From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 4E6D8AC0A71 for ; Tue, 24 Oct 2023 05:12:43 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=d6ajBZK3rrzn/Nw4JEo+CQarfE+I42TJkyTmjmeLF6w=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20140610; t=1698124361; v=1; b=vXFtCIDXmUW1f6n9R8IOeWun5Fhc6S9K5ce9gmheNidteyk/WzqRhn8Y5yve5//koQt9kSUX 2hVuexrK6k1LZ0LgGYiA31WFbrTfFFKfp2kNU0vqVg4yaG1Axjrmh1NIeTJiL3OvB2BZzIDopYu fH9H+8quG2zgUQo02xLfUc5Q= X-Received: by 127.0.0.2 with SMTP id 1jIlYY7687511xHIVwHh3Tqj; Mon, 23 Oct 2023 22:12:41 -0700 X-Received: from cxsh.intel-email.com (cxsh.intel-email.com [121.46.250.151]) by mx.groups.io with SMTP id smtpd.web11.11540.1698124332462867298 for ; Mon, 23 Oct 2023 22:12:40 -0700 X-Received: from cxsh.intel-email.com (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id D693CDDA7FA for ; Tue, 24 Oct 2023 13:12:06 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id D1860DDA7F4 for ; Tue, 24 Oct 2023 13:12:06 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by cxsh.intel-email.com (Postfix) with SMTP id 0001BDDA7FF for ; Tue, 24 Oct 2023 13:12:03 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Tue, 24 Oct 2023 13:11:58 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: , Cc: "'Dandan Bi'" , "'Hao A Wu'" , "'Jian J Wang'" References: <20230919143300.398-1-mikuback@linux.microsoft.com> <20230919143300.398-2-mikuback@linux.microsoft.com> In-Reply-To: <20230919143300.398-2-mikuback@linux.microsoft.com> Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIHYxIDEvM10gTWRlTW9kdWxlUGtnL1ZhcmlhYmxlUG9saWN5OiBBZGQgbW9yZSBncmFudWxhciB2YXJpYWJsZSBwb2xpY3kgcXVlcnlpbmc=?= Date: Tue, 24 Oct 2023 13:11:59 +0800 Message-ID: <01de01da0638$9dd09a00$d971ce00$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQIlxg2U528gZV/l7QtCXlgQCC/zQAFbvoIrr7YG9aA= Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: KKxY8N1H9jed4emP9Hkk8Xzkx7686176AA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=vXFtCIDX; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Michael: The change is good to me. Reviewed-by: Liming Gao Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: devel@edk2.groups.io =B4=FA=B1= =ED Michael > Kubacki > =B7=A2=CB=CD=CA=B1=BC=E4: 2023=C4=EA9=D4=C219=C8=D5 22:33 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: Dandan Bi ; Hao A Wu ; > Jian J Wang ; Liming Gao > > =D6=F7=CC=E2: [edk2-devel] [PATCH v1 1/3] MdeModulePkg/VariablePolicy: Ad= d more > granular variable policy querying >=20 > From: Michael Kubacki >=20 > Introduces two new APIs to EDKII_VARIABLE_POLICY_PROTOCOL: > 1. GetVariablePolicyInfo() > 2. GetLockOnVariableStateVariablePolicyInfo() >=20 > These allow a caller to retrieve policy information associated with > a UEFI variable given the variable name and vendor GUID. >=20 > GetVariablePolicyInfo() - Returns the variable policy applied to the > UEFI variable. If the variable policy is applied toward an individual > UEFI variable, that name can optionally be returned. >=20 > GetLockOnVariableStateVariablePolicyInfo() - Returns the Lock on > Variable State policy applied to the UEFI variable. If the Lock on > Variable State policy is applied to a specific variable name, that > name can optionally be returned. >=20 > These functions can be useful for a variety of purposes such as > auditing, testing, and functional flows. >=20 > Also fixed some variable name typos in code touched by the changes. >=20 > Cc: Dandan Bi > Cc: Hao A Wu > Cc: Jian J Wang > Cc: Liming Gao > Signed-off-by: Michael Kubacki > --- > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | > 174 ++++++++-- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | > 304 +++++++++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > | 4 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | > 346 +++++++++++++++++++- > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > | 39 ++- > MdeModulePkg/Include/Library/VariablePolicyLib.h | > 107 ++++++ > MdeModulePkg/Include/Protocol/VariablePolicy.h | > 133 +++++++- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 1 > + > 8 files changed, 1062 insertions(+), 46 deletions(-) >=20 > diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > index 5de46133bb26..1448af85555a 100644 > --- a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > @@ -76,14 +76,20 @@ VarCheckPolicyLibMmiHandler ( > VOID *InternalCommBuffer; > EFI_STATUS Status; > EFI_STATUS SubCommandStatus; > - VAR_CHECK_POLICY_COMM_HEADER > *PolicyCommmHeader; > - VAR_CHECK_POLICY_COMM_HEADER > *InternalPolicyCommmHeader; > + VAR_CHECK_POLICY_COMM_HEADER > *PolicyCommHeader; > + VAR_CHECK_POLICY_COMM_HEADER > *InternalPolicyCommHeader; > VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS > *IsEnabledParams; > VAR_CHECK_POLICY_COMM_DUMP_PARAMS *DumpParamsIn; > VAR_CHECK_POLICY_COMM_DUMP_PARAMS > *DumpParamsOut; > + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS > *GetInfoParamsInternal; > + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS > *GetInfoParamsExternal; > + CHAR16 > *InternalCopyOfOutputVariableName; > + CHAR16 > *ExternalCopyOfOutputVariableName; > UINT8 *DumpInputBuffer; > UINT8 *DumpOutputBuffer; > + UINTN > AllowedOutputVariableNameSize; > UINTN DumpTotalPages; > + UINTN LocalSize; > VARIABLE_POLICY_ENTRY *PolicyEntry; > UINTN ExpectedSize; > UINT32 TempSize; > @@ -122,21 +128,21 @@ VarCheckPolicyLibMmiHandler ( > // > InternalCommBuffer =3D &mSecurityEvalBuffer[0]; > CopyMem (InternalCommBuffer, CommBuffer, InternalCommBufferSize); > - PolicyCommmHeader =3D CommBuffer; > - InternalPolicyCommmHeader =3D InternalCommBuffer; > + PolicyCommHeader =3D CommBuffer; > + InternalPolicyCommHeader =3D InternalCommBuffer; > // Check the revision and the signature of the comm header. > - if ((InternalPolicyCommmHeader->Signature !=3D > VAR_CHECK_POLICY_COMM_SIG) || > - (InternalPolicyCommmHeader->Revision !=3D > VAR_CHECK_POLICY_COMM_REVISION)) > + if ((InternalPolicyCommHeader->Signature !=3D > VAR_CHECK_POLICY_COMM_SIG) || > + (InternalPolicyCommHeader->Revision !=3D > VAR_CHECK_POLICY_COMM_REVISION)) > { > DEBUG ((DEBUG_INFO, "%a - Signature or revision are incorrect!\n", > __func__)); > // We have verified the buffer is not null and have enough size to hold > Result field. > - PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER; > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > return EFI_SUCCESS; > } >=20 > // If we're in the middle of a paginated dump and any other command is > sent, > // pagination cache must be cleared. > - if ((mPaginationCache !=3D NULL) && > (InternalPolicyCommmHeader->Command !=3D mCurrentPaginationCommand)) > { > + if ((mPaginationCache !=3D NULL) && > (InternalPolicyCommHeader->Command !