From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170])
 by mx.groups.io with SMTP id smtpd.web10.6784.1600841403469554657
 for <devel@edk2.groups.io>;
 Tue, 22 Sep 2020 23:10:03 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@corthon-com.20150623.gappssmtp.com header.s=20150623 header.b=OExKgji2;
 spf=none, err=permanent DNS error (domain: corthon.com, ip: 209.85.215.170, mailfrom: bret@corthon.com)
Received: by mail-pg1-f170.google.com with SMTP id y14so3660373pgf.12
        for <devel@edk2.groups.io>; Tue, 22 Sep 2020 23:10:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=corthon-com.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=zuwOxZUgQ7rlywNsYNQfA9pS0c+r0r8VjJn+RWDLIfY=;
        b=OExKgji2UJmtI+AFBvHi++2ejGYSEM3W7pBdJuHdJPtFL//KyZS1wH1VSavcSf0WqM
         Fy5Qklzks4dY8x26YQ7cEW5g+FTnJGBsWKP2sRsj/wxXL/zsr2jsEHnwRDaS18RHt4JV
         WOy546Glu9DOqyDBxMr8H6A7OezNEVxLKwpkXW1ctSZvGnuB1bzd8lp36X5Q4AZOuz4a
         TUEPP1U0wDhQQ9D0T26eEdybs6Aq9CYMDrk7yBV9qYpSVZZVndHg5kJlVLwPg8JSECUN
         XbrEeELJ2+ThbTqo5IIu5o3Mq4ss/GRhPWplgvTgfd2XGbR/qgCzC14z+CwDKAraZq0L
         rj1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=zuwOxZUgQ7rlywNsYNQfA9pS0c+r0r8VjJn+RWDLIfY=;
        b=UuO9BBSEIZkyVar2OeQIXQMWC2aEzHSQg2+QgOWxiA4Z602fIbzL8MkfzTbJ7qhZQG
         AegLlBzufBHcsWZxyKECVeYEJfCq6fmDYS1Jq8HKP7+OvWCZy3CkhzClswJI+josIfek
         V8bcEegvsrOQHeW1RER2mEMN1nOgQ5XxfgR/V/PAMjLhCJoPwM90RQtWjeIQBi7vApPx
         C81EWUPH7Sjbs19iJ2edWjS7fCWmiollcP8/Q8B0mWQ1Kee8vmGTw/zERI3zWflgOWTO
         QbGWbcjXl61ieTkd+zpPlU5Y5YQbdJaBSwdlMYML09iGhD0WE7VhWcySXKvHZRh1y5ZZ
         MzlA==
X-Gm-Message-State: AOAM530AfP6rzDScS8aQx1N5ZZi4VZL5mt4xYuUwAZOGQG8+uMzcyLtc
	t/bqYjBbO1m9+bdVdNLDLJa7ltOr3HW4FepC
X-Google-Smtp-Source: ABdhPJx+c3e3QyT+2YK9rbM9X4QzZdPmyYw/waTSZqfX85o4/DPiucbnYyg8SMUbLCtXo3fGzWtvxA==
X-Received: by 2002:a62:7ad0:0:b029:13e:d13d:a12f with SMTP id v199-20020a627ad00000b029013ed13da12fmr7233688pfc.23.1600841402672;
        Tue, 22 Sep 2020 23:10:02 -0700 (PDT)
Return-Path: <bret@corthon.com>
Received: from localhost.localdomain (174-21-140-128.tukw.qwest.net. [174.21.140.128])
        by smtp.gmail.com with ESMTPSA id x4sm16960498pff.57.2020.09.22.23.10.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Sep 2020 23:10:01 -0700 (PDT)
From: "Bret Barkelew" <bret@corthon.com>
X-Google-Original-From: Bret Barkelew <bret.barkelew@microsoft.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Hao A Wu <hao.a.wu@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	Bret Barkelew <brbarkel@microsoft.com>,
	Dandan Bi <dandan.bi@intel.com>
Subject: [PATCH v8 13/14] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
Date: Tue, 22 Sep 2020 23:07:47 -0700
Message-Id: <20200923060748.3795-14-bret.barkelew@microsoft.com>
X-Mailer: git-send-email 2.28.0.windows.1
In-Reply-To: <20200923060748.3795-1-bret.barkelew@microsoft.com>
References: <20200923060748.3795-1-bret.barkelew@microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Bret Barkelew <brbarkel@microsoft.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522

Now that everything should be moved to
VariablePolicy, drop support for the
deprecated VarLock SMI interface and
associated functions from variable RuntimeDxe.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c                  | 4=
9 +-------------
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 7=
1 ++++++++++++++++++++
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf      |  =
1 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf             |  =
1 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf    |  =
1 +
 5 files changed, 75 insertions(+), 48 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeMod=
ulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
index f15219df5eb8..486d85b022e1 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
@@ -3,60 +3,13 @@
   and variable lock protocol based on VarCheckLib.=0D
 =0D
 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>=0D
+Copyright (c) Microsoft Corporation.=0D
 SPDX-License-Identifier: BSD-2-Clause-Patent=0D
 =0D
 **/=0D
 =0D
 #include "Variable.h"=0D
 =0D
-/**=0D
-  Mark a variable that will become read-only after leaving the DXE phase o=
f execution.=0D
-  Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTO=
COL is allowed.=0D
-=0D
-  @param[in] This          The VARIABLE_LOCK_PROTOCOL instance.=0D
-  @param[in] VariableName  A pointer to the variable name that will be mad=
e read-only subsequently.=0D
-  @param[in] VendorGuid    A pointer to the vendor GUID that will be made =
read-only subsequently.=0D
-=0D
-  @retval EFI_SUCCESS           The variable specified by the VariableName=
 and the VendorGuid was marked=0D
-                                as pending to be read-only.=0D
-  @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.=0D
-                                Or VariableName is an empty string.=0D
-  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE=
NT_GROUP_READY_TO_BOOT has=0D
-                                already been signaled.=0D
-  @retval EFI_OUT_OF_RESOURCES  There is not enough resource to hold the l=
ock request.=0D
-**/=0D
-EFI_STATUS=0D
-EFIAPI=0D
-VariableLockRequestToLock (=0D
-  IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,=0D
-  IN       CHAR16                       *VariableName,=0D
-  IN       EFI_GUID                     *VendorGuid=0D
-  )=0D
-{=0D
-  EFI_STATUS                    Status;=0D
-  VAR_CHECK_VARIABLE_PROPERTY   Property;=0D
-=0D
-  AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab=
leServicesLock);=0D
-=0D
-  Status =3D VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Pr=
operty);=0D
-  if (!EFI_ERROR (Status)) {=0D
-    Property.Property |=3D VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;=0D
-  } else {=0D
-    Property.Revision =3D VAR_CHECK_VARIABLE_PROPERTY_REVISION;=0D
-    Property.Property =3D VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;=0D
-    Property.Attributes =3D 0;=0D
-    Property.MinSize =3D 1;=0D
-    Property.MaxSize =3D MAX_UINTN;=0D
-  }=0D
-  Status =3D VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Pr=
operty);=0D
-=0D
-  DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableN=
ame, Status));=0D
-=0D
-  ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab=
leServicesLock);=0D
-=0D
-  return Status;=0D
-}=0D
-=0D
 /**=0D
   Register SetVariable check handler.=0D
 =0D
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequest=
ToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestTo=
Lock.c
new file mode 100644
index 000000000000..4aa854aaf260
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
@@ -0,0 +1,71 @@
+/** @file -- VariableLockRequestToLock.c=0D
+Temporary location of the RequestToLock shim code while=0D
+projects are moved to VariablePolicy. Should be removed when deprecated.=0D
+=0D
+Copyright (c) Microsoft Corporation.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+=0D
+#include <Protocol/VariableLock.h>=0D
+=0D
+#include <Protocol/VariablePolicy.h>=0D
+#include <Library/VariablePolicyLib.h>=0D
+#include <Library/VariablePolicyHelperLib.h>=0D
+=0D
+=0D
+/**=0D
+  DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.=0D
+  Mark a variable that will become read-only after leaving the DXE phase o=
f execution.=0D
+  Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTO=
COL is allowed.=0D
+=0D
+  @param[in] This          The VARIABLE_LOCK_PROTOCOL instance.=0D
+  @param[in] VariableName  A pointer to the variable name that will be mad=
e read-only subsequently.=0D
+  @param[in] VendorGuid    A pointer to the vendor GUID that will be made =
read-only subsequently.=0D
+=0D
+  @retval EFI_SUCCESS           The variable specified by the VariableName=
 and the VendorGuid was marked=0D
+                                as pending to be read-only.=0D
+  @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.=0D
+                                Or VariableName is an empty string.=0D
+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE=
NT_GROUP_READY_TO_BOOT has=0D
+                                already been signaled.=0D
+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource to hold the l=
ock request.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+VariableLockRequestToLock (=0D
+  IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,=0D
+  IN       CHAR16                       *VariableName,=0D
+  IN       EFI_GUID                     *VendorGuid=0D
+  )=0D
+{=0D
+  EFI_STATUS              Status;=0D
+  VARIABLE_POLICY_ENTRY   *NewPolicy;=0D
+=0D
+  NewPolicy =3D NULL;=0D
+  Status =3D CreateBasicVariablePolicy( VendorGuid,=0D
+                                      VariableName,=0D
+                                      VARIABLE_POLICY_NO_MIN_SIZE,=0D
+                                      VARIABLE_POLICY_NO_MAX_SIZE,=0D
+                                      VARIABLE_POLICY_NO_MUST_ATTR,=0D
+                                      VARIABLE_POLICY_NO_CANT_ATTR,=0D
+                                      VARIABLE_POLICY_TYPE_LOCK_NOW,=0D
+                                      &NewPolicy );=0D
+  if (!EFI_ERROR( Status )) {=0D
+    Status =3D RegisterVariablePolicy( NewPolicy );=0D
+  }=0D
+  if (EFI_ERROR( Status )) {=0D
+    DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTI=
ON__, VariableName, Status ));=0D
+    ASSERT_EFI_ERROR( Status );=0D
+  }=0D
+  if (NewPolicy !=3D NULL) {=0D
+    FreePool( NewPolicy );=0D
+  }=0D
+=0D
+  return Status;=0D
+}=0D
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.=
inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 8debc560e6dc..c9434df631ee 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -49,6 +49,7 @@ [Sources]
   VarCheck.c=0D
   VariableExLib.c=0D
   SpeculationBarrierDxe.c=0D
+  VariableLockRequestToLock.c=0D
 =0D
 [Packages]=0D
   MdePkg/MdePkg.dec=0D
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/M=
deModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index bbc8d2080193..eaa97a01c6e5 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -58,6 +58,7 @@ [Sources]
   VariableExLib.c=0D
   TcgMorLockSmm.c=0D
   SpeculationBarrierSmm.c=0D
+  VariableLockRequestToLock.c=0D
 =0D
 [Packages]=0D
   MdePkg/MdePkg.dec=0D
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneM=
m.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 62f2f9252f43..fada0bf3c57f 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -58,6 +58,7 @@ [Sources]
   VariableExLib.c=0D
   TcgMorLockSmm.c=0D
   SpeculationBarrierSmm.c=0D
+  VariableLockRequestToLock.c=0D
 =0D
 [Packages]=0D
   MdePkg/MdePkg.dec=0D
--=20
2.28.0.windows.1