From: "Bret Barkelew" <bret@corthon.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Hao A Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>
Subject: [PATCH v6 03/14] MdeModulePkg: Define the VariablePolicyHelperLib
Date: Mon, 22 Jun 2020 23:40:53 -0700 [thread overview]
Message-ID: <20200623064104.1908-4-brbarkel@microsoft.com> (raw)
In-Reply-To: <20200623064104.1908-1-brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.
Add the VariablePolicyHelperLib library, containing
several functions to help with the repetitive process
of creating a correctly structured and packed
VariablePolicy entry.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
---
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c | 396 ++++++++++++++++++++
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h | 164 ++++++++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf | 35 ++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni | 12 +
MdeModulePkg/MdeModulePkg.dec | 5 +
MdeModulePkg/MdeModulePkg.dsc | 2 +
6 files changed, 614 insertions(+)
diff --git a/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
new file mode 100644
index 000000000000..0c9299c8b0e1
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
@@ -0,0 +1,396 @@
+/** @file -- VariablePolicyHelperLib.c
+This library contains helper functions for marshalling and registering
+new policies with the VariablePolicy infrastructure.
+
+This library is currently written against VariablePolicy revision 0x00010000.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/VariablePolicy.h>
+
+/**
+ This internal helper function populates the header structure,
+ all common fields, and takes care of fix-ups.
+
+ NOTE: Only use this internally. Assumes correctly-sized buffers.
+
+ @param[out] EntPtr Pointer to the buffer to be populated.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+
+**/
+STATIC
+VOID
+PopulateCommonData (
+ OUT VARIABLE_POLICY_ENTRY *EntPtr,
+ IN CONST EFI_GUID *Namespace,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType
+ )
+{
+ EntPtr->Version = VARIABLE_POLICY_ENTRY_REVISION;
+ CopyGuid( &EntPtr->Namespace, Namespace );
+ EntPtr->MinSize = MinSize;
+ EntPtr->MaxSize = MaxSize;
+ EntPtr->AttributesMustHave = AttributesMustHave;
+ EntPtr->AttributesCantHave = AttributesCantHave;
+ EntPtr->LockPolicyType = LockPolicyType;
+
+ // NOTE: As a heler, fix up MaxSize for compatibility with the old model.
+ if (EntPtr->MaxSize == 0) {
+ EntPtr->MaxSize = VARIABLE_POLICY_NO_MAX_SIZE;
+ }
+
+ return;
+}
+
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy that does not contain any sub-structures (such as
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY).
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace is NULL.
+ @retval EFI_INVALID_PARAMETER LockPolicyType is invalid for a basic structure.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateBasicVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ )
+{
+ UINTN TotalSize;
+ UINTN NameSize;
+ VARIABLE_POLICY_ENTRY *EntPtr;
+ CHAR16 *CopyName;
+
+ // Check some initial invalid parameters for this function.
+ if (Namespace == NULL || NewEntry == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ if (LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK &&
+ LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW &&
+ LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Now we've gotta determine the total size of the buffer required for
+ // the VariablePolicy structure.
+ TotalSize = sizeof( VARIABLE_POLICY_ENTRY );
+ if (Name != NULL) {
+ NameSize = StrnSizeS( Name, MAX_UINT16 );
+ TotalSize += NameSize;
+ }
+ // Make sure the size fits within a VARIABLE_POLICY_ENTRY.Size.
+ ASSERT( TotalSize <= MAX_UINT16 );
+ if (TotalSize > MAX_UINT16) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ // Allocate a buffer to hold all the data. We're on the home stretch.
+ *NewEntry = AllocatePool( TotalSize );
+ if (*NewEntry == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ // If we're still here, we're basically done.
+ // Copy the data and GET... OUT....
+ EntPtr = *NewEntry;
+ PopulateCommonData ( EntPtr,
+ Namespace,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ LockPolicyType );
+ EntPtr->Size = (UINT16)TotalSize; // This is safe because we've already checked.
+ EntPtr->OffsetToName = sizeof(VARIABLE_POLICY_ENTRY);
+ if (Name != NULL) {
+ CopyName = (CHAR16*)((UINT8*)EntPtr + EntPtr->OffsetToName);
+ CopyMem( CopyName, Name, NameSize );
+ }
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy with a lock type of VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE.
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace, VarStateNamespace, VarStateName is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateVarStateVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN UINT8 VarStateValue,
+ IN CONST CHAR16 *VarStateName,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ )
+{
+ UINTN TotalSize;
+ UINTN NameSize;
+ UINTN VarStateNameSize;
+ VARIABLE_POLICY_ENTRY *EntPtr;
+ CHAR16 *CopyName;
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY *CopyPolicy;
+
+ // Check some initial invalid parameters for this function.
+ if (Namespace == NULL || VarStateNamespace == NULL ||
+ VarStateName == NULL || NewEntry == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Now we've gotta determine the total size of the buffer required for
+ // the VariablePolicy structure.
+ VarStateNameSize = StrnSizeS( VarStateName, MAX_UINT16 );
+ TotalSize = sizeof( VARIABLE_POLICY_ENTRY ) +
+ sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY) +
+ VarStateNameSize;
+ if (Name != NULL) {
+ NameSize = StrnSizeS( Name, MAX_UINT16 );
+ TotalSize += NameSize;
+ }
+ // Make sure the size fits within a VARIABLE_POLICY_ENTRY.Size.
+ ASSERT( TotalSize <= MAX_UINT16 );
+ if (TotalSize > MAX_UINT16) {
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ // Allocate a buffer to hold all the data. We're on the home stretch.
+ *NewEntry = AllocatePool( TotalSize );
+ if (*NewEntry == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ // If we're still here, we're basically done.
+ // Copy the data and GET... OUT....
+ EntPtr = *NewEntry;
+ PopulateCommonData ( EntPtr,
+ Namespace,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE );
+ EntPtr->Size = (UINT16)TotalSize; // This is safe because we've already checked.
+ EntPtr->OffsetToName = sizeof(VARIABLE_POLICY_ENTRY) +
+ sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY) +
+ (UINT16)VarStateNameSize;
+
+ CopyPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY*)((UINT8*)EntPtr + sizeof(VARIABLE_POLICY_ENTRY));
+ CopyName = (CHAR16*)((UINT8*)CopyPolicy + sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY));
+ CopyGuid( &CopyPolicy->Namespace, VarStateNamespace );
+ CopyPolicy->Value = VarStateValue;
+ CopyMem( CopyName, VarStateName, VarStateNameSize );
+
+ if (Name != NULL) {
+ CopyName = (CHAR16*)((UINT8*)EntPtr + EntPtr->OffsetToName);
+ CopyMem( CopyName, Name, NameSize );
+ }
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterBasicVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType
+ )
+{
+ VARIABLE_POLICY_ENTRY *NewEntry;
+ EFI_STATUS Status;
+
+ // Check the simple things.
+ if (VariablePolicy == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Create the new entry and make sure that everything worked.
+ NewEntry = NULL;
+ Status = CreateBasicVariablePolicy( Namespace,
+ Name,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ LockPolicyType,
+ &NewEntry );
+
+ // If that was successful, attempt to register the new policy.
+ if (!EFI_ERROR( Status )) {
+ Status = VariablePolicy->RegisterVariablePolicy( NewEntry );
+ }
+
+ // If we allocated the buffer, free the buffer.
+ if (NewEntry != NULL) {
+ FreePool( NewEntry );
+ }
+
+ return Status;
+}
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterVarStateVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN CONST CHAR16 *VarStateName,
+ IN UINT8 VarStateValue
+ )
+{
+ VARIABLE_POLICY_ENTRY *NewEntry;
+ EFI_STATUS Status;
+
+ // Check the simple things.
+ if (VariablePolicy == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ // Create the new entry and make sure that everything worked.
+ NewEntry = NULL;
+ Status = CreateVarStateVariablePolicy( Namespace,
+ Name,
+ MinSize,
+ MaxSize,
+ AttributesMustHave,
+ AttributesCantHave,
+ VarStateNamespace,
+ VarStateValue,
+ VarStateName,
+ &NewEntry );
+
+ // If that was successful, attempt to register the new policy.
+ if (!EFI_ERROR( Status )) {
+ Status = VariablePolicy->RegisterVariablePolicy( NewEntry );
+ }
+
+ // If we allocated the buffer, free the buffer.
+ if (NewEntry != NULL) {
+ FreePool( NewEntry );
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Include/Library/VariablePolicyHelperLib.h b/MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
new file mode 100644
index 000000000000..3b75e9786094
--- /dev/null
+++ b/MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
@@ -0,0 +1,164 @@
+/** @file -- VariablePolicyHelperLib.h
+This library contains helper functions for marshalling and registering
+new policies with the VariablePolicy infrastructure.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _EDKII_VARIABLE_POLICY_HELPER_LIB_H_
+#define _EDKII_VARIABLE_POLICY_HELPER_LIB_H_
+
+#include <Protocol/VariablePolicy.h>
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy that does not contain any sub-structures (such as
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY).
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace is NULL.
+ @retval EFI_INVALID_PARAMETER LockPolicyType is invalid for a basic structure.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateBasicVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ );
+
+
+/**
+ This helper function will allocate and populate a new VariablePolicy
+ structure for a policy with a lock type of VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE.
+
+ NOTE: Caller will need to free structure once finished.
+
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[out] NewEntry If successful, will be set to a pointer to the allocated buffer containing the
+ new policy.
+
+ @retval EFI_SUCCESS Operation completed successfully and structure is populated.
+ @retval EFI_INVALID_PARAMETER Namespace, VarStateNamespace, VarStateName is NULL.
+ @retval EFI_BUFFER_TOO_SMALL Finished structure would not fit in UINT16 size.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate sufficient space for structure.
+
+**/
+EFI_STATUS
+EFIAPI
+CreateVarStateVariablePolicy (
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN UINT8 VarStateValue,
+ IN CONST CHAR16 *VarStateName,
+ OUT VARIABLE_POLICY_ENTRY **NewEntry
+ );
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] LockPolicyType LockPolicyType for the VariablePolicy.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterBasicVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN UINT8 LockPolicyType
+ );
+
+
+/**
+ This helper function does everything that CreateBasicVariablePolicy() does, but also
+ uses the passed in protocol to register the policy with the infrastructure.
+ Does not return a buffer, does not require the caller to free anything.
+
+ @param[in] VariablePolicy Pointer to a valid instance of the VariablePolicy protocol.
+ @param[in] Namespace Pointer to an EFI_GUID for the target variable namespace that this policy will protect.
+ @param[in] Name [Optional] If provided, a pointer to the CHAR16 array for the target variable name.
+ Otherwise, will create a policy that targets an entire namespace.
+ @param[in] MinSize MinSize for the VariablePolicy.
+ @param[in] MaxSize MaxSize for the VariablePolicy.
+ @param[in] AttributesMustHave AttributesMustHave for the VariablePolicy.
+ @param[in] AttributesCantHave AttributesCantHave for the VariablePolicy.
+ @param[in] VarStateNamespace Pointer to the EFI_GUID for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Namespace.
+ @param[in] VarStateName Pointer to the CHAR16 array for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Name.
+ @param[in] VarStateValue Value for the VARIABLE_LOCK_ON_VAR_STATE_POLICY.Value.
+
+ @retval EFI_INVALID_PARAMETER VariablePolicy pointer is NULL.
+ @retval EFI_STATUS Status returned by CreateBasicVariablePolicy() or RegisterVariablePolicy().
+
+**/
+EFI_STATUS
+EFIAPI
+RegisterVarStateVariablePolicy (
+ IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
+ IN CONST EFI_GUID *Namespace,
+ IN CONST CHAR16 *Name OPTIONAL,
+ IN UINT32 MinSize,
+ IN UINT32 MaxSize,
+ IN UINT32 AttributesMustHave,
+ IN UINT32 AttributesCantHave,
+ IN CONST EFI_GUID *VarStateNamespace,
+ IN CONST CHAR16 *VarStateName,
+ IN UINT8 VarStateValue
+ );
+
+#endif // _EDKII_VARIABLE_POLICY_HELPER_LIB_H_
diff --git a/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
new file mode 100644
index 000000000000..506abf580e94
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
@@ -0,0 +1,35 @@
+## @file VariablePolicyHelperLib.inf
+# This library contains helper functions for marshalling and registering
+# new policies with the VariablePolicy infrastructure.
+#
+# This library is currently written against VariablePolicy revision 0x00010000.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+
+[Defines]
+ INF_VERSION = 0x00010017
+ BASE_NAME = VariablePolicyHelperLib
+ # MODULE_UNI_FILE = VariablePolicyHelperLib.uni
+ FILE_GUID = B3C2206B-FDD1-4AED-8352-FC5EC34C5630
+ VERSION_STRING = 1.0
+ MODULE_TYPE = BASE
+ LIBRARY_CLASS = VariablePolicyHelperLib
+
+
+[Sources]
+ VariablePolicyHelperLib.c
+
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ MemoryAllocationLib
+ BaseMemoryLib
diff --git a/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
new file mode 100644
index 000000000000..39cbf11a4ce9
--- /dev/null
+++ b/MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
@@ -0,0 +1,12 @@
+// /** @file
+// VariablePolicyHelperLib.uni
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Library containing helper functions for marshalling and registering new policies with the VariablePolicy infrastructure"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Library containing helper functions for marshalling and registering new policies with the VariablePolicy infrastructure"
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 0b58c14e4747..b21cd78c8787 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -149,6 +149,11 @@ [LibraryClasses]
#
DisplayUpdateProgressLib|Include/Library/DisplayUpdateProgressLib.h
+ ## @libraryclass This library contains helper functions for marshalling and
+ # registering new policies with the VariablePolicy infrastructure.
+ #
+ VariablePolicyHelperLib|Include/Library/VariablePolicyHelperLib.h
+
[Guids]
## MdeModule package token space guid
# Include/Guid/MdeModulePkgTokenSpace.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 14b6ed536962..37795b9e4f58 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -99,6 +99,7 @@ [LibraryClasses]
BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf
SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
DisplayUpdateProgressLib|MdeModulePkg/Library/DisplayUpdateProgressLibGraphics/DisplayUpdateProgressLibGraphics.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
@@ -225,6 +226,7 @@ [Components]
MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
MdeModulePkg/Library/BaseHobLibNull/BaseHobLibNull.inf
MdeModulePkg/Library/BaseMemoryAllocationLibNull/BaseMemoryAllocationLibNull.inf
+ MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf
MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf
--
2.26.2.windows.1.8.g01c50adf56.20200515075929
next prev parent reply other threads:[~2020-06-23 6:44 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 6:40 [PATCH v6 00/14] Add the VariablePolicy feature bret
2020-06-23 6:40 ` [PATCH v6 01/14] MdeModulePkg: Define the VariablePolicy protocol interface Bret Barkelew
2020-06-23 6:40 ` [PATCH v6 02/14] MdeModulePkg: Define the VariablePolicyLib Bret Barkelew
2020-07-02 2:13 ` [edk2-devel] " Dandan Bi
2020-07-02 7:16 ` Bret Barkelew
2020-06-23 6:40 ` Bret Barkelew [this message]
2020-06-23 6:40 ` [PATCH v6 04/14] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Bret Barkelew
2020-07-02 2:13 ` [edk2-devel] " Dandan Bi
2020-07-02 6:41 ` Bret Barkelew
2020-06-23 6:40 ` [PATCH v6 05/14] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Bret Barkelew
2020-06-23 6:40 ` [PATCH v6 06/14] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Bret Barkelew
2020-06-23 6:40 ` [PATCH v6 07/14] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Bret Barkelew
2020-06-23 6:40 ` [PATCH v6 08/14] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Bret Barkelew
2020-06-23 16:45 ` Ma, Maurice
2020-06-23 6:40 ` [PATCH v6 09/14] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Bret Barkelew
2020-07-02 2:13 ` [edk2-devel] " Dandan Bi
2020-07-02 6:40 ` Bret Barkelew
2020-06-23 6:41 ` [PATCH v6 10/14] MdeModulePkg: Allow VariablePolicy state to delete protected variables Bret Barkelew
2020-06-23 6:41 ` [PATCH v6 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Bret Barkelew
2020-06-23 6:41 ` [PATCH v6 12/14] MdeModulePkg: Change TCG MOR variables to use VariablePolicy Bret Barkelew
2020-06-23 6:41 ` [PATCH v6 13/14] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Bret Barkelew
2020-07-02 2:13 ` [edk2-devel] " Dandan Bi
2020-07-02 6:36 ` Bret Barkelew
2020-06-23 6:41 ` [PATCH v6 14/14] MdeModulePkg: Add a shell-based functional test for VariablePolicy Bret Barkelew
2020-07-02 2:13 ` [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature Dandan Bi
2020-07-02 6:45 ` Bret Barkelew
2020-07-02 6:47 ` Bret Barkelew
2020-07-02 11:06 ` Laszlo Ersek
2020-07-02 18:26 ` [EXTERNAL] " Bret Barkelew
2020-07-29 19:56 ` [EXTERNAL] " Bret Barkelew
2020-07-30 1:36 ` Liming Gao
2020-07-30 1:43 ` Bret Barkelew
[not found] ` <161DCDB779DB4B3C.30988@groups.io>
2020-08-11 13:52 ` Dandan Bi
2020-08-18 5:24 ` Bret Barkelew
[not found] ` <162C456ABCC01019.19371@groups.io>
2020-08-26 6:49 ` Bret Barkelew
[not found] ` <162EBEB1FCE1A80C.27554@groups.io>
2020-09-08 22:20 ` Bret Barkelew
2020-09-09 0:41 ` 回复: " gaoliming
[not found] ` <1632EF0542479E7A.4657@groups.io>
2020-09-11 15:18 ` Bret Barkelew
2020-09-11 16:43 ` Laszlo Ersek
2020-09-14 6:42 ` Wang, Jian J
2020-09-15 20:51 ` Bret Barkelew
2020-09-16 0:54 ` 回复: " gaoliming
2020-09-16 1:05 ` Yao, Jiewen
2020-09-16 1:37 ` 回复: " gaoliming
2020-09-16 1:43 ` Yao, Jiewen
2020-09-16 1:44 ` Bret Barkelew
[not found] ` <16351037402D5209.16285@groups.io>
2020-09-18 6:55 ` Bret Barkelew
[not found] ` <1635CE5BD52DF579.6413@groups.io>
2020-09-22 2:50 ` Bret Barkelew
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623064104.1908-4-brbarkel@microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox