From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <afish@apple.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=17.171.2.35; helo=mail-in25.apple.com; envelope-from=afish@apple.com;
 receiver=edk2-devel@lists.01.org 
Received: from mail-in25.apple.com (mail-out25.apple.com [17.171.2.35])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id BACBF209605A5
 for <edk2-devel@lists.01.org>; Tue,  3 Jul 2018 19:45:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s;
 c=relaxed/simple; 
 q=dns/txt; i=@apple.com; t=1530672340; x=2394585940;
 h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=OoutwYcPk5+gQdM6R4SqCVT5s52pUXqpE9tPdecH1uE=;
 b=HVZbTGowLhtSWhc5KvwuDY9HDwslg6/6z1FIKKY+FweVrpKyDKdHsuzpsf8Up2Zc
 bKMzLkfm46KwKHTECUjmg2Tb0JDC32mBt6KU8JTXOP3CIPl8X52EMlFAvEOPF39d
 nlf7PRuCfBdGGXMpDQu41iwW6cvGyyfIV3hc7H5JaY+CBtTdlI39iPh+MY6xFwxS
 4Eo3N/nOHEFeQjSdLtkIAkqTYwrxPFWHOUJSNZySktssG7zwtp/LUdi7cE/mQaeE
 inflHNUUHRAzMncsNt9SrApcJRmqe33nUGTBUTeYF9sHVD5CIYn+AJJEY9xqsmC2
 UtoDUcrWowjh/45KTzmTnA==;
X-AuditID: 11ab0219-a862c9e000004c1b-9c-5b3c34d4dc89
Received: from ma1-mtap-s02.corp.apple.com (ma1-mtap-s02.corp.apple.com
 [17.40.76.6])
 (using TLS with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mail-in25.apple.com (Apple Secure Mail Relay) with SMTP id
 0B.A8.19483.4D43C3B5; Tue,  3 Jul 2018 19:45:40 -0700 (PDT)
MIME-version: 1.0
Received: from ma1-mmpp-sz11.apple.com
 (ma1-mmpp-sz11.apple.com [17.171.128.33]) by ma1-mtap-s02.corp.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) with ESMTPS id <0PBB008JCMC4OSB0@ma1-mtap-s02.corp.apple.com>; Tue,
 03 Jul 2018 19:45:40 -0700 (PDT)
Received: from process_viserion-daemon.ma1-mmpp-sz11.apple.com by
 ma1-mmpp-sz11.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) id <0PBB00300M5VRK00@ma1-mmpp-sz11.apple.com>; Tue,
 03 Jul 2018 19:45:40 -0700 (PDT)
X-Va-A: 
X-Va-T-CD: dd282ff7d952fc2de1a53d5eefa4730d
X-Va-E-CD: cdd40f8647e23d4ec844849bf330fa88
X-Va-R-CD: 4e142f17f806bc62b219d8661f5a7e99
X-Va-CD: 0
X-Va-ID: 8403955c-fabf-41b3-8c5e-6e1d399c4018
X-V-A: 
X-V-T-CD: 1cfa4e18465d030421cce2ab0a06f370
X-V-E-CD: cdd40f8647e23d4ec844849bf330fa88
X-V-R-CD: 4e142f17f806bc62b219d8661f5a7e99
X-V-CD: 0
X-V-ID: 1a190e21-a89c-4edd-b840-9003bf7beebb
Received: from process_milters-daemon.ma1-mmpp-sz11.apple.com by
 ma1-mmpp-sz11.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) id <0PBB00300M3P3Y00@ma1-mmpp-sz11.apple.com>; Tue,
 03 Jul 2018 19:45:40 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,,
 definitions=2018-07-04_01:,, signatures=0
X-Proofpoint-Scanner-Instance: ma-grpmailp-qapp24.corp.apple.com-10000_instance1
Received: from [17.234.159.180] (unknown [17.234.159.180])
 by ma1-mmpp-sz11.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) with ESMTPSA id <0PBB002X0MC1VS50@ma1-mmpp-sz11.apple.com>; Tue,
 03 Jul 2018 19:45:40 -0700 (PDT)
Sender: afish@apple.com
From: Andrew Fish <afish@apple.com>
Message-id: <0FFE09D7-C88E-4044-859F-912F9AC7DB43@apple.com>
Date: Tue, 03 Jul 2018 19:45:36 -0700
In-reply-to: <CABH5-svH=_60aXSerP1fYtjhHg=yEZsuB04R7kyzM5vZDXRK0w@mail.gmail.com>
Cc: edk2-devel@lists.01.org
To: Toan Le manh <lemanhtoantb@gmail.com>
References: <CABH5-suSEhxKcXpFDrZw9zn_XDEcOYnC8gr1++M3pM_J5qvSRQ@mail.gmail.com>
 <43294E30-F00E-4608-B117-429A25B93371@apple.com>
 <CABH5-svH=_60aXSerP1fYtjhHg=yEZsuB04R7kyzM5vZDXRK0w@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPIsWRmVeSWpSXmKPExsUiqOHDpnvFxCba4PJWQ4s9h44yW0xfeIHZ
 gclj56y77B7ds/+xBDBFcdmkpOZklqUW6dslcGX0fXzLWPB4NXNFz+4LbA2Md38zdTFyckgI
 mEj0z33H2MXIxSEksJ9J4t3UfhaQBK+AoMSPyffAbGaBMIn2TVeYIIo2MEmcXv0FqqOLSaJh
 8wo2iFHsEn9+7QDq4ACytSU+/jaGCGtLHFl4khHGvn3mLlQ5l8SCradZIWxdif0310HZbBLr
 TyyBuk5LYuGqzcww9r2bixhh7FOPZ7JD2JwS579MhLJ1JHZPmQ5mCwl0Mkl8myENEc+WuPvl
 BNT8AIkFHY+g7p/MJHFt6Qewg4QFxCXendkEtoxNQFlixfwP7JCQsJF4++03K0SNhUTrozaw
 41gEVCVWvW4GhxCnQLDE5+2f2CGhJS3xcOJxsHoRAU2JN4s62CGWnWGUOHdmHwvEFUoS/3cd
 YZ7AqDALKbRnIYU2hK0l8f1RK1CcA8iWlzh4XhYirCnx7N4ndghbW+LJuwusCxjZVjEK5yZm
 5uhm5hmZ6iUWFOSk6iXn525iBKWY1UySOxi/vjY8xCjAwajEw8tQYR0txJpYVlyZe4hRmoNF
 SZz34y6xaCGB9MSS1OzU1ILUovii0pzU4kOMTBycUg2MrnJZWkLz9zsJ1SxSTTscEJ1RcZm3
 VrZgp/SuZcob1hnZlb26KbwnUCLVU4b3y2nF3n1rlwcEPO20q8vv+cVQV1mXn6LCvcNCf9rf
 bzOMHF9WROauly9pNY5dN0kmNmfmZwnLT35XjNMkr/X2vKsX5Gb/dOL4IuXTty0/TOnSjZlZ
 e/Z58CclluKMREMt5qLiRADyMT4ZEgMAAA==
X-Content-Filtered-By: Mailman/MimeDel 2.1.26
Subject: Re: gRT->SetVariable ACCESS DENIED error
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 02:45:42 -0000
Content-Type: text/plain; CHARSET=US-ASCII
Content-Transfer-Encoding: 7BIT

Toan,

gEfiGlobalVariableGuid means it is defined in section 3.3, Globally Defined Variables, in the UEFI Spec:
Identifies the level of hardware error record persistence support implemented by the platform. This variable is only modified by firmware and is read-only to the OS.

As you see it is defined as read only, so it is a special variable. Lets search the UDK2018 for it and look for it being special cased....

/Volumes/Case/UDK2018(vUDK2018)>git grep EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME -- *.h
MdePkg/Include/Guid/GlobalVariable.h:121:#define EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME        L"HwErrRecSupport"
/Volumes/Case/UDK2018(vUDK2018)>git grep EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME -- *.c
MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLibNullClass.c:407:    EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
MdeModulePkg/Universal/BdsDxe/BdsEntry.c:48:  EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
/Volumes/Case/UDK2018(vUDK2018)>git grep 'L"HwErrRecSupport"' -- *.c
IntelFrameworkModulePkg/Universal/BdsDxe/BdsEntry.c:48:  L"HwErrRecSupport",
IntelFrameworkModulePkg/Universal/BdsDxe/HwErrRecSupport.c:37:    // define same behavior between no value or 0 value for L"HwErrRecSupport".
IntelFrameworkModulePkg/Universal/BdsDxe/HwErrRecSupport.c:40:                    L"HwErrRecSupport",
MdeModulePkg/Universal/BdsDxe/HwErrRecSupport.c:37:    // define same behavior between no value or 0 value for L"HwErrRecSupport".
MdeModulePkg/Universal/BdsDxe/HwErrRecSupport.c:40:                    L"HwErrRecSupport",

Yep looks like some locking happens in the BDS, so maybe you are writing after the lock event?

https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/BdsDxe/BdsEntry.c#L44

///
/// The read-only variables defined in UEFI Spec.
///
CHAR16  *mReadOnlyVariables[] = {
  EFI_PLATFORM_LANG_CODES_VARIABLE_NAME,
  EFI_LANG_CODES_VARIABLE_NAME,
  EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME,
  EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
  EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME
  };


https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/BdsDxe/BdsEntry.c#L754



  //
  // Mark the read-only variables if the Variable Lock protocol exists
  //
  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock);
  DEBUG ((EFI_D_INFO, "[BdsDxe] Locate Variable Lock protocol - %r\n", Status));
  if (!EFI_ERROR (Status)) {
    for (Index = 0; Index < ARRAY_SIZE (mReadOnlyVariables); Index++) {
      Status = VariableLock->RequestToLock (VariableLock, mReadOnlyVariables[Index], &gEfiGlobalVariableGuid);
      ASSERT_EFI_ERROR (Status);
    }
  }


Maybe you missed it due the mixing of the #define and the architectural name from the UEFI Spec?

Thanks,

Andrew Fish

PS 
<Grumpy Old Man>
I really hate when folks take the architecturally defined strings in the gEfiGlobalVariableGuid name space and obfuscate them with #defines. Especially when it is not done in a non-consistent way. The #define solves nothing, and obfuscates reading the code. In general in the edk2 we follow the type system in the UEFI spec, and there is is only the Unicode string for variables, not a #define value. 

Lets be real if the UEFI spec ever changed the  L"HwErrRecSupport" it would have to be tied to spec version, so all the places that used that variable would need the spec revision check and the #define is still just obfuscation and the code is not constructed with a version check. 
</Grumpy Old Man>

> On Jul 3, 2018, at 6:21 PM, Toan Le manh <lemanhtoantb@gmail.com> wrote:
> 
> Hi Andrew,
> 
> I'm trying to set some variables to NVRAM at the beginning of BDS phase.
> For example, this function returned EFI_ACCESS_DENIED
>    Status = gRT->SetVariable (
>                    L"HwErrRecSupport",
>                    &gEfiGlobalVariableGuid,
>                    EFI_VARIABLE_BOOTSERVICE_ACCESS |
> EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
>                    sizeof (UINT16),
>                    &HardwareErrorRecordLevel
>                    );
> 
> Thanks & BRs,
> Toan