From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.152.1610041717014640585 for ; Thu, 07 Jan 2021 09:48:37 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: michael.d.kinney@intel.com) IronPort-SDR: BlC92DFiRN+axacLmEME/o+eQWCt59tWNL7SNe3v6bFIM/XrWPYTOGtS1KOzojtjT6Ktl0Ab9u 3lWoGos1TEWw== X-IronPort-AV: E=McAfee;i="6000,8403,9857"; a="196025324" X-IronPort-AV: E=Sophos;i="5.79,329,1602572400"; d="scan'208";a="196025324" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jan 2021 09:48:35 -0800 IronPort-SDR: 4HdV1jjEsMrrzZEWTc7JuMC7fWQKM6acZmpvfFOkCiwBAnY0xYoX/r/ja0TGDJoabjnRnpttSe Z48PkFodPJAg== X-IronPort-AV: E=Sophos;i="5.79,329,1602572400"; d="scan'208";a="351350803" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.212.212.164]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jan 2021 09:48:35 -0800 From: "Michael D Kinney" To: devel@edk2.groups.io Cc: Bret Barkelew , Hao A Wu , Liming Gao , Bret Barkelew Subject: [stable/202011][Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM Date: Thu, 7 Jan 2021 09:48:26 -0800 Message-Id: <20210107174826.1453-1-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3154 Update VarCheckLibSetVariableCheck() to allow locked variables to be updated if the RequestSource is VarCheckFromTrusted even if one or more variable check handlers return EFI_WRITE_PROTECTED. RequestSource is only set to VarCheckFromTrusted if the request is through the EFI_SMM_VARAIBLE_PROTOCOL. Cc: Bret Barkelew Cc: Hao A Wu Cc: Liming Gao Signed-off-by: Michael D Kinney Reviewed-by: Bret Barkelew Reviewed-by: Hao A Wu (cherry picked from commit 248d08c5983b561549891fec54c213e1f354179c) --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c index 470d782444bf..9596d760e945 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c @@ -1,7 +1,7 @@ /** @file Implementation functions and structures for var check services. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck ( DataSize, Data ); + if (Status == EFI_WRITE_PROTECTED && RequestSource == VarCheckFromTrusted) { + // + // If RequestSource is trusted, then allow variable to be set even if it + // is write protected. + // + continue; + } if (EFI_ERROR (Status)) { DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName)); return Status; -- 2.29.2.windows.2