=3D mCurrentPaginationCommand)) { > FreePool (mPaginationCache); > mPaginationCache =3D NULL; > mPaginationCacheSize =3D 0; > @@ -146,10 +152,10 @@ VarCheckPolicyLibMmiHandler ( > // > // Now we can process the command as it was sent. > // > - PolicyCommmHeader->Result =3D EFI_ABORTED; // Set a default return > for incomplete commands. > - switch (InternalPolicyCommmHeader->Command) { > + PolicyCommHeader->Result =3D EFI_ABORTED; // Set a default return > for incomplete commands. > + switch (InternalPolicyCommHeader->Command) { > case VAR_CHECK_POLICY_COMMAND_DISABLE: > - PolicyCommmHeader->Result =3D DisableVariablePolicy (); > + PolicyCommHeader->Result =3D DisableVariablePolicy (); > break; >=20 > case VAR_CHECK_POLICY_COMMAND_IS_ENABLED: > @@ -158,14 +164,14 @@ VarCheckPolicyLibMmiHandler ( > ExpectedSize +=3D sizeof > (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS); > if (InternalCommBufferSize < ExpectedSize) { > DEBUG ((DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", > __func__, InternalCommBufferSize, ExpectedSize)); > - PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER; > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > break; > } >=20 > // Now that we know we've got a valid size, we can fill in the res= t of > the data. > - IsEnabledParams =3D > (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *)((UINT8 > *)CommBuffer + sizeof (VAR_CHECK_POLICY_COMM_HEADER)); > - IsEnabledParams->State =3D IsVariablePolicyEnabled (); > - PolicyCommmHeader->Result =3D EFI_SUCCESS; > + IsEnabledParams =3D > (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *)((UINT8 > *)CommBuffer + sizeof (VAR_CHECK_POLICY_COMM_HEADER)); > + IsEnabledParams->State =3D IsVariablePolicyEnabled (); > + PolicyCommHeader->Result =3D EFI_SUCCESS; > break; >=20 > case VAR_CHECK_POLICY_COMMAND_REGISTER: > @@ -174,7 +180,7 @@ VarCheckPolicyLibMmiHandler ( > ExpectedSize +=3D sizeof (VARIABLE_POLICY_ENTRY); > if (InternalCommBufferSize < ExpectedSize) { > DEBUG ((DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", > __func__, InternalCommBufferSize, ExpectedSize)); > - PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER; > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > break; > } >=20 > @@ -187,11 +193,11 @@ VarCheckPolicyLibMmiHandler ( > (InternalCommBufferSize < ExpectedSize)) > { > DEBUG ((DEBUG_INFO, "%a - Bad policy entry contents!\n", > __func__)); > - PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER; > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > break; > } >=20 > - PolicyCommmHeader->Result =3D RegisterVariablePolicy (PolicyEntry)= ; > + PolicyCommHeader->Result =3D RegisterVariablePolicy (PolicyEntry); > break; >=20 > case VAR_CHECK_POLICY_COMMAND_DUMP: > @@ -200,13 +206,13 @@ VarCheckPolicyLibMmiHandler ( > ExpectedSize +=3D sizeof > (VAR_CHECK_POLICY_COMM_DUMP_PARAMS) + > VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE; > if (InternalCommBufferSize < ExpectedSize) { > DEBUG ((DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", > __func__, InternalCommBufferSize, ExpectedSize)); > - PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER; > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > break; > } >=20 > // Now that we know we've got a valid size, we can fill in the res= t of > the data. > - DumpParamsIn =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS > *)(InternalPolicyCommmHeader + 1); > - DumpParamsOut =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS > *)(PolicyCommmHeader + 1); > + DumpParamsIn =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS > *)(InternalPolicyCommHeader + 1); > + DumpParamsOut =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS > *)(PolicyCommHeader + 1); >=20 > // If we're requesting the first page, initialize the cache and ge= t the > sizes. > if (DumpParamsIn->PageRequested =3D=3D 0) { > @@ -289,17 +295,131 @@ VarCheckPolicyLibMmiHandler ( > } >=20 > // There's currently no use for this, but it shouldn't be hard to > implement. > - PolicyCommmHeader->Result =3D SubCommandStatus; > + PolicyCommHeader->Result =3D SubCommandStatus; > break; >=20 > case VAR_CHECK_POLICY_COMMAND_LOCK: > - PolicyCommmHeader->Result =3D LockVariablePolicy (); > + PolicyCommHeader->Result =3D LockVariablePolicy (); > + break; > + > + case VAR_CHECK_POLICY_COMMAND_GET_INFO: > + case VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO: > + ExpectedSize +=3D > VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END + > VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE; > + > + if (InternalCommBufferSize < ExpectedSize) { > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > + break; > + } > + > + GetInfoParamsInternal =3D > (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS > *)(InternalPolicyCommHeader + 1); > + GetInfoParamsExternal =3D > (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS *)(PolicyCommHeader + > 1); > + > + SubCommandStatus =3D SafeUintnSub ( > + > VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE, > + > GetInfoParamsInternal->InputVariableNameSize, > + &AllowedOutputVariableNameSize > + ); > + if (EFI_ERROR (SubCommandStatus)) { > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > + break; > + } > + > + if (GetInfoParamsInternal->OutputVariableNameSize > 0) { > + SubCommandStatus =3D SafeUintnAdd ( > + ((UINTN)GetInfoParamsInternal + > VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END), > + > (UINTN)GetInfoParamsInternal->InputVariableNameSize, > + (UINTN > *)&InternalCopyOfOutputVariableName > + ); > + if (EFI_ERROR (SubCommandStatus)) { > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > + break; > + } > + } else { > + InternalCopyOfOutputVariableName =3D NULL; > + } > + > + ZeroMem (&GetInfoParamsInternal->OutputPolicyEntry, sizeof > (GetInfoParamsInternal->OutputPolicyEntry)); > + ZeroMem (&GetInfoParamsExternal->OutputPolicyEntry, sizeof > (GetInfoParamsExternal->OutputPolicyEntry)); > + > + LocalSize =3D > (UINTN)GetInfoParamsInternal->OutputVariableNameSize; > + > + if (InternalPolicyCommHeader->Command =3D=3D > VAR_CHECK_POLICY_COMMAND_GET_INFO) { > + SubCommandStatus =3D GetVariablePolicyInfo ( > + > GetInfoParamsInternal->InputVariableName, > + > &GetInfoParamsInternal->InputVendorGuid, > + &LocalSize, > + > &GetInfoParamsInternal->OutputPolicyEntry.VariablePolicy, > + InternalCopyOfOutputVariableName > + ); > + } else if (InternalPolicyCommHeader->Command =3D=3D > VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO) { > + SubCommandStatus =3D GetLockOnVariableStateVariablePolicyInfo > ( > + > GetInfoParamsInternal->InputVariableName, > + > &GetInfoParamsInternal->InputVendorGuid, > + &LocalSize, > + > &GetInfoParamsInternal->OutputPolicyEntry.LockOnVarStatePolicy, > + InternalCopyOfOutputVariableName > + ); > + } else { > + PolicyCommHeader->Result =3D EFI_INVALID_PARAMETER; > + break; > + } > + > + if (EFI_ERROR (SubCommandStatus) && (SubCommandStatus !=3D > EFI_BUFFER_TOO_SMALL)) { > + PolicyCommHeader->Result =3D SubCommandStatus; > + break; > + } > + > + if (EFI_ERROR (SafeUintnToUint32 (LocalSize, > &GetInfoParamsInternal->OutputVariableNameSize))) { > + PolicyCommHeader->Result =3D EFI_BAD_BUFFER_SIZE; > + break; > + } > + > + ASSERT (sizeof (GetInfoParamsInternal->OutputPolicyEntry) =3D=3D s= izeof > (GetInfoParamsExternal->OutputPolicyEntry)); > + CopyMem ( > + &GetInfoParamsExternal->OutputPolicyEntry, > + &GetInfoParamsInternal->OutputPolicyEntry, > + sizeof (GetInfoParamsExternal->OutputPolicyEntry) > + ); > + > + GetInfoParamsExternal->OutputVariableNameSize =3D > GetInfoParamsInternal->OutputVariableNameSize; > + if (SubCommandStatus =3D=3D EFI_BUFFER_TOO_SMALL) { > + PolicyCommHeader->Result =3D EFI_BUFFER_TOO_SMALL; > + break; > + } > + > + SubCommandStatus =3D SafeUintnAdd ( > + ((UINTN)GetInfoParamsExternal + > VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END), > + > (UINTN)GetInfoParamsInternal->InputVariableNameSize, > + (UINTN > *)&ExternalCopyOfOutputVariableName > + ); > + if (EFI_ERROR (SubCommandStatus)) { > + PolicyCommHeader->Result =3D EFI_BAD_BUFFER_SIZE; > + break; > + } > + > + if (GetInfoParamsInternal->OutputVariableNameSize > 0) { > + SubCommandStatus =3D StrnCpyS ( > + ExternalCopyOfOutputVariableName, > + AllowedOutputVariableNameSize, > + InternalCopyOfOutputVariableName, > + > (UINTN)GetInfoParamsInternal->OutputVariableNameSize > + ); > + ASSERT_EFI_ERROR (SubCommandStatus); > + } else { > + // The comm buffer should always have the space for the variable > policy output > + // variable name. Fill it with NULL chars if a variable name is not > present so > + // it has a consistent value in the case of variable name absence. > + SetMem (ExternalCopyOfOutputVariableName, > AllowedOutputVariableNameSize, CHAR_NULL); > + } > + > + PolicyCommHeader->Result =3D SubCommandStatus; > + > break; >=20 > default: > // Mark unknown requested command as EFI_UNSUPPORTED. > - DEBUG ((DEBUG_INFO, "%a - Invalid command requested! %d\n", > __func__, PolicyCommmHeader->Command)); > - PolicyCommmHeader->Result =3D EFI_UNSUPPORTED; > + DEBUG ((DEBUG_INFO, "%a - Invalid command requested! %d\n", > __func__, PolicyCommHeader->Command)); > + PolicyCommHeader->Result =3D EFI_UNSUPPORTED; > break; > } >=20 > @@ -307,8 +427,8 @@ VarCheckPolicyLibMmiHandler ( > DEBUG_VERBOSE, > "%a - Command %d returning %r.\n", > __func__, > - PolicyCommmHeader->Command, > - PolicyCommmHeader->Result > + PolicyCommHeader->Command, > + PolicyCommHeader->Result > )); >=20 > return Status; > diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > index 214f76ab9626..768662829dbf 100644 > --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > #include >=20 > +#include > #include > #include > #include > @@ -684,6 +685,309 @@ DumpVariablePolicy ( > return EFI_SUCCESS; > } >=20 > +/** > + This function will return variable policy information for a UEFI variable > with a > + registered variable policy. > + > + @param[in] VariableName The > name of the variable to use for the policy search. > + @param[in] VendorGuid The > vendor GUID of the variable to use for the policy search. > + @param[in,out] VariablePolicyVariableNameBufferSize On input, the > size, in bytes, of the VariablePolicyVariableName > + buffer. > + > + On > output, the size, in bytes, needed to store the variable > + policy > variable name. > + > + If > testing for the VariablePolicyVariableName buffer size > + > needed, set this value to zero so EFI_BUFFER_TOO_SMALL is > + > guaranteed to be returned if the variable policy variable name > + is > found. > + @param[out] VariablePolicy Pointer to > a buffer where the policy entry will be written > + if > found. > + @param[out] VariablePolicyVariableName Pointer to > a buffer where the variable name used for the > + > variable policy will be written if a variable name is > + > registered. > + > + If the > variable policy is not associated with a variable name > + (e.g. > applied to variable vendor namespace) and this parameter > + is > given, this parameter will not be modified and > + > VariablePolicyVariableNameBufferSize will be set to zero to > + > indicate a name was not present. > + > + If the > pointer given is not NULL, > + > VariablePolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A variable policy entry was > found and returned successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariablePolicyVariableName buffer value is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + VariablePolicyVariableName > is non-NULL and VariablePolicyVariableNameBufferSize > + is NULL. > + @retval EFI_NOT_FOUND A variable policy was not > found for the given UEFI variable name and vendor GUID. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetVariablePolicyInfo ( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN > *VariablePolicyVariableNameBufferSize OPTIONAL, > + OUT VARIABLE_POLICY_ENTRY *VariablePolicy, > + OUT CHAR16 *VariablePolicyVariableName > OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + UINT8 MatchPriority; > + UINTN LocalVariablePolicyVariableNameBufferSize; > + UINTN > RequiredVariablePolicyVariableNameBufferSize; > + VARIABLE_POLICY_ENTRY *MatchPolicy; > + > + Status =3D EFI_SUCCESS; > + > + if (!IsVariablePolicyLibInitialized ()) { > + return EFI_NOT_READY; > + } > + > + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (Variabl= ePolicy =3D=3D > NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + MatchPolicy =3D GetBestPolicyMatch ( > + VariableName, > + VendorGuid, > + &MatchPriority > + ); > + if (MatchPolicy !=3D NULL) { > + CopyMem (VariablePolicy, MatchPolicy, sizeof (*VariablePolicy)); > + > + if (VariablePolicyVariableNameBufferSize =3D=3D NULL) { > + if (VariablePolicyVariableName !=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + return Status; > + } > + > + if (MatchPolicy->Size !=3D MatchPolicy->OffsetToName) { > + if (MatchPolicy->Size < MatchPolicy->OffsetToName) { > + ASSERT (MatchPolicy->Size > MatchPolicy->OffsetToName); > + return EFI_BAD_BUFFER_SIZE; > + } > + > + RequiredVariablePolicyVariableNameBufferSize =3D > (UINTN)(MatchPolicy->Size - MatchPolicy->OffsetToName); > + ASSERT (RequiredVariablePolicyVariableNameBufferSize > 0); > + > + if (*VariablePolicyVariableNameBufferSize < > RequiredVariablePolicyVariableNameBufferSize) { > + // Let the caller get the size needed to hold the policy variabl= e > name > + *VariablePolicyVariableNameBufferSize =3D > RequiredVariablePolicyVariableNameBufferSize; > + return EFI_BUFFER_TOO_SMALL; > + } > + > + if (VariablePolicyVariableName =3D=3D NULL) { > + // If the policy variable name size given is valid, then a valid policy > variable name buffer should be provided > + *VariablePolicyVariableNameBufferSize =3D > RequiredVariablePolicyVariableNameBufferSize; > + return EFI_INVALID_PARAMETER; > + } > + > + LocalVariablePolicyVariableNameBufferSize =3D > *VariablePolicyVariableNameBufferSize; > + > + // Actual string size should match expected string size > + if ( > + ((StrnLenS (GET_POLICY_NAME (MatchPolicy), > RequiredVariablePolicyVariableNameBufferSize) + 1) * sizeof (CHAR16)) > + !=3D RequiredVariablePolicyVariableNameBufferSize) > + { > + ASSERT_EFI_ERROR (EFI_BAD_BUFFER_SIZE); > + return EFI_BAD_BUFFER_SIZE; > + } > + > + *VariablePolicyVariableNameBufferSize =3D > RequiredVariablePolicyVariableNameBufferSize; > + > + Status =3D StrnCpyS ( > + VariablePolicyVariableName, > + LocalVariablePolicyVariableNameBufferSize / sizeof > (CHAR16), > + GET_POLICY_NAME (MatchPolicy), > + RequiredVariablePolicyVariableNameBufferSize / sizeof > (CHAR16) > + ); > + ASSERT_EFI_ERROR (Status); > + } else { > + // A variable policy variable name is not present. Return values > according to interface. > + *VariablePolicyVariableNameBufferSize =3D 0; > + } > + > + return Status; > + } > + > + return EFI_NOT_FOUND; > +} > + > +/** > + This function will return the Lock on Variable State policy informatio= n for > the policy > + associated with the given UEFI variable. > + > + @param[in] VariableName > The name of the variable to use for the policy search. > + @param[in] VendorGuid > The vendor GUID of the variable to use for the policy > + > search. > + @param[in,out] VariableLockPolicyVariableNameBufferSize On input, > the size, in bytes, of the > + > VariableLockPolicyVariableName buffer. > + > + > On output, the size, in bytes, needed to store the variable > + > policy variable name. > + > + If > testing for the VariableLockPolicyVariableName buffer > + > size needed, set this value to zero so EFI_BUFFER_TOO_SMALL > + is > guaranteed to be returned if the variable policy variable > + > name is found. > + @param[out] VariablePolicy > Pointer to a buffer where the policy entry will be written > + if > found. > + @param[out] VariableLockPolicyVariableName > Pointer to a buffer where the variable name used for the > + > variable lock on variable state policy will be written if > + a > variable name is registered. > + > + If > the lock on variable policy is not associated with a > + > variable name (e.g. applied to variable vendor namespace) > + > and this parameter is given, this parameter will not be > + > modified and VariableLockPolicyVariableNameBufferSize will > + > be set to zero to indicate a name was not present. > + > + If > the pointer given is not NULL, > + > VariableLockPolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A Lock on Variable State > variable policy entry was found and returned > + successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariableLockPolicyVariableName buffer is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + > VariableLockPolicyVariableName is non-NULL and > + > VariableLockPolicyVariableNameBufferSize is NULL. > + @retval EFI_NOT_FOUND A Lock on Variable State > variable policy was not found for the given UEFI > + variable name and vendor > GUID. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetLockOnVariableStateVariablePolicyInfo ( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN > *VariableLockPolicyVariableNameBufferSize OPTIONAL, > + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy, > + OUT CHAR16 > *VariableLockPolicyVariableName OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + UINT8 MatchPriority; > + UINTN > RequiredVariablePolicyVariableNameBufferSize; > + UINTN > RequiredVariableLockPolicyVariableNameBufferSize; > + UINTN > LocalVariablePolicyLockVariableNameBufferSize; > + UINTN > LockOnVarStatePolicyEndOffset; > + CHAR16 > *LocalVariableLockPolicyVariableName; > + VARIABLE_LOCK_ON_VAR_STATE_POLICY *LocalLockOnVarStatePolicy; > + VARIABLE_POLICY_ENTRY *MatchPolicy; > + > + Status =3D EFI_SUCCESS; > + > + if (!IsVariablePolicyLibInitialized ()) { > + return EFI_NOT_READY; > + } > + > + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (Variabl= ePolicy =3D=3D > NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + MatchPolicy =3D GetBestPolicyMatch ( > + VariableName, > + VendorGuid, > + &MatchPriority > + ); > + if (MatchPolicy !=3D NULL) { > + if (MatchPolicy->LockPolicyType !=3D > VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) { > + return EFI_NOT_FOUND; > + } > + > + Status =3D SafeUintnAdd ( > + sizeof (VARIABLE_POLICY_ENTRY), > + sizeof (VARIABLE_LOCK_ON_VAR_STATE_POLICY), > + &LockOnVarStatePolicyEndOffset > + ); > + if (EFI_ERROR (Status) || (LockOnVarStatePolicyEndOffset > > (UINTN)MatchPolicy->Size)) { > + return EFI_BAD_BUFFER_SIZE; > + } > + > + LocalLockOnVarStatePolicy =3D > (VARIABLE_LOCK_ON_VAR_STATE_POLICY *)(MatchPolicy + 1); > + CopyMem (VariablePolicy, LocalLockOnVarStatePolicy, sizeof > (*LocalLockOnVarStatePolicy)); > + > + if ((VariableLockPolicyVariableNameBufferSize =3D=3D NULL)) { > + if (VariableLockPolicyVariableName !=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + return Status; > + } > + > + // The name offset should be less than or equal to the total policy size. > + if (MatchPolicy->Size < MatchPolicy->OffsetToName) { > + return EFI_BAD_BUFFER_SIZE; > + } > + > + RequiredVariablePolicyVariableNameBufferSize =3D > (UINTN)(MatchPolicy->Size - MatchPolicy->OffsetToName); > + RequiredVariableLockPolicyVariableNameBufferSize =3D > MatchPolicy->Size - > + > (LockOnVarStatePolicyEndOffset + > RequiredVariablePolicyVariableNameBufferSize); > + > + LocalVariablePolicyLockVariableNameBufferSize =3D > *VariableLockPolicyVariableNameBufferSize; > + *VariableLockPolicyVariableNameBufferSize =3D > RequiredVariableLockPolicyVariableNameBufferSize; > + > + if (LocalVariablePolicyLockVariableNameBufferSize < > RequiredVariableLockPolicyVariableNameBufferSize) { > + // Let the caller get the size needed to hold the policy variable name > + return EFI_BUFFER_TOO_SMALL; > + } > + > + if (VariableLockPolicyVariableName =3D=3D NULL) { > + // If the policy variable name size given is valid, then a valid policy > variable name buffer should be provided > + return EFI_INVALID_PARAMETER; > + } > + > + if (RequiredVariableLockPolicyVariableNameBufferSize =3D=3D 0) { > + return Status; > + } > + > + LocalVariableLockPolicyVariableName =3D (CHAR16 *)((UINT8 > *)LocalLockOnVarStatePolicy + sizeof (*LocalLockOnVarStatePolicy)); > + *VariableLockPolicyVariableNameBufferSize =3D > RequiredVariableLockPolicyVariableNameBufferSize; > + > + // Actual string size should match expected string size (if a variable > name is present) > + if ( > + (RequiredVariablePolicyVariableNameBufferSize > 0) && > + (((StrnLenS (GET_POLICY_NAME (MatchPolicy), > RequiredVariablePolicyVariableNameBufferSize) + 1) * sizeof (CHAR16)) != =3D > + RequiredVariablePolicyVariableNameBufferSize)) > + { > + ASSERT_EFI_ERROR (EFI_BAD_BUFFER_SIZE); > + return EFI_BAD_BUFFER_SIZE; > + } > + > + // Actual string size should match expected string size (if here, variable > lock variable name is present) > + if ( > + ((StrnLenS (LocalVariableLockPolicyVariableName, > RequiredVariableLockPolicyVariableNameBufferSize) + 1) * sizeof > (CHAR16)) !=3D > + RequiredVariableLockPolicyVariableNameBufferSize) > + { > + ASSERT_EFI_ERROR (EFI_BAD_BUFFER_SIZE); > + return EFI_BAD_BUFFER_SIZE; > + } > + > + Status =3D StrnCpyS ( > + VariableLockPolicyVariableName, > + LocalVariablePolicyLockVariableNameBufferSize / sizeof > (CHAR16), > + LocalVariableLockPolicyVariableName, > + RequiredVariableLockPolicyVariableNameBufferSize / > sizeof (CHAR16) > + ); > + ASSERT_EFI_ERROR (Status); > + > + return Status; > + } > + > + return EFI_NOT_FOUND; > +} > + > /** > This API function returns whether or not the policy engine is > currently being enforced. > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > index d5c409c914d1..c4ccdfd20f74 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > @@ -33,7 +33,9 @@ EDKII_VARIABLE_POLICY_PROTOCOL > mVariablePolicyProtocol =3D { > ProtocolIsVariablePolicyEnabled, > RegisterVariablePolicy, > DumpVariablePolicy, > - LockVariablePolicy > + LockVariablePolicy, > + GetVariablePolicyInfo, > + GetLockOnVariableStateVariablePolicyInfo > }; > EDKII_VAR_CHECK_PROTOCOL mVarCheck =3D { > VarCheckRegisterSetVariableCheckHandler, > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > index 6151a2ba0b18..0dd72dde27ce 100644 > --- > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > +++ > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > @@ -410,6 +410,338 @@ ProtocolLockVariablePolicy ( > return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result; > } >=20 > +/** > + Internal implementation to retrieve variable information for a given UEFI > variable that is shared > + between different policy types. > + > + Currently, the two policy structure types supported (and all that is defined) > are VARIABLE_POLICY_ENTRY > + and VARIABLE_LOCK_ON_VAR_STATE_POLICY. > + > + @param[in] Command The > command value to use in the communicate call. > + @param[in] VariableName The > name of the variable to use for the policy search. > + @param[in] VendorGuid The > vendor GUID of the variable to use for the policy search. > + @param[in,out] VariablePolicyVariableNameBufferSize On input, the > size, in bytes, of the VariablePolicyVariableName > + buffer. > + > + On > output, the size, in bytes, needed to store the variable > + policy > variable name. > + > + If > testing for the VariablePolicyVariableName buffer size > + > needed, set this value to zero so EFI_BUFFER_TOO_SMALL is > + > guaranteed to be returned if the variable policy variable name > + is > found. > + @param[out] VariablePolicy Pointer to > a buffer where the policy entry will be written > + if > found. > + @param[out] VariablePolicyVariableName Pointer to > a buffer where the variable name used for the > + > variable policy will be written if a variable name is > + > registered. > + > + If the > variable policy is not associated with a variable name > + (e.g. > applied to variable vendor namespace) and this parameter > + is > given, this parameter will not be modified and > + > VariablePolicyVariableNameBufferSize will be set to zero to > + > indicate a name was not present. > + > + If the > pointer given is not NULL, > + > VariablePolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A variable policy entry was > found and returned successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariablePolicyVariableName buffer value is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + VariablePolicyVariableName > is non-NULL and VariablePolicyVariableNameBufferSize > + is NULL. It can also be > returned if the Command value provided is invalid. > + @retval EFI_NOT_FOUND A variable policy was not > found for the given UEFI variable name and vendor GUID. > + > + > +**/ > +STATIC > +EFI_STATUS > +InternalProtocolGetVariablePolicyInfo ( > + IN UINT32 Command, > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN *VariablePolicyVariableNameBufferSize, OPTIONAL > + OUT VOID *VariablePolicy, > + OUT CHAR16 > *VariablePolicyVariableName OPTIONAL > + ) > +{ > + EFI_STATUS Status; > + CHAR16 *OutputVariableName; > + EFI_MM_COMMUNICATE_HEADER *CommHeader; > + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader; > + VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS *CommandParams; > + UINTN > AllowedOutputVariableNameSize; > + UINTN BufferSize; > + UINTN VariableNameSize; > + > + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (Variabl= ePolicy =3D=3D > NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + switch (Command) { > + case VAR_CHECK_POLICY_COMMAND_GET_INFO: > + case VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO: > + break; > + default: > + return EFI_INVALID_PARAMETER; > + } > + > + AcquireLockOnlyAtBootTime (&mMmCommunicationLock); > + > + VariableNameSize =3D StrnSizeS ( > + VariableName, > + > (VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE - > VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END) > + ); > + if (VariableNameSize >=3D > (VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE - > VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto Done; > + } > + > + if ((VariablePolicyVariableName !=3D NULL) && > (VariablePolicyVariableNameBufferSize =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + goto Done; > + } > + > + BufferSize =3D mMmCommunicationBufferSize; > + CommHeader =3D mMmCommunicationBuffer; > + > + Status =3D SafeUintnSub ( > + VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE, > + VariableNameSize, > + &AllowedOutputVariableNameSize > + ); > + if (EFI_ERROR (Status)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto Done; > + } > + > + if (VariablePolicyVariableNameBufferSize !=3D NULL) { > + AllowedOutputVariableNameSize =3D MIN > (AllowedOutputVariableNameSize, *VariablePolicyVariableNameBufferSize); > + } else { > + AllowedOutputVariableNameSize =3D 0; > + } > + > + PolicyHeader =3D (VAR_CHECK_POLICY_COMM_HEADER > *)&CommHeader->Data; > + CommandParams =3D (VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS > *)(PolicyHeader + 1); > + > + CopyGuid (&CommHeader->HeaderGuid, > &gVarCheckPolicyLibMmiHandlerGuid); > + CommHeader->MessageLength =3D BufferSize - OFFSET_OF > (EFI_MM_COMMUNICATE_HEADER, Data); > + PolicyHeader->Signature =3D VAR_CHECK_POLICY_COMM_SIG; > + PolicyHeader->Revision =3D VAR_CHECK_POLICY_COMM_REVISION; > + PolicyHeader->Command =3D Command; > + > + ZeroMem ((VOID *)&CommandParams->OutputPolicyEntry, sizeof > (CommandParams->OutputPolicyEntry)); > + CopyGuid (&CommandParams->InputVendorGuid, VendorGuid); > + Status =3D SafeUintnToUint32 (VariableNameSize, > &CommandParams->InputVariableNameSize); > + if (EFI_ERROR (Status)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto Done; > + } > + > + Status =3D SafeUintnToUint32 (AllowedOutputVariableNameSize, > &CommandParams->OutputVariableNameSize); > + if (EFI_ERROR (Status)) { > + Status =3D EFI_INVALID_PARAMETER; > + goto Done; > + } > + > + if (AllowedOutputVariableNameSize > 0) { > + Status =3D StrnCpyS ( > + CommandParams->InputVariableName, > + AllowedOutputVariableNameSize / sizeof (CHAR16), > + VariableName, > + (UINTN)CommandParams->InputVariableNameSize / > sizeof (CHAR16) > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status =3D InternalMmCommunicate (CommHeader, &BufferSize); > + if (Status =3D=3D EFI_SUCCESS) { > + CopyMem ( > + VariablePolicy, > + (VOID *)&CommandParams->OutputPolicyEntry, > + (Command =3D=3D VAR_CHECK_POLICY_COMMAND_GET_INFO) ? > + sizeof (CommandParams->OutputPolicyEntry.VariablePolicy) : > + sizeof (CommandParams->OutputPolicyEntry.LockOnVarStatePolicy) > + ); > + > + if (VariablePolicyVariableNameBufferSize =3D=3D NULL) { > + if (VariablePolicyVariableName !=3D NULL) { > + Status =3D EFI_INVALID_PARAMETER; > + } > + > + goto Done; > + } > + > + if (PolicyHeader->Result =3D=3D EFI_BUFFER_TOO_SMALL) { > + *VariablePolicyVariableNameBufferSize =3D > (UINTN)CommandParams->OutputVariableNameSize; > + goto Done; > + } > + > + if (PolicyHeader->Result =3D=3D EFI_SUCCESS) { > + if (CommandParams->OutputVariableNameSize > 0) { > + Status =3D SafeUintnAdd ( > + ((UINTN)CommandParams + > VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END), > + > (UINTN)CommandParams->InputVariableNameSize, > + (UINTN *)&OutputVariableName > + ); > + if (EFI_ERROR (Status)) { > + Status =3D EFI_BAD_BUFFER_SIZE; > + goto Done; > + } > + > + Status =3D StrnCpyS ( > + VariablePolicyVariableName, > + *VariablePolicyVariableNameBufferSize / sizeof > (CHAR16), > + OutputVariableName, > + > (UINTN)CommandParams->OutputVariableNameSize > + ); > + ASSERT_EFI_ERROR (Status); > + *VariablePolicyVariableNameBufferSize =3D > (UINTN)CommandParams->OutputVariableNameSize; > + } else { > + // A variable policy variable name is not present. Return values > according to interface. > + *VariablePolicyVariableNameBufferSize =3D 0; > + } > + } > + } > + > +Done: > + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); > + > + return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result; > +} > + > +/** > + This function will return variable policy information for a UEFI variable > with a > + registered variable policy. > + > + @param[in] VariableName The > name of the variable to use for the policy search. > + @param[in] VendorGuid The > vendor GUID of the variable to use for the policy search. > + @param[in,out] VariablePolicyVariableNameBufferSize On input, the > size, in bytes, of the VariablePolicyVariableName > + buffer. > + > + On > output, the size, in bytes, needed to store the variable > + policy > variable name. > + > + If > testing for the VariablePolicyVariableName buffer size > + > needed, set this value to zero so EFI_BUFFER_TOO_SMALL is > + > guaranteed to be returned if the variable policy variable name > + is > found. > + @param[out] VariablePolicy Pointer to > a buffer where the policy entry will be written > + if > found. > + @param[out] VariablePolicyVariableName Pointer to > a buffer where the variable name used for the > + > variable policy will be written if a variable name is > + > registered. > + > + If the > variable policy is not associated with a variable name > + (e.g. > applied to variable vendor namespace) and this parameter > + is > given, this parameter will not be modified and > + > VariablePolicyVariableNameBufferSize will be set to zero to > + > indicate a name was not present. > + > + If the > pointer given is not NULL, > + > VariablePolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A variable policy entry was > found and returned successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariablePolicyVariableName buffer value is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + VariablePolicyVariableName > is non-NULL and VariablePolicyVariableNameBufferSize > + is NULL. > + @retval EFI_NOT_FOUND A variable policy was not > found for the given UEFI variable name and vendor GUID. > + > +**/ > +STATIC > +EFI_STATUS > +EFIAPI > +ProtocolGetVariablePolicyInfo ( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN *VariablePolicyVariableNameBufferSize, OPTIONAL > + OUT VARIABLE_POLICY_ENTRY *VariablePolicy, > + OUT CHAR16 > *VariablePolicyVariableName OPTIONAL > + ) > +{ > + return InternalProtocolGetVariablePolicyInfo ( > + VAR_CHECK_POLICY_COMMAND_GET_INFO, > + VariableName, > + VendorGuid, > + VariablePolicyVariableNameBufferSize, > + VariablePolicy, > + VariablePolicyVariableName > + ); > +} > + > +/** > + This function will return the Lock on Variable State policy informatio= n for > the policy > + associated with the given UEFI variable. > + > + @param[in] VariableName > The name of the variable to use for the policy search. > + @param[in] VendorGuid > The vendor GUID of the variable to use for the policy > + > search. > + @param[in,out] VariableLockPolicyVariableNameBufferSize On input, > the size, in bytes, of the > + > VariableLockPolicyVariableName buffer. > + > + > On output, the size, in bytes, needed to store the variable > + > policy variable name. > + > + If > testing for the VariableLockPolicyVariableName buffer > + P > size needed, set this value to zero so EFI_BUFFER_TOO_SMALL > + is > guaranteed to be returned if the variable policy variable > + > name is found. > + @param[out] VariablePolicy > Pointer to a buffer where the policy entry will be written > + if > found. > + @param[out] VariableLockPolicyVariableName > Pointer to a buffer where the variable name used for the > + > variable lock on variable state policy will be written if > + a > variable name is registered. > + > + If > the lock on variable policy is not associated with a > + > variable name (e.g. applied to variable vendor namespace) > + > and this parameter is given, this parameter will not be > + > modified and VariableLockPolicyVariableNameBufferSize will > + > be set to zero to indicate a name was not present. > + > + If > the pointer given is not NULL, > + > VariableLockPolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A Lock on Variable State > variable policy entry was found and returned > + successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariableLockPolicyVariableName buffer is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + > VariableLockPolicyVariableName is non-NULL and > + > VariableLockPolicyVariableNameBufferSize is NULL. > + @retval EFI_NOT_FOUND A Lock on Variable State > variable policy was not found for the given UEFI > + variable name and vendor > GUID. > + > +**/ > +STATIC > +EFI_STATUS > +EFIAPI > +ProtocolGetLockOnVariableStateVariablePolicyInfo ( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN *VariableLockPolicyVariableNameBufferSize, OPTIONAL > + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy, > + OUT CHAR16 > *VariableLockPolicyVariableName OPTIONAL > + ) > +{ > + return InternalProtocolGetVariablePolicyInfo ( > + > VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO, > + VariableName, > + VendorGuid, > + VariableLockPolicyVariableNameBufferSize, > + VariablePolicy, > + VariableLockPolicyVariableName > + ); > +} > + > /** > This helper function locates the shared comm buffer and assigns it to input > pointers. >=20 > @@ -514,12 +846,14 @@ VariablePolicySmmDxeMain ( > } >=20 > // Configure the VariablePolicy protocol structure. > - mVariablePolicyProtocol.Revision =3D > EDKII_VARIABLE_POLICY_PROTOCOL_REVISION; > - mVariablePolicyProtocol.DisableVariablePolicy =3D > ProtocolDisableVariablePolicy; > - mVariablePolicyProtocol.IsVariablePolicyEnabled =3D > ProtocolIsVariablePolicyEnabled; > - mVariablePolicyProtocol.RegisterVariablePolicy =3D > ProtocolRegisterVariablePolicy; > - mVariablePolicyProtocol.DumpVariablePolicy =3D > ProtocolDumpVariablePolicy; > - mVariablePolicyProtocol.LockVariablePolicy =3D > ProtocolLockVariablePolicy; > + mVariablePolicyProtocol.Revision > =3D EDKII_VARIABLE_POLICY_PROTOCOL_REVISION; > + mVariablePolicyProtocol.DisableVariablePolicy =3D > ProtocolDisableVariablePolicy; > + mVariablePolicyProtocol.IsVariablePolicyEnabled =3D > ProtocolIsVariablePolicyEnabled; > + mVariablePolicyProtocol.RegisterVariablePolicy =3D > ProtocolRegisterVariablePolicy; > + mVariablePolicyProtocol.DumpVariablePolicy > =3D ProtocolDumpVariablePolicy; > + mVariablePolicyProtocol.LockVariablePolicy =3D > ProtocolLockVariablePolicy; > + mVariablePolicyProtocol.GetVariablePolicyInfo =3D > ProtocolGetVariablePolicyInfo; > + mVariablePolicyProtocol.GetLockOnVariableStateVariablePolicyInfo =3D > ProtocolGetLockOnVariableStateVariablePolicyInfo; >=20 > // Register all the protocols and return the status. > Status =3D gBS->InstallMultipleProtocolInterfaces ( > diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > index ff3d4a1fd68a..a692fa40c946 100644 > --- a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > +++ b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > @@ -32,23 +32,52 @@ typedef struct > _VAR_CHECK_POLICY_COMM_DUMP_PARAMS { > BOOLEAN HasMore; > } VAR_CHECK_POLICY_COMM_DUMP_PARAMS; >=20 > +typedef union { > + VARIABLE_POLICY_ENTRY VariablePolicy; > + VARIABLE_LOCK_ON_VAR_STATE_POLICY LockOnVarStatePolicy; > +} VAR_CHECK_POLICY_OUTPUT_POLICY_ENTRY; > + > +typedef struct _VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS { > + EFI_GUID InputVendorGuid; > + UINT32 > InputVariableNameSize; > + UINT32 > OutputVariableNameSize; > + VAR_CHECK_POLICY_OUTPUT_POLICY_ENTRY OutputPolicyEntry; > + CHAR16 InputVariableName[1]; > +} VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS; > + > #pragma pack(pop) >=20 > +#define VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS_END \ > + > (OFFSET_OF(VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS, > InputVariableName)) > + > // Make sure that we will hold at least the headers. > #define VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE > MAX((OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof > (VAR_CHECK_POLICY_COMM_HEADER) + EFI_PAGES_TO_SIZE(1)), > EFI_PAGES_TO_SIZE(4)) > #define VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE > (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \ >=20 > (OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + \ >=20 > sizeof(VAR_CHECK_POLICY_COMM_HEADER) + \ >=20 > sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS))) > + > +#define VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE > (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \ > + > (OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + \ > + > sizeof(VAR_CHECK_POLICY_COMM_HEADER) + \ > + > OFFSET_OF(VAR_CHECK_POLICY_COMM_GET_INFO_PARAMS, > InputVariableName))) > + > STATIC_ASSERT ( > VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE < > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE, > "an integer underflow may have occurred calculating > VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE" > ); >=20 > -#define VAR_CHECK_POLICY_COMMAND_DISABLE 0x0001 > -#define VAR_CHECK_POLICY_COMMAND_IS_ENABLED 0x0002 > -#define VAR_CHECK_POLICY_COMMAND_REGISTER 0x0003 > -#define VAR_CHECK_POLICY_COMMAND_DUMP 0x0004 > -#define VAR_CHECK_POLICY_COMMAND_LOCK 0x0005 > +STATIC_ASSERT ( > + VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE < > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE, > + "an integer underflow may have occurred calculating > VAR_CHECK_POLICY_MM_GET_INFO_BUFFER_SIZE" > + ); > + > +#define VAR_CHECK_POLICY_COMMAND_DISABLE > 0x0001 > +#define VAR_CHECK_POLICY_COMMAND_IS_ENABLED > 0x0002 > +#define VAR_CHECK_POLICY_COMMAND_REGISTER > 0x0003 > +#define VAR_CHECK_POLICY_COMMAND_DUMP > 0x0004 > +#define VAR_CHECK_POLICY_COMMAND_LOCK > 0x0005 > +#define VAR_CHECK_POLICY_COMMAND_GET_INFO > 0x0006 > +#define VAR_CHECK_POLICY_COMMAND_GET_LOCK_VAR_STATE_INFO > 0x0007 >=20 > #endif // _VAR_CHECK_POLICY_MMI_COMMON_H_ > diff --git a/MdeModulePkg/Include/Library/VariablePolicyLib.h > b/MdeModulePkg/Include/Library/VariablePolicyLib.h > index 63c49fbca1ed..bc4e26b2d434 100644 > --- a/MdeModulePkg/Include/Library/VariablePolicyLib.h > +++ b/MdeModulePkg/Include/Library/VariablePolicyLib.h > @@ -102,6 +102,113 @@ DumpVariablePolicy ( > IN OUT UINT32 *Size > ); >=20 > +/** > + This function will return variable policy information for a UEFI variable > with a > + registered variable policy. > + > + @param[in] VariableName The > name of the variable to use for the policy search. > + @param[in] VendorGuid The > vendor GUID of the variable to use for the policy search. > + @param[in,out] VariablePolicyVariableNameBufferSize On input, the > size, in bytes, of the VariablePolicyVariableName > + buffer. > + > + On > output, the size, in bytes, needed to store the variable > + policy > variable name. > + > + If > testing for the VariablePolicyVariableName buffer size > + > needed, set this value to zero so EFI_BUFFER_TOO_SMALL is > + > guaranteed to be returned if the variable policy variable name > + is > found. > + @param[out] VariablePolicy Pointer to > a buffer where the policy entry will be written > + if > found. > + @param[out] VariablePolicyVariableName Pointer to > a buffer where the variable name used for the > + > variable policy will be written if a variable name is > + > registered. > + > + If the > variable policy is not associated with a variable name > + (e.g. > applied to variable vendor namespace) and this parameter > + is > given, this parameter will not be modified and > + > VariablePolicyVariableNameBufferSize will be set to zero to > + > indicate a name was not present. > + > + If the > pointer given is not NULL, > + > VariablePolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A variable policy entry was > found and returned successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariablePolicyVariableName buffer value is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + VariablePolicyVariableName > is non-NULL and VariablePolicyVariableNameBufferSize > + is NULL. > + @retval EFI_NOT_FOUND A variable policy was not > found for the given UEFI variable name and vendor GUID. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetVariablePolicyInfo ( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN > *VariablePolicyVariableNameBufferSize OPTIONAL, > + OUT VARIABLE_POLICY_ENTRY *VariablePolicy, > + OUT CHAR16 *VariablePolicyVariableName > OPTIONAL > + ); > + > +/** > + This function will return the Lock on Variable State policy informatio= n for > the policy > + associated with the given UEFI variable. > + > + @param[in] VariableName > The name of the variable to use for the policy search. > + @param[in] VendorGuid > The vendor GUID of the variable to use for the policy > + > search. > + @param[in,out] VariableLockPolicyVariableNameBufferSize On input, > the size, in bytes, of the > + > VariableLockPolicyVariableName buffer. > + > + > On output, the size, in bytes, needed to store the variable > + > policy variable name. > + > + If > testing for the VariableLockPolicyVariableName buffer > + > size needed, set this value to zero so EFI_BUFFER_TOO_SMALL > + is > guaranteed to be returned if the variable policy variable > + > name is found. > + @param[out] VariablePolicy > Pointer to a buffer where the policy entry will be written > + if > found. > + @param[out] VariableLockPolicyVariableName > Pointer to a buffer where the variable name used for the > + > variable lock on variable state policy will be written if > + a > variable name is registered. > + > + If > the lock on variable policy is not associated with a > + > variable name (e.g. applied to variable vendor namespace) > + > and this parameter is given, this parameter will not be > + > modified and VariableLockPolicyVariableNameBufferSize will > + > be set to zero to indicate a name was not present. > + > + If > the pointer given is not NULL, > + > VariableLockPolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A Lock on Variable State > variable policy entry was found and returned > + successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariableLockPolicyVariableName buffer is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + > VariableLockPolicyVariableName is non-NULL and > + > VariableLockPolicyVariableNameBufferSize is NULL. > + @retval EFI_NOT_FOUND A Lock on Variable State > variable policy was not found for the given UEFI > + variable name and vendor > GUID. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetLockOnVariableStateVariablePolicyInfo ( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN > *VariableLockPolicyVariableNameBufferSize OPTIONAL, > + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy, > + OUT CHAR16 > *VariableLockPolicyVariableName OPTIONAL > + ); > + > /** > This API function returns whether or not the policy engine is > currently being enforced. > diff --git a/MdeModulePkg/Include/Protocol/VariablePolicy.h > b/MdeModulePkg/Include/Protocol/VariablePolicy.h > index 98d739401f83..4b57f70a9da8 100644 > --- a/MdeModulePkg/Include/Protocol/VariablePolicy.h > +++ b/MdeModulePkg/Include/Protocol/VariablePolicy.h > @@ -9,7 +9,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #ifndef __EDKII_VARIABLE_POLICY_PROTOCOL__ > #define __EDKII_VARIABLE_POLICY_PROTOCOL__ >=20 > -#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION > 0x0000000000010000 > +#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION > 0x0000000000020000 > + > +/* > + Rev 0x0000000000010000: > + - Initial protocol definition > + > + Rev 0x0000000000020000: > + - Add GetVariablePolicyInfo() API > + - Add GetLockOnVariableStateVariablePolicyInfo() API > + > +*/ >=20 > #define EDKII_VARIABLE_POLICY_PROTOCOL_GUID \ > { \ > @@ -141,13 +151,122 @@ EFI_STATUS > VOID > ); >=20 > +/** > + This function will return variable policy information for a UEFI variable > with a > + registered variable policy. > + > + @param[in] VariableName The > name of the variable to use for the policy search. > + @param[in] VendorGuid The > vendor GUID of the variable to use for the policy search. > + @param[in,out] VariablePolicyVariableNameBufferSize On input, the > size, in bytes, of the VariablePolicyVariableName > + buffer. > + > + On > output, the size, in bytes, needed to store the variable > + policy > variable name. > + > + If > testing for the VariablePolicyVariableName buffer size > + > needed, set this value to zero so EFI_BUFFER_TOO_SMALL is > + > guaranteed to be returned if the variable policy variable name > + is > found. > + @param[out] VariablePolicy Pointer to > a buffer where the policy entry will be written > + if > found. > + @param[out] VariablePolicyVariableName Pointer to > a buffer where the variable name used for the > + > variable policy will be written if a variable name is > + > registered. > + > + If the > variable policy is not associated with a variable name > + (e.g. > applied to variable vendor namespace) and this parameter > + is > given, this parameter will not be modified and > + > VariablePolicyVariableNameBufferSize will be set to zero to > + > indicate a name was not present. > + > + If the > pointer given is not NULL, > + > VariablePolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A variable policy entry was > found and returned successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariablePolicyVariableName buffer value is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + VariablePolicyVariableName > is non-NULL and VariablePolicyVariableNameBufferSize > + is NULL. > + @retval EFI_NOT_FOUND A variable policy was not > found for the given UEFI variable name and vendor GUID. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *GET_VARIABLE_POLICY_INFO)( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN > *VariablePolicyVariableNameBufferSize OPTIONAL, > + OUT VARIABLE_POLICY_ENTRY *VariablePolicy, > + OUT CHAR16 > *VariablePolicyVariableName OPTIONAL > + ); > + > +/** > + This function will return the Lock on Variable State policy informatio= n for > the policy > + associated with the given UEFI variable. > + > + @param[in] VariableName > The name of the variable to use for the policy search. > + @param[in] VendorGuid > The vendor GUID of the variable to use for the policy > + > search. > + @param[in,out] VariableLockPolicyVariableNameBufferSize On input, > the size, in bytes, of the > + > VariableLockPolicyVariableName buffer. > + > + > On output, the size, in bytes, needed to store the variable > + > policy variable name. > + > + If > testing for the VariableLockPolicyVariableName buffer > + > size needed, set this value to zero so EFI_BUFFER_TOO_SMALL > + is > guaranteed to be returned if the variable policy variable > + > name is found. > + @param[out] VariablePolicy > Pointer to a buffer where the policy entry will be written > + if > found. > + @param[out] VariableLockPolicyVariableName > Pointer to a buffer where the variable name used for the > + > variable lock on variable state policy will be written if > + a > variable name is registered. > + > + If > the lock on variable policy is not associated with a > + > variable name (e.g. applied to variable vendor namespace) > + > and this parameter is given, this parameter will not be > + > modified and VariableLockPolicyVariableNameBufferSize will > + > be set to zero to indicate a name was not present. > + > + If > the pointer given is not NULL, > + > VariableLockPolicyVariableNameBufferSize must be non-NULL. > + > + @retval EFI_SUCCESS A Lock on Variable State > variable policy entry was found and returned > + successfully. > + @retval EFI_BAD_BUFFER_SIZE An internal buffer size caused > a calculation error. > + @retval EFI_BUFFER_TOO_SMALL The > VariableLockPolicyVariableName buffer is too small for the size needed. > + The buffer should now point > to the size needed. > + @retval EFI_NOT_READY Variable policy has not yet > been initialized. > + @retval EFI_INVALID_PARAMETER A required pointer argument > passed is NULL. This will be returned if > + > VariableLockPolicyVariableName is non-NULL and > + > VariableLockPolicyVariableNameBufferSize is NULL. > + @retval EFI_NOT_FOUND A Lock on Variable State > variable policy was not found for the given UEFI > + variable name and vendor > GUID. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *GET_LOCK_ON_VARIABLE_STATE_VARIABLE_POLICY_INFO)( > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + IN OUT UINTN > *VariableLockPolicyVariableNameBufferSize OPTIONAL, > + OUT VARIABLE_LOCK_ON_VAR_STATE_POLICY *VariablePolicy, > + OUT CHAR16 > *VariableLockPolicyVariableName OPTIONAL > + ); > + > typedef struct { > - UINT64 Revision; > - DISABLE_VARIABLE_POLICY DisableVariablePolicy; > - IS_VARIABLE_POLICY_ENABLED IsVariablePolicyEnabled; > - REGISTER_VARIABLE_POLICY RegisterVariablePolicy; > - DUMP_VARIABLE_POLICY DumpVariablePolicy; > - LOCK_VARIABLE_POLICY LockVariablePolicy; > + UINT64 Revision; > + DISABLE_VARIABLE_POLICY > DisableVariablePolicy; > + IS_VARIABLE_POLICY_ENABLED > IsVariablePolicyEnabled; > + REGISTER_VARIABLE_POLICY > RegisterVariablePolicy; > + DUMP_VARIABLE_POLICY > DumpVariablePolicy; > + LOCK_VARIABLE_POLICY > LockVariablePolicy; > + GET_VARIABLE_POLICY_INFO > GetVariablePolicyInfo; > + GET_LOCK_ON_VARIABLE_STATE_VARIABLE_POLICY_INFO > GetLockOnVariableStateVariablePolicyInfo; > } _EDKII_VARIABLE_POLICY_PROTOCOL; >=20 > typedef _EDKII_VARIABLE_POLICY_PROTOCOL > EDKII_VARIABLE_POLICY_PROTOCOL; > diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > index 3fe6043bf631..7048d555f0a9 100644 > --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > @@ -32,6 +32,7 @@ [Packages] >=20 >=20 > [LibraryClasses] > + BaseLib > DebugLib > BaseMemoryLib > MemoryAllocationLib > -- > 2.42.0.windows.2 >=20 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#108841): > https://edk2.groups.io/g/devel/message/108841 > Mute This Topic: https://groups.io/mt/101457410/4905953 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [gaoliming@byosoft.com.cn] > -=3D-=3D-=3D-=3D-=3D-=3D >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109982): https://edk2.groups.io/g/devel/message/109982 Mute This Topic: https://groups.io/mt/102152457/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-