From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web11.3370.1609905050950570740
 for <devel@edk2.groups.io>;
 Tue, 05 Jan 2021 19:50:51 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: michael.d.kinney@intel.com)
IronPort-SDR: JMWtttbfxrsOX3DXeWQRVa2o0SyoaHZtidjr390MOYpXmYdlCjX5vnX4Uqnnp7uBubgu4XMmT1
 xWCdHtSJfsDw==
X-IronPort-AV: E=McAfee;i="6000,8403,9855"; a="164923159"
X-IronPort-AV: E=Sophos;i="5.78,479,1599548400"; 
   d="scan'208";a="164923159"
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jan 2021 19:50:50 -0800
IronPort-SDR: STFW3kUxLBpBa/UBDZGxRbFRxPKwSdys3QddT3ODncoN8QiG+Xod7+gcoFo12d591i+YtxMiET
 Vh+nQ7BsKecg==
X-IronPort-AV: E=Sophos;i="5.78,479,1599548400"; 
   d="scan'208";a="422021060"
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.209.86.254])
  by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jan 2021 19:50:49 -0800
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: devel@edk2.groups.io
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>,
	Hao A Wu <hao.a.wu@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>
Subject: [Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM
Date: Tue,  5 Jan 2021 19:50:43 -0800
Message-Id: <20210106035043.1412-1-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3154

Update VarCheckLibSetVariableCheck() to allow locked variables
to be updated if the RequestSource is VarCheckFromTrusted even
if one or more variable check handlers return EFI_WRITE_PROTECTED.
RequestSource is only set to VarCheckFromTrusted if the request
is through the EFI_SMM_VARAIBLE_PROTOCOL.

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 MdeModulePkg/Library/VarCheckLib/VarCheckLib.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
index 470d782444bf..9596d760e945 100644
--- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
+++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
@@ -1,7 +1,7 @@
 /** @file
   Implementation functions and structures for var check services.
 
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck (
                DataSize,
                Data
                );
+    if (Status == EFI_WRITE_PROTECTED && RequestSource == VarCheckFromTrusted) {
+      //
+      // If RequestSource is trusted, then allow variable to be set even if it
+      // is write protected.
+      //
+      continue;
+    }
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));
       return Status;
-- 
2.29.2.windows.2