ENTRY;
> +
> +typedef struct _VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS {
> + EFI_GUID InputVendorGuid;
> + UINT32
> InputVariableNameSize;
> + UINT32
> OutputVariableNameSize;
> + VAR_CHECK_POLICY_OUTPUT_POLICY_ENTRY OutputPolicyEntry;
> + CHAR16 InputVariableName[1];
> +} VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS;
> +
> #pragma pack(pop)
>
> +#define VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END \
> +
> (OFFSET_OF(VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS,
> InputVariableName))
> +
> // Make sure that we will hold at least the headers.
> #define VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE
> MAX((OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof
> (VAR_CHECK_POLICY_COMM_HEADER) + EFI_PAGES_TO_SIZE(1)),
> EFI_PAGES_TO_SIZE(4))
> #define VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE
> (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \
>
> (OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + \
>
> sizeof(VAR_CHECK_POLICY_COMM_HEADER) + \
>
> sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS)))
> +
> +#define VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE
> (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \
> +
> (OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + \
> +
> sizeof(VAR_CHECK_POLICY_COMM_HEADER) + \
> +
> OFFSET_OF(VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS,
> InputVariableName)))
> +
> STATIC_ASSERT (
> VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE <
> VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE,
> "an integer underflow may have occurred calculating
> VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE"
> );
>
> -#define VAR_CHECK_POLICY_COMMAND_DISABLE 0x0001
> -#define VAR_CHECK_POLICY_COMMAND_IS_ENABLED 0x0002
> -#define VAR_CHECK_POLICY_COMMAND_REGISTER 0x0003
> -#define VAR_CHECK_POLICY_COMMAND_DUMP 0x0004
> -#define VAR_CHECK_POLICY_COMMAND_LOCK 0x0005
> +STATIC_ASSERT (
> + VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE <
> VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE,
> + "an integer underflow may have occurred calculating
> VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE"
> + );
> +
> +#define VAR_CHECK_POLICY_COMMAND_DISABLE
> 0x0001
> +#define VAR_CHECK_POLICY_COMMAND_IS_ENABLED
> 0x0002
> +#define VAR_CHECK_POLICY_COMMAND_REGISTER
> 0x0003
> +#define VAR_CHECK_POLICY_COMMAND_DUMP
> 0x0004
> +#define VAR_CHECK_POLICY_COMMAND_LOCK
> 0x0005
> +#define VAR_CHECK_POLICY_COMMAND_GET_INFO
> 0x0006
> +#define VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO
> 0x0007
>
> #endif // _VAR_CHECK_POLICY_MMI_COMMON_H_
> diff --git a/MdeModulePkg/Include/Library/VariablePolicyLib.h
> b/MdeModulePkg/Include/Library/VariablePolicyLib.h
> index 63c49fbca1ed..bc4e26b2d434 100644
> --- a/MdeModulePkg/Include/Library/VariablePolicyLib.h
> +++ b/MdeModulePkg/Include/Library/VariablePolicyLib.h
> @@ -102,6 +102,113 @@ DumpVariablePolicy (
> IN OUT UINT32 *Size
> );
>
> +/**
> + This function will return variable policy information for a UEFI
variable
> with a
> + registered variable policy.
> +
> + @param[in] VariableName The
> name of the variable to use for the policy search.
> + @param[in] VendorGuid The
> vendor GUID of the variable to use for the policy search.
> + @param[in,out] VariablePolicyVariableNameBufferSize On input, the
> size, in bytes, of the VariablePolicyVariableName
> + buffer.
> +
> + On
> output, the size, in bytes, needed to store the variable
> + policy
> variable name.
> +
> + If
> testing for the VariablePolicyVariableName buffer size
> +
> needed, set this value to zero so EFI_BUFFER_TOO_SMALL is
> +
> guaranteed to be returned if the variable policy variable name
> + is
> found.
> + @param[out] VariablePolicy Pointer to
> a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariablePolicyVariableName Pointer to
> a buffer where the variable name used for the
> +
> variable policy will be written if a variable name is
> +
> registered.
> +
> + If the
> variable policy is not associated with a variable name
> + (e.g.
> applied to variable vendor namespace) and this parameter
> + is
> given, this parameter will not be modified and
> +
> VariablePolicyVariableNameBufferSize will be set to zero to
> +
> indicate a name was not present.
> +
> + If the
> pointer given is not NULL,
> +
> VariablePolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A variable policy entry was
> found and returned successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariablePolicyVariableName buffer value is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> + VariablePolicyVariableName
> is non-NULL and VariablePolicyVariableNameBufferSize
> + is NULL.
> + @retval EFI_NOT_FOUND A variable policy was not
> found for the given UEFI variable name and vendor GUID.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetVariablePolicyInfo (
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN
> *VariablePolicyVariableNameBufferSize OPTIONAL,
> + OUT VARIABLE_POLICY_ENTRY *VariablePolicy,
> + OUT CHAR16 *VariablePolicyVariableName
> OPTIONAL
> + );
> +
> +/**
> + This function will return the Lock on Variable State policy information
for
> the policy
> + associated with the given UEFI variable.
> +
> + @param[in] VariableName
> The name of the variable to use for the policy search.
> + @param[in] VendorGuid
> The vendor GUID of the variable to use for the policy
> +
> search.
> + @param[in,out] VariableLockPolicyVariableNameBufferSize On input,
> the size, in bytes, of the
> +
> VariableLockPolicyVariableName buffer.
> +
> +
> On output, the size, in bytes, needed to store the variable
> +
> policy variable name.
> +
> + If
> testing for the VariableLockPolicyVariableName buffer
> +
> size needed, set this value to zero so EFI_BUFFER_TOO_SMALL
> + is
> guaranteed to be returned if the variable policy variable
> +
> name is found.
> + @param[out] VariablePolicy
> Pointer to a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariableLockPolicyVariableName
> Pointer to a buffer where the variable name used for the
> +
> variable lock on variable state policy will be written if
> + a
> variable name is registered.
> +
> + If
> the lock on variable policy is not associated with a
> +
> variable name (e.g. applied to variable vendor namespace)
> +
> and this parameter is given, this parameter will not be
> +
> modified and VariableLockPolicyVariableNameBufferSize will
> +
> be set to zero to indicate a name was not present.
> +
> + If
> the pointer given is not NULL,
> +
> VariableLockPolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A Lock on Variable State
> variable policy entry was found and returned
> + successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariableLockPolicyVariableName buffer is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> +
> VariableLockPolicyVariableName is non-NULL and
> +
> VariableLockPolicyVariableNameBufferSize is NULL.
> + @retval EFI_NOT_FOUND A Lock on Variable State
> variable policy was not found for the given UEFI
> + variable name and vendor
> GUID.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetLockOnVariableStateVariablePolicyInfo (
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN
> *VariableLockPolicyVariableNameBufferSize OPTIONAL,
> + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy,
> + OUT CHAR16
> *VariableLockPolicyVariableName OPTIONAL
> + );
> +
> /**
> This API function returns whether or not the policy engine is
> currently being enforced.
> diff --git a/MdeModulePkg/Include/Protocol/VariablePolicy.h
> b/MdeModulePkg/Include/Protocol/VariablePolicy.h
> index 98d739401f83..4b57f70a9da8 100644
> --- a/MdeModulePkg/Include/Protocol/VariablePolicy.h
> +++ b/MdeModulePkg/Include/Protocol/VariablePolicy.h
> @@ -9,7 +9,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #ifndef __EDKII_VARIABLE_POLICY_PROTOCOL__
> #define __EDKII_VARIABLE_POLICY_PROTOCOL__
>
> -#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION
> 0x0000000000010000
> +#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION
> 0x0000000000020000
> +
> +/*
> + Rev 0x0000000000010000:
> + - Initial protocol definition
> +
> + Rev 0x0000000000020000:
> + - Add GetVariablePolicyInfo() API
> + - Add GetLockOnVariableStateVariablePolicyInfo() API
> +
> +*/
>
> #define EDKII_VARIABLE_POLICY_PROTOCOL_GUID \
> { \
> @@ -141,13 +151,122 @@ EFI_STATUS
> VOID
> );
>
> +/**
> + This function will return variable policy information for a UEFI
variable
> with a
> + registered variable policy.
> +
> + @param[in] VariableName The
> name of the variable to use for the policy search.
> + @param[in] VendorGuid The
> vendor GUID of the variable to use for the policy search.
> + @param[in,out] VariablePolicyVariableNameBufferSize On input, the
> size, in bytes, of the VariablePolicyVariableName
> + buffer.
> +
> + On
> output, the size, in bytes, needed to store the variable
> + policy
> variable name.
> +
> + If
> testing for the VariablePolicyVariableName buffer size
> +
> needed, set this value to zero so EFI_BUFFER_TOO_SMALL is
> +
> guaranteed to be returned if the variable policy variable name
> + is
> found.
> + @param[out] VariablePolicy Pointer to
> a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariablePolicyVariableName Pointer to
> a buffer where the variable name used for the
> +
> variable policy will be written if a variable name is
> +
> registered.
> +
> + If the
> variable policy is not associated with a variable name
> + (e.g.
> applied to variable vendor namespace) and this parameter
> + is
> given, this parameter will not be modified and
> +
> VariablePolicyVariableNameBufferSize will be set to zero to
> +
> indicate a name was not present.
> +
> + If the
> pointer given is not NULL,
> +
> VariablePolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A variable policy entry was
> found and returned successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariablePolicyVariableName buffer value is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> + VariablePolicyVariableName
> is non-NULL and VariablePolicyVariableNameBufferSize
> + is NULL.
> + @retval EFI_NOT_FOUND A variable policy was not
> found for the given UEFI variable name and vendor GUID.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *GET_VARIABLE_POLICY_INFO)(
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN
> *VariablePolicyVariableNameBufferSize OPTIONAL,
> + OUT VARIABLE_POLICY_ENTRY *VariablePolicy,
> + OUT CHAR16
> *VariablePolicyVariableName OPTIONAL
> + );
> +
> +/**
> + This function will return the Lock on Variable State policy information
for
> the policy
> + associated with the given UEFI variable.
> +
> + @param[in] VariableName
> The name of the variable to use for the policy search.
> + @param[in] VendorGuid
> The vendor GUID of the variable to use for the policy
> +
> search.
> + @param[in,out] VariableLockPolicyVariableNameBufferSize On input,
> the size, in bytes, of the
> +
> VariableLockPolicyVariableName buffer.
> +
> +
> On output, the size, in bytes, needed to store the variable
> +
> policy variable name.
> +
> + If
> testing for the VariableLockPolicyVariableName buffer
> +
> size needed, set this value to zero so EFI_BUFFER_TOO_SMALL
> + is
> guaranteed to be returned if the variable policy variable
> +
> name is found.
> + @param[out] VariablePolicy
> Pointer to a buffer where the policy entry will be written
> + if
> found.
> + @param[out] VariableLockPolicyVariableName
> Pointer to a buffer where the variable name used for the
> +
> variable lock on variable state policy will be written if
> + a
> variable name is registered.
> +
> + If
> the lock on variable policy is not associated with a
> +
> variable name (e.g. applied to variable vendor namespace)
> +
> and this parameter is given, this parameter will not be
> +
> modified and VariableLockPolicyVariableNameBufferSize will
> +
> be set to zero to indicate a name was not present.
> +
> + If
> the pointer given is not NULL,
> +
> VariableLockPolicyVariableNameBufferSize must be non-NULL.
> +
> + @retval EFI_SUCCESS A Lock on Variable State
> variable policy entry was found and returned
> + successfully.
> + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused
> a calculation error.
> + @retval EFI_BUFFER_TOO_SMALL The
> VariableLockPolicyVariableName buffer is too small for the size needed.
