From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.32664.1634536282928084994 for ; Sun, 17 Oct 2021 22:51:23 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: wei6.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10140"; a="228448322" X-IronPort-AV: E=Sophos;i="5.85,381,1624345200"; d="scan'208";a="228448322" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Oct 2021 22:51:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,381,1624345200"; d="scan'208";a="661237199" Received: from shwdeopenpsi174.ccr.corp.intel.com ([10.239.157.25]) by orsmga005.jf.intel.com with ESMTP; 17 Oct 2021 22:51:17 -0700 From: "Xu, Wei6" To: devel@edk2.groups.io Cc: yangjie , Liming Gao , Michael D Kinney , Guomin Jiang Subject: [edk2-devel][PATCH] FmpDevicePkg/FmpDxe: Use new Variable Lock interface Date: Mon, 18 Oct 2021 13:51:10 +0800 Message-Id: <20211018055110.36464-1-wei6.xu@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 From: yangjie REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3655 The code in FmpDevicePkg called the deprecated interface VariableLockRequestToLock. So I changed the code in FmpDevicePkg using RegisterBasicVariablePolicy, instead of the deprecated interface. Signed-off-by: Yang Jie Cc: Liming Gao Cc: Michael D Kinney Cc: Guomin Jiang Cc: Wei6 Xu --- FmpDevicePkg/FmpDevicePkg.dsc | 1 + FmpDevicePkg/FmpDxe/FmpDxe.h | 4 +- FmpDevicePkg/FmpDxe/FmpDxe.inf | 5 ++- FmpDevicePkg/FmpDxe/VariableSupport.c | 65 +++++++++++++-------------- 4 files changed, 37 insertions(+), 38 deletions(-) diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index b420f52a08..7b1af285dd 100644 --- a/FmpDevicePkg/FmpDevicePkg.dsc +++ b/FmpDevicePkg/FmpDevicePkg.dsc @@ -53,6 +53,7 @@ DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf !ifdef CONTINUOUS_INTEGRATION BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf !else diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/FmpDxe.h index 1177b1828e..4d94a925b6 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.h +++ b/FmpDevicePkg/FmpDxe/FmpDxe.h @@ -4,7 +4,7 @@ information provided through PCDs and libraries. Copyright (c) Microsoft Corporation.
- Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -33,11 +33,11 @@ #include #include #include -#include #include #include #include #include +#include #define VERSION_STRING_NOT_SUPPORTED L"VERSION STRING NOT SUPPORTED" #define VERSION_STRING_NOT_AVAILABLE L"VERSION STRING NOT AVAILABLE" diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf index eeb904a091..1c296388b0 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.inf +++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf @@ -4,7 +4,7 @@ # information provided through PCDs and libraries. # # Copyright (c) 2016, Microsoft Corporation. All rights reserved.
-# Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent ## @@ -55,14 +55,15 @@ FmpDependencyLib FmpDependencyCheckLib FmpDependencyDeviceLib + VariablePolicyHelperLib [Guids] gEfiEndOfDxeEventGroupGuid [Protocols] - gEdkiiVariableLockProtocolGuid ## CONSUMES gEfiFirmwareManagementProtocolGuid ## PRODUCES gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES [Pcd] gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ## CONSUMES diff --git a/FmpDevicePkg/FmpDxe/VariableSupport.c b/FmpDevicePkg/FmpDxe/VariableSupport.c index 86dd5b203b..a1bd949b09 100644 --- a/FmpDevicePkg/FmpDxe/VariableSupport.c +++ b/FmpDevicePkg/FmpDxe/VariableSupport.c @@ -3,7 +3,7 @@ firmware updates. Copyright (c) 2016, Microsoft Corporation. All rights reserved.
- Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -730,28 +730,29 @@ static EFI_STATUS LockFmpVariable ( IN EFI_STATUS PreviousStatus, - IN EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock, + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy, IN CHAR16 *VariableName ) { EFI_STATUS Status; - Status = VariableLock->RequestToLock ( - VariableLock, - VariableName, - &gEfiCallerIdGuid - ); - if (!EFI_ERROR (Status)) { - return PreviousStatus; + // If success, go ahead and set the policies to protect the target variables. + Status = RegisterBasicVariablePolicy (VariablePolicy, + &gEfiCallerIdGuid, + VariableName, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Status = %r\n", + mImageIdName, + &gEfiCallerIdGuid, + VariableName, + Status + )); } - - DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Status = %r\n", - mImageIdName, - &gEfiCallerIdGuid, - VariableName, - Status - )); - if (EFI_ERROR (PreviousStatus)) { return PreviousStatus; } @@ -773,26 +774,22 @@ LockAllFmpVariables ( FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private ) { - EFI_STATUS Status; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; - - VariableLock = NULL; - Status = gBS->LocateProtocol ( - &gEdkiiVariableLockProtocolGuid, - NULL, - (VOID **)&VariableLock - ); - if (EFI_ERROR (Status) || VariableLock == NULL) { - DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to locate Variable Lock Protocol (%r).\n", mImageIdName, Status)); - return EFI_UNSUPPORTED; + EFI_STATUS Status; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; + + // Locate the VariablePolicy protocol. + Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "FmpDxe %a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status)); + return Status; } Status = EFI_SUCCESS; - Status = LockFmpVariable (Status, VariableLock, Private->VersionVariableName); - Status = LockFmpVariable (Status, VariableLock, Private->LsvVariableName); - Status = LockFmpVariable (Status, VariableLock, Private->LastAttemptStatusVariableName); - Status = LockFmpVariable (Status, VariableLock, Private->LastAttemptVersionVariableName); - Status = LockFmpVariable (Status, VariableLock, Private->FmpStateVariableName); + Status = LockFmpVariable (Status, VariablePolicy, Private->VersionVariableName); + Status = LockFmpVariable (Status, VariablePolicy, Private->LsvVariableName); + Status = LockFmpVariable (Status, VariablePolicy, Private->LastAttemptStatusVariableName); + Status = LockFmpVariable (Status, VariablePolicy, Private->LastAttemptVersionVariableName); + Status = LockFmpVariable (Status, VariablePolicy, Private->FmpStateVariableName); return Status; } -- 2.26.2.windows.1