From: "Bret Barkelew" <bret@corthon.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Hao A Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
Bret Barkelew <brbarkel@microsoft.com>,
Dandan Bi <dandan.bi@intel.com>
Subject: [PATCH v9 13/13] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
Date: Sun, 8 Nov 2020 22:45:22 -0800 [thread overview]
Message-ID: <20201109064522.919-14-bret.barkelew@microsoft.com> (raw)
In-Reply-To: <20201109064522.919-1-bret.barkelew@microsoft.com>
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Now that everything should be moved to
VariablePolicy, drop support for the
deprecated VarLock SMI interface and
associated functions from variable RuntimeDxe.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +-------------
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 71 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 1 +
5 files changed, 75 insertions(+), 48 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
index f15219df5eb8..486d85b022e1 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
@@ -3,60 +3,13 @@
and variable lock protocol based on VarCheckLib.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Variable.h"
-/**
- Mark a variable that will become read-only after leaving the DXE phase of execution.
- Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
-
- @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
- @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
- @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
-
- @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
- as pending to be read-only.
- @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
- Or VariableName is an empty string.
- @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
- already been signaled.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
-**/
-EFI_STATUS
-EFIAPI
-VariableLockRequestToLock (
- IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- EFI_STATUS Status;
- VAR_CHECK_VARIABLE_PROPERTY Property;
-
- AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property);
- if (!EFI_ERROR (Status)) {
- Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- } else {
- Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
- Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- Property.Attributes = 0;
- Property.MinSize = 1;
- Property.MaxSize = MAX_UINTN;
- }
- Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property);
-
- DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status));
-
- ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- return Status;
-}
-
/**
Register SetVariable check handler.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
new file mode 100644
index 000000000000..4aa854aaf260
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
@@ -0,0 +1,71 @@
+/** @file -- VariableLockRequestToLock.c
+Temporary location of the RequestToLock shim code while
+projects are moved to VariablePolicy. Should be removed when deprecated.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+#include <Library/VariablePolicyHelperLib.h>
+
+
+/**
+ DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+ Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
+
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
+**/
+EFI_STATUS
+EFIAPI
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *NewPolicy;
+
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy( VendorGuid,
+ VariableName,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy );
+ if (!EFI_ERROR( Status )) {
+ Status = RegisterVariablePolicy( NewPolicy );
+ }
+ if (EFI_ERROR( Status )) {
+ DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status ));
+ ASSERT_EFI_ERROR( Status );
+ }
+ if (NewPolicy != NULL) {
+ FreePool( NewPolicy );
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 8debc560e6dc..c9434df631ee 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -49,6 +49,7 @@ [Sources]
VarCheck.c
VariableExLib.c
SpeculationBarrierDxe.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index bbc8d2080193..eaa97a01c6e5 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -58,6 +58,7 @@ [Sources]
VariableExLib.c
TcgMorLockSmm.c
SpeculationBarrierSmm.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 62f2f9252f43..fada0bf3c57f 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -58,6 +58,7 @@ [Sources]
VariableExLib.c
TcgMorLockSmm.c
SpeculationBarrierSmm.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
--
2.28.0.windows.1
next prev parent reply other threads:[~2020-11-09 6:46 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-09 6:45 [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 01/13] MdeModulePkg: Define the VariablePolicy protocol interface Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 02/13] MdeModulePkg: Define the VariablePolicyLib Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 03/13] MdeModulePkg: Define the VariablePolicyHelperLib Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 04/13] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 05/13] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 06/13] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 07/13] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 08/13] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 09/13] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 10/13] MdeModulePkg: Allow VariablePolicy state to delete protected variables Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 11/13] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Bret Barkelew
2020-11-09 6:45 ` [PATCH v9 12/13] MdeModulePkg: Change TCG MOR variables to use VariablePolicy Bret Barkelew
2020-11-09 6:45 ` Bret Barkelew [this message]
2020-11-11 18:43 ` [PATCH v9 00/13] Add the VariablePolicy feature Bret Barkelew
2020-11-11 22:34 ` [edk2-devel] " Laszlo Ersek
2020-11-12 14:24 ` 回复: " gaoliming
2020-11-12 16:45 ` Bret Barkelew
2020-11-13 1:20 ` Bret Barkelew
2020-11-13 2:05 ` 回复: " gaoliming
2020-11-13 19:59 ` Laszlo Ersek
[not found] ` <1646EF0A6B8F843A.414@groups.io>
2020-11-17 1:00 ` gaoliming
2020-11-19 12:46 ` Ard Biesheuvel
2020-11-19 16:15 ` Bret Barkelew
2020-11-19 16:19 ` Ard Biesheuvel
2020-11-19 16:23 ` [EXTERNAL] " Bret Barkelew
[not found] ` <1648F558ACA0C0F8.8629@groups.io>
2020-11-19 16:26 ` [edk2-devel] " Bret Barkelew
2020-11-19 16:35 ` Ard Biesheuvel
2020-11-20 10:34 ` Laszlo Ersek
2020-11-19 20:02 ` [edk2-devel] " Andrei Warkentin
2020-11-19 20:16 ` Michael Kubacki
2020-11-19 20:41 ` Bret Barkelew
2020-11-20 10:53 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201109064522.919-14-bret.barkelew@microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox