From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web09.4837.1634613070382753331 for ; Mon, 18 Oct 2021 20:11:10 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jie.yang@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10141"; a="215337442" X-IronPort-AV: E=Sophos;i="5.85,383,1624345200"; d="scan'208";a="215337442" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Oct 2021 20:11:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,383,1624345200"; d="scan'208";a="444332238" Received: from desktop-yang.ccr.corp.intel.com ([10.239.158.52]) by orsmga003.jf.intel.com with ESMTP; 18 Oct 2021 20:11:07 -0700 From: "Yang Jie" To: devel@edk2.groups.io Cc: gaoliming@byosoft.com.cn, michael.d.kinney@intel.com, guomin.jiang@intel.com, wei6.xu@intel.com, Yang Jie Subject: [edk2-devel][PATCH v2] FmpDevicePkg/FmpDxe: Use new Variable Lock interface Date: Tue, 19 Oct 2021 11:11:04 +0800 Message-Id: <20211019031104.3110-1-jie.yang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3655 The code in FmpDevicePkg call the deprecated interface VariableLockRequestToLockc. So I changed the code in FmpDevicePkg using RegisterBasicVariablePolicy, instead of the deprecated interface.=0D Signed-off-by: Yang Jie Cc: Liming Gao Cc: Michael D Kinney Cc: Guomin Jiang Cc: Wei6 Xu --- FmpDevicePkg/FmpDevicePkg.dsc | 1 + FmpDevicePkg/FmpDxe/FmpDxe.h | 4 +- FmpDevicePkg/FmpDxe/FmpDxe.inf | 5 +- FmpDevicePkg/FmpDxe/VariableSupport.c | 69 +++++++++++++-------------- 4 files changed, 39 insertions(+), 40 deletions(-) diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index b420f52a08..7b1af285dd 100644 --- a/FmpDevicePkg/FmpDevicePkg.dsc +++ b/FmpDevicePkg/FmpDevicePkg.dsc @@ -53,6 +53,7 @@ DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf=0D DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf=0D PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf=0D !ifdef CONTINUOUS_INTEGRATION=0D BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf=0D !else=0D diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/FmpDxe.h index 1177b1828e..4d94a925b6 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.h +++ b/FmpDevicePkg/FmpDxe/FmpDxe.h @@ -4,7 +4,7 @@ information provided through PCDs and libraries.=0D =0D Copyright (c) Microsoft Corporation.
=0D - Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
=0D + Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.
=0D =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D @@ -33,11 +33,11 @@ #include =0D #include =0D #include =0D -#include =0D #include =0D #include =0D #include =0D #include =0D +#include =0D =0D #define VERSION_STRING_NOT_SUPPORTED L"VERSION STRING NOT SUPPORTED"=0D #define VERSION_STRING_NOT_AVAILABLE L"VERSION STRING NOT AVAILABLE"=0D diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf index eeb904a091..1c296388b0 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.inf +++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf @@ -4,7 +4,7 @@ # information provided through PCDs and libraries.=0D #=0D # Copyright (c) 2016, Microsoft Corporation. All rights reserved.
=0D -# Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.
= =0D +# Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.
= =0D #=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D ##=0D @@ -55,14 +55,15 @@ FmpDependencyLib=0D FmpDependencyCheckLib=0D FmpDependencyDeviceLib=0D + VariablePolicyHelperLib=0D =0D [Guids]=0D gEfiEndOfDxeEventGroupGuid=0D =0D [Protocols]=0D - gEdkiiVariableLockProtocolGuid ## CONSUMES=0D gEfiFirmwareManagementProtocolGuid ## PRODUCES=0D gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES=0D + gEdkiiVariablePolicyProtocolGuid ## CONSUMES=0D =0D [Pcd]=0D gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable = ## CONSUMES=0D diff --git a/FmpDevicePkg/FmpDxe/VariableSupport.c b/FmpDevicePkg/FmpDxe/Va= riableSupport.c index 86dd5b203b..c4b72a2ff9 100644 --- a/FmpDevicePkg/FmpDxe/VariableSupport.c +++ b/FmpDevicePkg/FmpDxe/VariableSupport.c @@ -3,7 +3,7 @@ firmware updates.=0D =0D Copyright (c) 2016, Microsoft Corporation. All rights reserved.
=0D - Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.
=0D + Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.
=0D =0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D @@ -729,29 +729,30 @@ SetLastAttemptVersionInVariable ( static=0D EFI_STATUS=0D LockFmpVariable (=0D - IN EFI_STATUS PreviousStatus,=0D - IN EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock,=0D - IN CHAR16 *VariableName=0D + IN EFI_STATUS PreviousStatus,=0D + IN EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,=0D + IN CHAR16 *VariableName=0D )=0D {=0D EFI_STATUS Status;=0D =0D - Status =3D VariableLock->RequestToLock (=0D - VariableLock,=0D - VariableName,=0D - &gEfiCallerIdGuid=0D - );=0D - if (!EFI_ERROR (Status)) {=0D - return PreviousStatus;=0D + // If success, go ahead and set the policies to protect the target varia= bles.=0D + Status =3D RegisterBasicVariablePolicy (VariablePolicy,=0D + &gEfiCallerIdGuid,=0D + VariableName,=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Statu= s =3D %r\n",=0D + mImageIdName,=0D + &gEfiCallerIdGuid,=0D + VariableName,=0D + Status=0D + ));=0D }=0D -=0D - DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Status= =3D %r\n",=0D - mImageIdName,=0D - &gEfiCallerIdGuid,=0D - VariableName,=0D - Status=0D - ));=0D -=0D if (EFI_ERROR (PreviousStatus)) {=0D return PreviousStatus;=0D }=0D @@ -773,26 +774,22 @@ LockAllFmpVariables ( FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private=0D )=0D {=0D - EFI_STATUS Status;=0D - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;=0D -=0D - VariableLock =3D NULL;=0D - Status =3D gBS->LocateProtocol (=0D - &gEdkiiVariableLockProtocolGuid,=0D - NULL,=0D - (VOID **)&VariableLock=0D - );=0D - if (EFI_ERROR (Status) || VariableLock =3D=3D NULL) {=0D - DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to locate Variable Lock Proto= col (%r).\n", mImageIdName, Status));=0D - return EFI_UNSUPPORTED;=0D + EFI_STATUS Status;=0D + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;=0D +=0D + // Locate the VariablePolicy protocol.=0D + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,= (VOID**)&VariablePolicy );=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "FmpDxe %a - Could not locate VariablePolicy prot= ocol! %r\n", __FUNCTION__, Status));=0D + return Status;=0D }=0D =0D Status =3D EFI_SUCCESS;=0D - Status =3D LockFmpVariable (Status, VariableLock, Private->VersionVariab= leName);=0D - Status =3D LockFmpVariable (Status, VariableLock, Private->LsvVariableNa= me);=0D - Status =3D LockFmpVariable (Status, VariableLock, Private->LastAttemptSt= atusVariableName);=0D - Status =3D LockFmpVariable (Status, VariableLock, Private->LastAttemptVe= rsionVariableName);=0D - Status =3D LockFmpVariable (Status, VariableLock, Private->FmpStateVaria= bleName);=0D + Status =3D LockFmpVariable (Status, VariablePolicy, Private->VersionVari= ableName);=0D + Status =3D LockFmpVariable (Status, VariablePolicy, Private->LsvVariable= Name);=0D + Status =3D LockFmpVariable (Status, VariablePolicy, Private->LastAttempt= StatusVariableName);=0D + Status =3D LockFmpVariable (Status, VariablePolicy, Private->LastAttempt= VersionVariableName);=0D + Status =3D LockFmpVariable (Status, VariablePolicy, Private->FmpStateVar= iableName);=0D =0D return Status;=0D }=0D --=20 2.26.2.windows.1