> + The buffer should now point
> to the size needed.
> + @retval EFI_NOT_READY Variable policy has not yet
> been initialized.
> + @retval EFI_INVALID_PARAMETER A required pointer argument
> passed is NULL. This will be returned if
> +
> VariableLockPolicyVariableName is non-NULL and
> +
> VariableLockPolicyVariableNameBufferSize is NULL.
> + @retval EFI_NOT_FOUND A Lock on Variable State
> variable policy was not found for the given UEFI
> + variable name and vendor
> GUID.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *GET_LOCK_ON_VARIABLE_STATE_VARIABLE_POLICY_INFO)(
> + IN CONST CHAR16 *VariableName,
> + IN CONST EFI_GUID *VendorGuid,
> + IN OUT UINTN
> *VariableLockPolicyVariableNameBufferSize OPTIONAL,
> + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy,
> + OUT CHAR16
> *VariableLockPolicyVariableName OPTIONAL
> + );
> +
> typedef struct {
> - UINT64 Revision;
> - DISABLE_VARIABLE_POLICY DisableVariablePolicy;
> - IS_VARIABLE_POLICY_ENABLED IsVariablePolicyEnabled;
> - REGISTER_VARIABLE_POLICY RegisterVariablePolicy;
> - DUMP_VARIABLE_POLICY DumpVariablePolicy;
> - LOCK_VARIABLE_POLICY LockVariablePolicy;
> + UINT64 Revision;
> + DISABLE_VARIABLE_POLICY
> DisableVariablePolicy;
> + IS_VARIABLE_POLICY_ENABLED
> IsVariablePolicyEnabled;
> + REGISTER_VARIABLE_POLICY
> RegisterVariablePolicy;
> + DUMP_VARIABLE_POLICY
> DumpVariablePolicy;
> + LOCK_VARIABLE_POLICY
> LockVariablePolicy;
> + GET_VARIABLE_POLICY_INFO
> GetVariablePolicyInfo;
> + GET_LOCK_ON_VARIABLE_STATE_VARIABLE_POLICY_INFO
> GetLockOnVariableStateVariablePolicyInfo;
> } _EDKII_VARIABLE_POLICY_PROTOCOL;
>
> typedef _EDKII_VARIABLE_POLICY_PROTOCOL
> EDKII_VARIABLE_POLICY_PROTOCOL;
> diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> index 3fe6043bf631..7048d555f0a9 100644
> --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> @@ -32,6 +32,7 @@ [Packages]
>
>
> [LibraryClasses]
> + BaseLib
> DebugLib
> BaseMemoryLib
> MemoryAllocationLib
> --
> 2.42.0.windows.2
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#108841):
> https://edk2.groups.io/g/devel/message/108841
> Mute This Topic: https://groups.io/mt/101457410/4905953
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109982): https://edk2.groups.io/g/devel/message/109982
Mute This Topic: https://groups.io/mt/102152457/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-24 5:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-19 14:32 [edk2-devel] [PATCH v1 0/3] Add Variable Policy Audit and Shell Command Michael Kubacki
2023-09-19 14:32 ` [edk2-devel] [PATCH v1 1/3] MdeModulePkg/VariablePolicy: Add more granular variable policy querying Michael Kubacki
2023-10-24 5:11 ` gaoliming via groups.io [this message]
2023-09-19 14:32 ` [edk2-devel] [PATCH v1 2/3] ShellPkg: Add varpolicy dynamic shell command Michael Kubacki
2023-10-24 5:16 ` 回复: " gaoliming via groups.io
2023-10-24 6:21 ` Gao, Zhichao
2023-10-24 23:36 ` Michael Kubacki
2023-09-19 14:33 ` [edk2-devel] [PATCH v1 3/3] OvmfPkg: Add varpolicy " Michael Kubacki
2023-10-24 0:44 ` Yao, Jiewen
2023-10-24 2:13 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01de01da0638$9dd09a00$d971ce00$@byosoft.com.cn' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox