From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=fail (domain: intel.com, ip: <nil>, mailfrom: zhichao.gao@intel.com)
Received: from mga04.intel.com (mga04.intel.com [])
 by groups.io with SMTP; Sun, 21 Jul 2019 21:52:52 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jul 2019 21:52:52 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,293,1559545200"; 
   d="scan'208";a="188527051"
Received: from fieedk001.ccr.corp.intel.com ([10.239.33.119])
  by fmsmga001.fm.intel.com with ESMTP; 21 Jul 2019 21:52:51 -0700
From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: devel@edk2.groups.io
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Hao A Wu <hao.a.wu@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Star Zeng <star.zeng@intel.com>,
	Liming gao <liming.gao@intel.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Michael Turner <Michael.Turner@microsoft.com>
Subject: [PATCH 2/5] MdeModulePkg/SecurityLockAuditDebugLib: Add lib instance
Date: Mon, 22 Jul 2019 12:02:01 +0800
Message-Id: <20190722040204.33108-3-zhichao.gao@intel.com>
X-Mailer: git-send-email 2.21.0.windows.1
In-Reply-To: <20190722040204.33108-1-zhichao.gao@intel.com>
References: <20190722040204.33108-1-zhichao.gao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Bret Barkelew <Bret.Barkelew@microsoft.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2006

Add the instance of SecurityLockAuditLib. This instance
has one interface SecurityLockReportEvent to log hardware
and software security locks info.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
---
 .../SecurityLockAuditDebugLib.c               | 53 +++++++++++++++++++
 .../SecurityLockAuditDebugLib.inf             | 29 ++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c
 create mode 100644 MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf

diff --git a/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c
new file mode 100644
index 0000000000..c1872bc023
--- /dev/null
+++ b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c
@@ -0,0 +1,53 @@
+/** @file
+  This library implements the necessary functions
+  to log hardware and software security locks for post-processing
+
+  Copyright (c) 2018, Microsoft Corporation
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Library/SecurityLockAuditLib.h>
+#include <Library/DebugLib.h>
+
+//
+// Used to look up lock name from LOCK_TYPE enum
+//
+CHAR8* mLockName[] = {
+  "SOFTWARE_LOCK",
+  "HARDWARE_LOCK"
+};
+
+
+/**
+  Function for security Lock event logging and reporting
+
+  @param[in] Module                   GUID of calling module
+  @param[in] Function                 Name of calling function
+  @param[in] LockEventText            Debug message explaining what is locked
+  @param[in] LockType                 Enumerated lock type for differentiation
+
+**/
+VOID
+EFIAPI
+SecurityLockReportEvent (
+  IN GUID           *Module,
+  IN CONST CHAR8    *Function,
+  IN CONST CHAR8    *LockEventText,
+  IN LOCK_TYPE      LockType
+  )
+{
+  UINTN LockTypeIndex;
+  UINTN LockNameCount;
+
+  LockTypeIndex = (UINTN)LockType;
+  LockNameCount = sizeof (mLockName) / sizeof (mLockName[0]);
+
+  if (LockTypeIndex < LockNameCount) {
+    DEBUG ((DEBUG_ERROR, "SecurityLock::LockType: %a, Module: %g, Function: %a, Output: %a\n", mLockName[LockTypeIndex], Module, Function, LockEventText));
+  } else {
+    DEBUG ((DEBUG_ERROR, "SecurityLock::LockType: %d, Module: %g, Function: %a, Output: %a\n", LockType, Module, Function, LockEventText));
+  }
+}
diff --git a/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf
new file mode 100644
index 0000000000..b641016087
--- /dev/null
+++ b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf
@@ -0,0 +1,29 @@
+## @file
+#
+# Library that implements logging and reporting for security locks
+# Using DebugLib
+#
+#
+# Copyright (c) 2018, Microsoft Corporation
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SecurityLockAuditDebugLib
+  FILE_GUID                      = 459d0456-d6be-458e-9cc8-e9b21745f9aa
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = SecurityLockAuditLib
+
+[Sources.common]
+  SecurityLockAuditDebugLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
-- 
2.21.0.windows.1