From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.8396.1591167510910836582 for ; Tue, 02 Jun 2020 23:58:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@corthon-com.20150623.gappssmtp.com header.s=20150623 header.b=ZhsuozD7; spf=none, err=permanent DNS error (domain: corthon.com, ip: 209.85.210.169, mailfrom: bret@corthon.com) Received: by mail-pf1-f169.google.com with SMTP id x22so989283pfn.3 for ; Tue, 02 Jun 2020 23:58:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corthon-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3HjtWVlJb1x76Sn1+FoxSixP4+Q0Vzaris6LDBdD+1s=; b=ZhsuozD7J16aWHvQXZDsafMz+4PG7z7sBWc1Tabc530m7B37xJqt0HtzBVgOFYavmd 2FuJlqz+O6fPjDpNEejnA+EK4TmkOCXGmPkcC9OE31RpT0RglNHLR01KkVpq/CqMbot0 mq2V8vuVA9kNZVkAeMjeiN0rVjfyqQegsAMJ1tsOwOiyB8kl5K5E6UBZrCm9HLPTHno+ UHH4Ajemil9PBkiRDw5cgq2hH1yXXeh896aDOK+2CsugflKQ/aRvlmIhGlnBXFv/fKQD pPbG5xfJ+nkoPeIaUPuz16fmElkPK5XT/pA6Q3FmrTY5dBUMFrmuMilHnMBc66njsq2a 96gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3HjtWVlJb1x76Sn1+FoxSixP4+Q0Vzaris6LDBdD+1s=; b=uFKyHZvpotDvPMHF00MEeHLVu75q/6rcax0jbgZxQgB0mhKxPQfVgzwwsMOmFgQwx2 AxgSpvoQHuudkGIIGn5shXz9xneHUgnodusYTJRleh95/0mg+7rd+vdkjed2e33qsYKq /K+mLlpKR5GzbRVxFPXovHkq1/0yqRVvP7c0DojRA6pzRqQaRxuae4Ax6qSDRWJ3au8b nEEyM6Oz0VeCF5EgNu2J6/CiSit0fradbmeOe3p6sXoEgcVSALHZTwWmGtREK44ncI8P R/abu0d5ouqw9t+dOc9Wb4V28+o1/bazyswwaM8SyxxjCvWS6UyepPgjoUIpsHhxhI4i 6oRg== X-Gm-Message-State: AOAM532/chgB0DLk9M9E1VX65UGyN/k3FtHui+V+yqKcoCN06yIFKOhQ 0eYxhaufk3l1CV/UiFj+XNnCKOpjEAQ= X-Google-Smtp-Source: ABdhPJzh5NKeLoKUv4thezqWGw/E/jXEgFsSfj/ux3EIdpLQ1Ekd3lbbaE6e8DHf1vWybdjOqH9M4Q== X-Received: by 2002:a63:f304:: with SMTP id l4mr28204123pgh.235.1591167510185; Tue, 02 Jun 2020 23:58:30 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([71.212.144.72]) by smtp.gmail.com with ESMTPSA id y6sm1262003pjn.37.2020.06.02.23.58.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Jun 2020 23:58:29 -0700 (PDT) From: Bret Barkelew X-Google-Original-From: Bret Barkelew To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao Subject: [PATCH v5 01/14] MdeModulePkg: Define the VariablePolicy protocol interface Date: Tue, 2 Jun 2020 23:57:57 -0700 Message-Id: <20200603065810.806-2-brbarkel@microsoft.com> X-Mailer: git-send-email 2.26.2.windows.1.8.g01c50adf56.20200515075929 In-Reply-To: <20200603065810.806-1-brbarkel@microsoft.com> References: <20200603065810.806-1-brbarkel@microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 VariablePolicy is an updated interface to replace VarLock and VarCheckProtocol. Add the VariablePolicy protocol interface header and add to the MdeModulePkg.dec file. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Bret Barkelew --- MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 14 +- MdeModulePkg/MdeModulePkg.uni | 7 + 3 files changed, 177 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Include/Protocol/VariablePolicy.h b/MdeModulePkg/= Include/Protocol/VariablePolicy.h new file mode 100644 index 000000000000..8226c187a77b --- /dev/null +++ b/MdeModulePkg/Include/Protocol/VariablePolicy.h @@ -0,0 +1,157 @@ +/** @file -- VariablePolicy.h=0D +=0D +This protocol allows communication with Variable Policy Engine.=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#ifndef __EDKII_VARIABLE_POLICY_PROTOCOL__=0D +#define __EDKII_VARIABLE_POLICY_PROTOCOL__=0D +=0D +#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION 0x0000000000010000=0D +=0D +#define EDKII_VARIABLE_POLICY_PROTOCOL_GUID \=0D + { \=0D + 0x81D1675C, 0x86F6, 0x48DF, { 0xBD, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25= , 0xC3 } \=0D + }=0D +=0D +#define VARIABLE_POLICY_ENTRY_REVISION 0x00010000=0D +=0D +#pragma pack(push, 1)=0D +typedef struct {=0D + UINT32 Version;=0D + UINT16 Size;=0D + UINT16 OffsetToName;=0D + EFI_GUID Namespace;=0D + UINT32 MinSize;=0D + UINT32 MaxSize;=0D + UINT32 AttributesMustHave;=0D + UINT32 AttributesCantHave;=0D + UINT8 LockPolicyType;=0D + UINT8 Padding[3];=0D + // UINT8 LockPolicy[]; // Variable Length Field=0D + // CHAR16 Name[] // Variable Length Field=0D +} VARIABLE_POLICY_ENTRY;=0D +=0D +#define VARIABLE_POLICY_NO_MIN_SIZE 0=0D +#define VARIABLE_POLICY_NO_MAX_SIZE MAX_UINT32=0D +#define VARIABLE_POLICY_NO_MUST_ATTR 0=0D +#define VARIABLE_POLICY_NO_CANT_ATTR 0=0D +=0D +#define VARIABLE_POLICY_TYPE_NO_LOCK 0=0D +#define VARIABLE_POLICY_TYPE_LOCK_NOW 1=0D +#define VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2=0D +#define VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3=0D +=0D +typedef struct {=0D + EFI_GUID Namespace;=0D + UINT8 Value;=0D + UINT8 Padding;=0D + // CHAR16 Name[]; // Variable Length Field=0D +} VARIABLE_LOCK_ON_VAR_STATE_POLICY;=0D +#pragma pack(pop)=0D +=0D +/**=0D + This API function disables the variable policy enforcement. If it's=0D + already been called once, will return EFI_ALREADY_STARTED.=0D +=0D + @retval EFI_SUCCESS=0D + @retval EFI_ALREADY_STARTED Has already been called once this boot= .=0D + @retval EFI_WRITE_PROTECTED Interface has been locked until reboot= .=0D + @retval EFI_WRITE_PROTECTED Interface option is disabled by platfo= rm PCD.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *DISABLE_VARIABLE_POLICY)(=0D + VOID=0D + );=0D +=0D +/**=0D + This API function returns whether or not the policy engine is=0D + currently being enforced.=0D +=0D + @param[out] State Pointer to a return value for whether the poli= cy enforcement=0D + is currently enabled.=0D +=0D + @retval EFI_SUCCESS=0D + @retval Others An error has prevented this command from compl= eting.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *IS_VARIABLE_POLICY_ENABLED)(=0D + OUT BOOLEAN *State=0D + );=0D +=0D +/**=0D + This API function validates and registers a new policy with=0D + the policy enforcement engine.=0D +=0D + @param[in] NewPolicy Pointer to the incoming policy structure.=0D +=0D + @retval EFI_SUCCESS=0D + @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally i= nconsistent.=0D + @retval EFI_ALREADY_STARTED An identical matching policy already= exists.=0D + @retval EFI_WRITE_PROTECTED The interface has been locked until = the next reboot.=0D + @retval EFI_ABORTED A calculation error has prevented th= is function from completing.=0D + @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any mo= re policies.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *REGISTER_VARIABLE_POLICY)(=0D + IN CONST VARIABLE_POLICY_ENTRY *PolicyEntry=0D + );=0D +=0D +/**=0D + This API function will dump the entire contents of the variable policy t= able.=0D +=0D + Similar to GetVariable, the first call can be made with a 0 size and it = will return=0D + the size of the buffer required to hold the entire table.=0D +=0D + @param[out] Policy Pointer to the policy buffer. Can be NULL if Siz= e is 0.=0D + @param[in,out] Size On input, the size of the output buffer. On outp= ut, the size=0D + of the data returned.=0D +=0D + @retval EFI_SUCCESS Policy data is in the output buffer = and Size has been updated.=0D + @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero an= d Policy is NULL.=0D + @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy.= Size updated with required size.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *DUMP_VARIABLE_POLICY)(=0D + IN OUT UINT8 *Policy,=0D + IN OUT UINT32 *Size=0D + );=0D +=0D +/**=0D + This API function locks the interface so that no more policy updates=0D + can be performed or changes made to the enforcement until the next boot.= =0D +=0D + @retval EFI_SUCCESS=0D + @retval Others An error has prevented this command from compl= eting.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *LOCK_VARIABLE_POLICY)(=0D + VOID=0D + );=0D +=0D +typedef struct {=0D + UINT64 Revision;=0D + DISABLE_VARIABLE_POLICY DisableVariablePolicy;=0D + IS_VARIABLE_POLICY_ENABLED IsVariablePolicyEnabled;=0D + REGISTER_VARIABLE_POLICY RegisterVariablePolicy;=0D + DUMP_VARIABLE_POLICY DumpVariablePolicy;=0D + LOCK_VARIABLE_POLICY LockVariablePolicy;=0D +} _EDKII_VARIABLE_POLICY_PROTOCOL;=0D +=0D +typedef _EDKII_VARIABLE_POLICY_PROTOCOL EDKII_VARIABLE_POLICY_PROTOCOL;=0D +=0D +extern EFI_GUID gEdkiiVariablePolicyProtocolGuid;=0D +=0D +#endif=0D diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 4f44af694862..2e0461b87c32 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -8,7 +8,7 @@ # Copyright (c) 2016, Linaro Ltd. All rights reserved.
=0D # (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP
= =0D # Copyright (c) 2017, AMD Incorporated. All rights reserved.
=0D -# Copyright (c) 2016, Microsoft Corporation
=0D +# Copyright (c) Microsoft Corporation.
=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D ##=0D @@ -624,6 +624,9 @@ [Protocols] # 0x80000006 | Incorrect error code provided.=0D #=0D =0D + ## Include/Protocol/VariablePolicy.h=0D + gEdkiiVariablePolicyProtocolGuid =3D { 0x81D1675C, 0x86F6, 0x48DF, { 0xB= D, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25, 0xC3 } }=0D +=0D [PcdsFeatureFlag]=0D ## Indicates if the platform can support update capsule across a system = reset.

=0D # TRUE - Supports update capsule across a system reset.
=0D @@ -1129,6 +1132,15 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @Prompt Variable storage size.=0D gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x10000|UINT32|0x300= 00005=0D =0D + ## Toggle for whether the VariablePolicy engine should allow disabling.= =0D + # The engine is enabled at power-on, but the interface allows the platfo= rm to=0D + # disable enforcement for servicing flexibility. If this PCD is disabled= , it will block the ability to=0D + # disable the enforcement and VariablePolicy enforcement will always be = ON.=0D + # TRUE - VariablePolicy can be disabled by request through the interfa= ce (until interface is locked)=0D + # FALSE - VariablePolicy interface will not accept requests to disable= and is ALWAYS ON=0D + # @Prompt Allow VariablePolicy enforcement to be disabled.=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|= FALSE|BOOLEAN|0x30000020=0D +=0D ## FFS filename to find the ACPI tables.=0D # @Prompt FFS name of ACPI tables storage.=0D gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiTableStorageFile|{ 0x25, 0x4e, 0x3= 7, 0x7e, 0x01, 0x8e, 0xee, 0x4f, 0x87, 0xf2, 0x39, 0xc, 0x23, 0xc6, 0x6, 0x= cd }|VOID*|0x30000016=0D diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index 2007e0596c4f..b64e7f351cda 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -129,6 +129,13 @@ =0D #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdVariableStoreSize_HELP #lan= guage en-US "The size of volatile buffer. This buffer is used to store VOLA= TILE attribute variables."=0D =0D +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAllowVariablePolicyEnforceme= ntDisable_PROMPT #language en-US "Allow VariablePolicy enforcement to be d= isabled."=0D +=0D +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAllowVariablePolicyEnforceme= ntDisable_HELP #language en-US "If this PCD is disabled, it will block the= ability to
\n"=0D + = "disable the enforcement and VariablePolicy= enforcement will always be ON.
\n"=0D + = "TRUE - VariablePolicy can be disabled by r= equest through the interface (until interface is locked)
\n"=0D + = "FALSE - VariablePolicy interface will not = accept requests to disable and is ALWAYS ON
\n"=0D +=0D #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiTableStorageFile_PROMPT = #language en-US "FFS name of ACPI tables storage"=0D =0D #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiTableStorageFile_HELP #= language en-US "FFS filename to find the ACPI tables."=0D --=20 2.26.2.windows.1.8.g01c50adf56.20200515075929