* [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib @ 2022-12-15 3:02 Wang, Jian J 2022-12-15 3:10 ` Yao, Jiewen 0 siblings, 1 reply; 5+ messages in thread From: Wang, Jian J @ 2022-12-15 3:02 UTC (permalink / raw) To: devel; +Cc: Jiewen Yao, Michael D Kinney, Nishant C Mistry, Judah Vang REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 There's no real usage of these two libraries. They're deprecated. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Cc: Judah Vang <judah.vang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> --- SecurityPkg/Include/Library/RpmcLib.h | 42 ------------ SecurityPkg/Include/Library/VariableKeyLib.h | 59 ----------------- SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 ------------- .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ---------- .../VariableKeyLibNull/VariableKeyLibNull.c | 66 ------------------- .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ---------- SecurityPkg/SecurityPkg.dec | 8 --- SecurityPkg/SecurityPkg.dsc | 4 -- 8 files changed, 291 deletions(-) delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf delete mode 100644 SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c delete mode 100644 SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Library/RpmcLib.h deleted file mode 100644 index df4ba34ba8..0000000000 --- a/SecurityPkg/Include/Library/RpmcLib.h +++ /dev/null @@ -1,42 +0,0 @@ -/** @file - Public definitions for the Replay Protected Monotonic Counter (RPMC) Library. - -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef _RPMC_LIB_H_ -#define _RPMC_LIB_H_ - -#include <Uefi/UefiBaseType.h> - -/** - Requests the monotonic counter from the designated RPMC counter. - - @param[out] CounterValue A pointer to a buffer to store the RPMC value. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -RequestMonotonicCounter ( - OUT UINT32 *CounterValue - ); - -/** - Increments the monotonic counter in the SPI flash device by 1. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -IncrementMonotonicCounter ( - VOID - ); - -#endif diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Include/Library/VariableKeyLib.h deleted file mode 100644 index 561ebad09d..0000000000 --- a/SecurityPkg/Include/Library/VariableKeyLib.h +++ /dev/null @@ -1,59 +0,0 @@ -/** @file - Public definitions for Variable Key Library. - -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef _VARIABLE_KEY_LIB_H_ -#define _VARIABLE_KEY_LIB_H_ - -#include <Uefi/UefiBaseType.h> - -/** - Retrieves the key for integrity and/or confidentiality of variables. - - @param[out] VariableKey A pointer to pointer for the variable key buffer. - @param[in,out] VariableKeySize The size in bytes of the variable key. - - @retval EFI_SUCCESS The variable key was returned. - @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize - ); - -/** - Regenerates the variable key. - - @retval EFI_SUCCESS The variable key was regenerated successfully. - @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -RegenerateVariableKey ( - VOID - ); - -/** - Locks the regenerate key interface. - - @retval EFI_SUCCESS The key interface was locked successfully. - @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration. - @retval Others An error occurred while attempting to lock the key interface. -**/ -EFI_STATUS -EFIAPI -LockVariableKeyInterface ( - VOID - ); - -#endif diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c deleted file mode 100644 index 792e48250e..0000000000 --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c +++ /dev/null @@ -1,46 +0,0 @@ -/** @file - NULL RpmcLib instance for build purpose. - -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include <Library/DebugLib.h> -#include <Library/RpmcLib.h> - -/** - Requests the monotonic counter from the designated RPMC counter. - - @param[out] CounterValue A pointer to a buffer to store the RPMC value. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -RequestMonotonicCounter ( - OUT UINT32 *CounterValue - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} - -/** - Increments the monotonic counter in the SPI flash device by 1. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -IncrementMonotonicCounter ( - VOID - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf deleted file mode 100644 index 500edfa87d..0000000000 --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf +++ /dev/null @@ -1,33 +0,0 @@ -## @file -# Provides Null version of RpmcLib for build purpose. -# -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010029 - BASE_NAME = RpmcLibNull - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 - MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = RpmcLib - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 -# - -[Sources] - RpmcLibNull.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - DebugLib - diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c deleted file mode 100644 index a08def767b..0000000000 --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c +++ /dev/null @@ -1,66 +0,0 @@ -/** @file - Null version of VariableKeyLib for build purpose. Don't use it in real product. - -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> -SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ -#include <Library/DebugLib.h> -#include <Library/VariableKeyLib.h> - -/** - Retrieves the key for integrity and/or confidentiality of variables. - - @param[out] VariableKey A pointer to pointer for the variable key buffer. - @param[in,out] VariableKeySize The size in bytes of the variable key. - - @retval EFI_SUCCESS The variable key was returned. - @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} - -/** - Regenerates the variable key. - - @retval EFI_SUCCESS The variable key was regenerated successfully. - @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -RegenerateVariableKey ( - VOID - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} - -/** - Locks the regenerate key interface. - - @retval EFI_SUCCESS The key interface was locked successfully. - @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration. - @retval Others An error occurred while attempting to lock the key interface. -**/ -EFI_STATUS -EFIAPI -LockVariableKeyInterface ( - VOID - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf deleted file mode 100644 index ea74e38cf9..0000000000 --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf +++ /dev/null @@ -1,33 +0,0 @@ -## @file -# Provides Null version of VariableKeyLib for build only. -# -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> -# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010029 - BASE_NAME = VariableKeyLibNull - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A - MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = VariableKeyLib - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 -# - -[Sources] - VariableKeyLibNull.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - DebugLib - diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 7ecf9565d9..358b3dc543 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -80,14 +80,6 @@ # TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h - ## @libraryclass Provides interfaces to access RPMC device. - # - RpmcLib|Include/Library/RpmcLib.h - - ## @libraryclass Provides interfaces to access variable root key. - # - VariableKeyLib|Include/Library/VariableKeyLib.h - ## @libraryclass Provides interfaces about firmware TPM measurement. # TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 30d911d8a1..2f679c87a9 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -68,8 +68,6 @@ TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf - VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf @@ -264,8 +262,6 @@ # # Variable Confidentiality & Integrity # - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf # -- 2.36.1.windows.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib 2022-12-15 3:02 [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib Wang, Jian J @ 2022-12-15 3:10 ` Yao, Jiewen 2022-12-15 18:27 ` Michael D Kinney 2022-12-21 1:51 ` Judah Vang 0 siblings, 2 replies; 5+ messages in thread From: Yao, Jiewen @ 2022-12-15 3:10 UTC (permalink / raw) To: Wang, Jian J, devel@edk2.groups.io Cc: Kinney, Michael D, Mistry, Nishant C, Vang, Judah Agree. Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> I will wait for 1 work week to see if there is any objection. If anyone has concern, please let us know as soon as possible. Thank you Yao, Jiewen > -----Original Message----- > From: Wang, Jian J <jian.j.wang@intel.com> > Sent: Thursday, December 15, 2022 11:02 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Mistry, Nishant C > <nishant.c.mistry@intel.com>; Vang, Judah <judah.vang@intel.com> > Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 > > There's no real usage of these two libraries. They're deprecated. > > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Nishant C Mistry <nishant.c.mistry@intel.com> > Cc: Judah Vang <judah.vang@intel.com> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > --- > SecurityPkg/Include/Library/RpmcLib.h | 42 ------------ > SecurityPkg/Include/Library/VariableKeyLib.h | 59 ----------------- > SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 ------------- > .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ---------- > .../VariableKeyLibNull/VariableKeyLibNull.c | 66 ------------------- > .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ---------- > SecurityPkg/SecurityPkg.dec | 8 --- > SecurityPkg/SecurityPkg.dsc | 4 -- > 8 files changed, 291 deletions(-) > delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h > delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > delete mode 100644 > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > delete mode 100644 > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > diff --git a/SecurityPkg/Include/Library/RpmcLib.h > b/SecurityPkg/Include/Library/RpmcLib.h > deleted file mode 100644 > index df4ba34ba8..0000000000 > --- a/SecurityPkg/Include/Library/RpmcLib.h > +++ /dev/null > @@ -1,42 +0,0 @@ > -/** @file > > - Public definitions for the Replay Protected Monotonic Counter (RPMC) > Library. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#ifndef _RPMC_LIB_H_ > > -#define _RPMC_LIB_H_ > > - > > -#include <Uefi/UefiBaseType.h> > > - > > -/** > > - Requests the monotonic counter from the designated RPMC counter. > > - > > - @param[out] CounterValue A pointer to a buffer to store the RPMC > value. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RequestMonotonicCounter ( > > - OUT UINT32 *CounterValue > > - ); > > - > > -/** > > - Increments the monotonic counter in the SPI flash device by 1. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -IncrementMonotonicCounter ( > > - VOID > > - ); > > - > > -#endif > > diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h > b/SecurityPkg/Include/Library/VariableKeyLib.h > deleted file mode 100644 > index 561ebad09d..0000000000 > --- a/SecurityPkg/Include/Library/VariableKeyLib.h > +++ /dev/null > @@ -1,59 +0,0 @@ > -/** @file > > - Public definitions for Variable Key Library. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#ifndef _VARIABLE_KEY_LIB_H_ > > -#define _VARIABLE_KEY_LIB_H_ > > - > > -#include <Uefi/UefiBaseType.h> > > - > > -/** > > - Retrieves the key for integrity and/or confidentiality of variables. > > - > > - @param[out] VariableKey A pointer to pointer for the variable key > buffer. > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > - > > - @retval EFI_SUCCESS The variable key was returned. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > get the variable key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED The variable key is not supported in the > current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetVariableKey ( > > - OUT VOID **VariableKey, > > - IN OUT UINTN *VariableKeySize > > - ); > > - > > -/** > > - Regenerates the variable key. > > - > > - @retval EFI_SUCCESS The variable key was regenerated > successfully. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > regenerate the key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED Key regeneration is not supported in > the current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RegenerateVariableKey ( > > - VOID > > - ); > > - > > -/** > > - Locks the regenerate key interface. > > - > > - @retval EFI_SUCCESS The key interface was locked successfully. > > - @retval EFI_UNSUPPORTED Locking the key interface is not > supported in the current boot configuration. > > - @retval Others An error occurred while attempting to lock the > key interface. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -LockVariableKeyInterface ( > > - VOID > > - ); > > - > > -#endif > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > deleted file mode 100644 > index 792e48250e..0000000000 > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > +++ /dev/null > @@ -1,46 +0,0 @@ > -/** @file > > - NULL RpmcLib instance for build purpose. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#include <Library/DebugLib.h> > > -#include <Library/RpmcLib.h> > > - > > -/** > > - Requests the monotonic counter from the designated RPMC counter. > > - > > - @param[out] CounterValue A pointer to a buffer to store the RPMC > value. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RequestMonotonicCounter ( > > - OUT UINT32 *CounterValue > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > - > > -/** > > - Increments the monotonic counter in the SPI flash device by 1. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -IncrementMonotonicCounter ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > deleted file mode 100644 > index 500edfa87d..0000000000 > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > +++ /dev/null > @@ -1,33 +0,0 @@ > -## @file > > -# Provides Null version of RpmcLib for build purpose. > > -# > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -## > > - > > -[Defines] > > - INF_VERSION = 0x00010029 > > - BASE_NAME = RpmcLibNull > > - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 > > - MODULE_TYPE = BASE > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = RpmcLib > > - > > -# > > -# The following information is for reference only and not required by the > build tools. > > -# > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > -# > > - > > -[Sources] > > - RpmcLibNull.c > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - > > -[LibraryClasses] > > - BaseLib > > - DebugLib > > - > > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > deleted file mode 100644 > index a08def767b..0000000000 > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > +++ /dev/null > @@ -1,66 +0,0 @@ > -/** @file > > - Null version of VariableKeyLib for build purpose. Don't use it in real > product. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > -#include <Library/DebugLib.h> > > -#include <Library/VariableKeyLib.h> > > - > > -/** > > - Retrieves the key for integrity and/or confidentiality of variables. > > - > > - @param[out] VariableKey A pointer to pointer for the variable key > buffer. > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > - > > - @retval EFI_SUCCESS The variable key was returned. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > get the variable key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED The variable key is not supported in the > current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetVariableKey ( > > - OUT VOID **VariableKey, > > - IN OUT UINTN *VariableKeySize > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > - > > -/** > > - Regenerates the variable key. > > - > > - @retval EFI_SUCCESS The variable key was regenerated > successfully. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > regenerate the key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED Key regeneration is not supported in > the current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RegenerateVariableKey ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > - > > -/** > > - Locks the regenerate key interface. > > - > > - @retval EFI_SUCCESS The key interface was locked successfully. > > - @retval EFI_UNSUPPORTED Locking the key interface is not > supported in the current boot configuration. > > - @retval Others An error occurred while attempting to lock the > key interface. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -LockVariableKeyInterface ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > deleted file mode 100644 > index ea74e38cf9..0000000000 > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > +++ /dev/null > @@ -1,33 +0,0 @@ > -## @file > > -# Provides Null version of VariableKeyLib for build only. > > -# > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -## > > - > > -[Defines] > > - INF_VERSION = 0x00010029 > > - BASE_NAME = VariableKeyLibNull > > - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A > > - MODULE_TYPE = BASE > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = VariableKeyLib > > - > > -# > > -# The following information is for reference only and not required by the > build tools. > > -# > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > -# > > - > > -[Sources] > > - VariableKeyLibNull.c > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - > > -[LibraryClasses] > > - BaseLib > > - DebugLib > > - > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 7ecf9565d9..358b3dc543 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -80,14 +80,6 @@ > # > > TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h > > > > - ## @libraryclass Provides interfaces to access RPMC device. > > - # > > - RpmcLib|Include/Library/RpmcLib.h > > - > > - ## @libraryclass Provides interfaces to access variable root key. > > - # > > - VariableKeyLib|Include/Library/VariableKeyLib.h > > - > > ## @libraryclass Provides interfaces about firmware TPM measurement. > > # > > TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 30d911d8a1..2f679c87a9 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -68,8 +68,6 @@ > > TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi > b.inf > > > TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi > b.inf > > > ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseReset > SystemLibNull.inf > > - > VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.in > f > > - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventL > ogRecordLib.inf > > > MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnbloc > kMemoryLibNull.inf > > > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo > otVariableLib.inf > > @@ -264,8 +262,6 @@ > # > > # Variable Confidentiality & Integrity > > # > > - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionL > ibVarPolicy.inf > > > > # > > -- > 2.36.1.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib 2022-12-15 3:10 ` Yao, Jiewen @ 2022-12-15 18:27 ` Michael D Kinney 2022-12-21 5:58 ` Yao, Jiewen 2022-12-21 1:51 ` Judah Vang 1 sibling, 1 reply; 5+ messages in thread From: Michael D Kinney @ 2022-12-15 18:27 UTC (permalink / raw) To: Yao, Jiewen, Wang, Jian J, devel@edk2.groups.io, Kinney, Michael D Cc: Mistry, Nishant C, Vang, Judah Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Mike > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Wednesday, December 14, 2022 7:11 PM > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>; Vang, Judah > <judah.vang@intel.com> > Subject: RE: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > Agree. > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> > > I will wait for 1 work week to see if there is any objection. > If anyone has concern, please let us know as soon as possible. > > Thank you > Yao, Jiewen > > > -----Original Message----- > > From: Wang, Jian J <jian.j.wang@intel.com> > > Sent: Thursday, December 15, 2022 11:02 AM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Mistry, Nishant C > > <nishant.c.mistry@intel.com>; Vang, Judah <judah.vang@intel.com> > > Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 > > > > There's no real usage of these two libraries. They're deprecated. > > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Nishant C Mistry <nishant.c.mistry@intel.com> > > Cc: Judah Vang <judah.vang@intel.com> > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > > --- > > SecurityPkg/Include/Library/RpmcLib.h | 42 ------------ > > SecurityPkg/Include/Library/VariableKeyLib.h | 59 ----------------- > > SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 ------------- > > .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ---------- > > .../VariableKeyLibNull/VariableKeyLibNull.c | 66 ------------------- > > .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ---------- > > SecurityPkg/SecurityPkg.dec | 8 --- > > SecurityPkg/SecurityPkg.dsc | 4 -- > > 8 files changed, 291 deletions(-) > > delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h > > delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h > > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > delete mode 100644 > > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > delete mode 100644 > > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > > diff --git a/SecurityPkg/Include/Library/RpmcLib.h > > b/SecurityPkg/Include/Library/RpmcLib.h > > deleted file mode 100644 > > index df4ba34ba8..0000000000 > > --- a/SecurityPkg/Include/Library/RpmcLib.h > > +++ /dev/null > > @@ -1,42 +0,0 @@ > > -/** @file > > > > - Public definitions for the Replay Protected Monotonic Counter (RPMC) > > Library. > > > > - > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#ifndef _RPMC_LIB_H_ > > > > -#define _RPMC_LIB_H_ > > > > - > > > > -#include <Uefi/UefiBaseType.h> > > > > - > > > > -/** > > > > - Requests the monotonic counter from the designated RPMC counter. > > > > - > > > > - @param[out] CounterValue A pointer to a buffer to store the RPMC > > value. > > > > - > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > attempting to update the counter. > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -RequestMonotonicCounter ( > > > > - OUT UINT32 *CounterValue > > > > - ); > > > > - > > > > -/** > > > > - Increments the monotonic counter in the SPI flash device by 1. > > > > - > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > attempting to update the counter. > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -IncrementMonotonicCounter ( > > > > - VOID > > > > - ); > > > > - > > > > -#endif > > > > diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h > > b/SecurityPkg/Include/Library/VariableKeyLib.h > > deleted file mode 100644 > > index 561ebad09d..0000000000 > > --- a/SecurityPkg/Include/Library/VariableKeyLib.h > > +++ /dev/null > > @@ -1,59 +0,0 @@ > > -/** @file > > > > - Public definitions for Variable Key Library. > > > > - > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#ifndef _VARIABLE_KEY_LIB_H_ > > > > -#define _VARIABLE_KEY_LIB_H_ > > > > - > > > > -#include <Uefi/UefiBaseType.h> > > > > - > > > > -/** > > > > - Retrieves the key for integrity and/or confidentiality of variables. > > > > - > > > > - @param[out] VariableKey A pointer to pointer for the variable key > > buffer. > > > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > > > - > > > > - @retval EFI_SUCCESS The variable key was returned. > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > > get the variable key. > > > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > > the key interface. > > > > - @retval EFI_UNSUPPORTED The variable key is not supported in the > > current boot configuration. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -GetVariableKey ( > > > > - OUT VOID **VariableKey, > > > > - IN OUT UINTN *VariableKeySize > > > > - ); > > > > - > > > > -/** > > > > - Regenerates the variable key. > > > > - > > > > - @retval EFI_SUCCESS The variable key was regenerated > > successfully. > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > > regenerate the key. > > > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > > the key interface. > > > > - @retval EFI_UNSUPPORTED Key regeneration is not supported in > > the current boot configuration. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -RegenerateVariableKey ( > > > > - VOID > > > > - ); > > > > - > > > > -/** > > > > - Locks the regenerate key interface. > > > > - > > > > - @retval EFI_SUCCESS The key interface was locked successfully. > > > > - @retval EFI_UNSUPPORTED Locking the key interface is not > > supported in the current boot configuration. > > > > - @retval Others An error occurred while attempting to lock the > > key interface. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -LockVariableKeyInterface ( > > > > - VOID > > > > - ); > > > > - > > > > -#endif > > > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > deleted file mode 100644 > > index 792e48250e..0000000000 > > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > +++ /dev/null > > @@ -1,46 +0,0 @@ > > -/** @file > > > > - NULL RpmcLib instance for build purpose. > > > > - > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#include <Library/DebugLib.h> > > > > -#include <Library/RpmcLib.h> > > > > - > > > > -/** > > > > - Requests the monotonic counter from the designated RPMC counter. > > > > - > > > > - @param[out] CounterValue A pointer to a buffer to store the RPMC > > value. > > > > - > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > attempting to update the counter. > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -RequestMonotonicCounter ( > > > > - OUT UINT32 *CounterValue > > > > - ) > > > > -{ > > > > - ASSERT (FALSE); > > > > - return EFI_UNSUPPORTED; > > > > -} > > > > - > > > > -/** > > > > - Increments the monotonic counter in the SPI flash device by 1. > > > > - > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > attempting to update the counter. > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -IncrementMonotonicCounter ( > > > > - VOID > > > > - ) > > > > -{ > > > > - ASSERT (FALSE); > > > > - return EFI_UNSUPPORTED; > > > > -} > > > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > deleted file mode 100644 > > index 500edfa87d..0000000000 > > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > +++ /dev/null > > @@ -1,33 +0,0 @@ > > -## @file > > > > -# Provides Null version of RpmcLib for build purpose. > > > > -# > > > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > -# > > > > -## > > > > - > > > > -[Defines] > > > > - INF_VERSION = 0x00010029 > > > > - BASE_NAME = RpmcLibNull > > > > - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 > > > > - MODULE_TYPE = BASE > > > > - VERSION_STRING = 1.0 > > > > - LIBRARY_CLASS = RpmcLib > > > > - > > > > -# > > > > -# The following information is for reference only and not required by the > > build tools. > > > > -# > > > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > > > -# > > > > - > > > > -[Sources] > > > > - RpmcLibNull.c > > > > - > > > > -[Packages] > > > > - MdePkg/MdePkg.dec > > > > - SecurityPkg/SecurityPkg.dec > > > > - > > > > -[LibraryClasses] > > > > - BaseLib > > > > - DebugLib > > > > - > > > > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > deleted file mode 100644 > > index a08def767b..0000000000 > > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > +++ /dev/null > > @@ -1,66 +0,0 @@ > > -/** @file > > > > - Null version of VariableKeyLib for build purpose. Don't use it in real > > product. > > > > - > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > -#include <Library/DebugLib.h> > > > > -#include <Library/VariableKeyLib.h> > > > > - > > > > -/** > > > > - Retrieves the key for integrity and/or confidentiality of variables. > > > > - > > > > - @param[out] VariableKey A pointer to pointer for the variable key > > buffer. > > > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > > > - > > > > - @retval EFI_SUCCESS The variable key was returned. > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > > get the variable key. > > > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > > the key interface. > > > > - @retval EFI_UNSUPPORTED The variable key is not supported in the > > current boot configuration. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -GetVariableKey ( > > > > - OUT VOID **VariableKey, > > > > - IN OUT UINTN *VariableKeySize > > > > - ) > > > > -{ > > > > - ASSERT (FALSE); > > > > - return EFI_UNSUPPORTED; > > > > -} > > > > - > > > > -/** > > > > - Regenerates the variable key. > > > > - > > > > - @retval EFI_SUCCESS The variable key was regenerated > > successfully. > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > > regenerate the key. > > > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > > the key interface. > > > > - @retval EFI_UNSUPPORTED Key regeneration is not supported in > > the current boot configuration. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -RegenerateVariableKey ( > > > > - VOID > > > > - ) > > > > -{ > > > > - ASSERT (FALSE); > > > > - return EFI_UNSUPPORTED; > > > > -} > > > > - > > > > -/** > > > > - Locks the regenerate key interface. > > > > - > > > > - @retval EFI_SUCCESS The key interface was locked successfully. > > > > - @retval EFI_UNSUPPORTED Locking the key interface is not > > supported in the current boot configuration. > > > > - @retval Others An error occurred while attempting to lock the > > key interface. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -LockVariableKeyInterface ( > > > > - VOID > > > > - ) > > > > -{ > > > > - ASSERT (FALSE); > > > > - return EFI_UNSUPPORTED; > > > > -} > > > > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > deleted file mode 100644 > > index ea74e38cf9..0000000000 > > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > +++ /dev/null > > @@ -1,33 +0,0 @@ > > -## @file > > > > -# Provides Null version of VariableKeyLib for build only. > > > > -# > > > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > -# > > > > -## > > > > - > > > > -[Defines] > > > > - INF_VERSION = 0x00010029 > > > > - BASE_NAME = VariableKeyLibNull > > > > - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A > > > > - MODULE_TYPE = BASE > > > > - VERSION_STRING = 1.0 > > > > - LIBRARY_CLASS = VariableKeyLib > > > > - > > > > -# > > > > -# The following information is for reference only and not required by the > > build tools. > > > > -# > > > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > > > -# > > > > - > > > > -[Sources] > > > > - VariableKeyLibNull.c > > > > - > > > > -[Packages] > > > > - MdePkg/MdePkg.dec > > > > - SecurityPkg/SecurityPkg.dec > > > > - > > > > -[LibraryClasses] > > > > - BaseLib > > > > - DebugLib > > > > - > > > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > > index 7ecf9565d9..358b3dc543 100644 > > --- a/SecurityPkg/SecurityPkg.dec > > +++ b/SecurityPkg/SecurityPkg.dec > > @@ -80,14 +80,6 @@ > > # > > > > TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h > > > > > > > > - ## @libraryclass Provides interfaces to access RPMC device. > > > > - # > > > > - RpmcLib|Include/Library/RpmcLib.h > > > > - > > > > - ## @libraryclass Provides interfaces to access variable root key. > > > > - # > > > > - VariableKeyLib|Include/Library/VariableKeyLib.h > > > > - > > > > ## @libraryclass Provides interfaces about firmware TPM measurement. > > > > # > > > > TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h > > > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > > index 30d911d8a1..2f679c87a9 100644 > > --- a/SecurityPkg/SecurityPkg.dsc > > +++ b/SecurityPkg/SecurityPkg.dsc > > @@ -68,8 +68,6 @@ > > > > TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi > > b.inf > > > > > > TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi > > b.inf > > > > > > ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseReset > > SystemLibNull.inf > > > > - > > VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.in > > f > > > > - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > > > > TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventL > > ogRecordLib.inf > > > > > > MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnbloc > > kMemoryLibNull.inf > > > > > > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo > > otVariableLib.inf > > > > @@ -264,8 +262,6 @@ > > # > > > > # Variable Confidentiality & Integrity > > > > # > > > > - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > > - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > > > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionL > > ibVarPolicy.inf > > > > > > > > # > > > > -- > > 2.36.1.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib 2022-12-15 18:27 ` Michael D Kinney @ 2022-12-21 5:58 ` Yao, Jiewen 0 siblings, 0 replies; 5+ messages in thread From: Yao, Jiewen @ 2022-12-21 5:58 UTC (permalink / raw) To: Kinney, Michael D, Wang, Jian J, devel@edk2.groups.io Cc: Mistry, Nishant C, Vang, Judah Merged https://github.com/tianocore/edk2/pull/3812 > -----Original Message----- > From: Kinney, Michael D <michael.d.kinney@intel.com> > Sent: Friday, December 16, 2022 2:28 AM > To: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; devel@edk2.groups.io; Kinney, Michael D > <michael.d.kinney@intel.com> > Cc: Mistry, Nishant C <nishant.c.mistry@intel.com>; Vang, Judah > <judah.vang@intel.com> > Subject: RE: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > Acked-by: Michael D Kinney <michael.d.kinney@intel.com> > > Mike > > > -----Original Message----- > > From: Yao, Jiewen <jiewen.yao@intel.com> > > Sent: Wednesday, December 14, 2022 7:11 PM > > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Mistry, Nishant C > <nishant.c.mistry@intel.com>; Vang, Judah > > <judah.vang@intel.com> > > Subject: RE: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > > > Agree. > > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> > > > > I will wait for 1 work week to see if there is any objection. > > If anyone has concern, please let us know as soon as possible. > > > > Thank you > > Yao, Jiewen > > > > > -----Original Message----- > > > From: Wang, Jian J <jian.j.wang@intel.com> > > > Sent: Thursday, December 15, 2022 11:02 AM > > > To: devel@edk2.groups.io > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D > > > <michael.d.kinney@intel.com>; Mistry, Nishant C > > > <nishant.c.mistry@intel.com>; Vang, Judah <judah.vang@intel.com> > > > Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 > > > > > > There's no real usage of these two libraries. They're deprecated. > > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > Cc: Nishant C Mistry <nishant.c.mistry@intel.com> > > > Cc: Judah Vang <judah.vang@intel.com> > > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > > > --- > > > SecurityPkg/Include/Library/RpmcLib.h | 42 ------------ > > > SecurityPkg/Include/Library/VariableKeyLib.h | 59 ----------------- > > > SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 ------------- > > > .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ---------- > > > .../VariableKeyLibNull/VariableKeyLibNull.c | 66 ------------------- > > > .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ---------- > > > SecurityPkg/SecurityPkg.dec | 8 --- > > > SecurityPkg/SecurityPkg.dsc | 4 -- > > > 8 files changed, 291 deletions(-) > > > delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h > > > delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h > > > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > delete mode 100644 > > > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > > delete mode 100644 > > > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > > > > diff --git a/SecurityPkg/Include/Library/RpmcLib.h > > > b/SecurityPkg/Include/Library/RpmcLib.h > > > deleted file mode 100644 > > > index df4ba34ba8..0000000000 > > > --- a/SecurityPkg/Include/Library/RpmcLib.h > > > +++ /dev/null > > > @@ -1,42 +0,0 @@ > > > -/** @file > > > > > > - Public definitions for the Replay Protected Monotonic Counter (RPMC) > > > Library. > > > > > > - > > > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > - > > > > > > -#ifndef _RPMC_LIB_H_ > > > > > > -#define _RPMC_LIB_H_ > > > > > > - > > > > > > -#include <Uefi/UefiBaseType.h> > > > > > > - > > > > > > -/** > > > > > > - Requests the monotonic counter from the designated RPMC counter. > > > > > > - > > > > > > - @param[out] CounterValue A pointer to a buffer to store the > RPMC > > > value. > > > > > > - > > > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > > attempting to update the counter. > > > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -RequestMonotonicCounter ( > > > > > > - OUT UINT32 *CounterValue > > > > > > - ); > > > > > > - > > > > > > -/** > > > > > > - Increments the monotonic counter in the SPI flash device by 1. > > > > > > - > > > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > > attempting to update the counter. > > > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -IncrementMonotonicCounter ( > > > > > > - VOID > > > > > > - ); > > > > > > - > > > > > > -#endif > > > > > > diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h > > > b/SecurityPkg/Include/Library/VariableKeyLib.h > > > deleted file mode 100644 > > > index 561ebad09d..0000000000 > > > --- a/SecurityPkg/Include/Library/VariableKeyLib.h > > > +++ /dev/null > > > @@ -1,59 +0,0 @@ > > > -/** @file > > > > > > - Public definitions for Variable Key Library. > > > > > > - > > > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > - > > > > > > -#ifndef _VARIABLE_KEY_LIB_H_ > > > > > > -#define _VARIABLE_KEY_LIB_H_ > > > > > > - > > > > > > -#include <Uefi/UefiBaseType.h> > > > > > > - > > > > > > -/** > > > > > > - Retrieves the key for integrity and/or confidentiality of variables. > > > > > > - > > > > > > - @param[out] VariableKey A pointer to pointer for the variable > key > > > buffer. > > > > > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > > > > > - > > > > > > - @retval EFI_SUCCESS The variable key was returned. > > > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting > to > > > get the variable key. > > > > > > - @retval EFI_ACCESS_DENIED The function was invoked after > locking > > > the key interface. > > > > > > - @retval EFI_UNSUPPORTED The variable key is not supported in > the > > > current boot configuration. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -GetVariableKey ( > > > > > > - OUT VOID **VariableKey, > > > > > > - IN OUT UINTN *VariableKeySize > > > > > > - ); > > > > > > - > > > > > > -/** > > > > > > - Regenerates the variable key. > > > > > > - > > > > > > - @retval EFI_SUCCESS The variable key was regenerated > > > successfully. > > > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting > to > > > regenerate the key. > > > > > > - @retval EFI_ACCESS_DENIED The function was invoked after > locking > > > the key interface. > > > > > > - @retval EFI_UNSUPPORTED Key regeneration is not supported > in > > > the current boot configuration. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -RegenerateVariableKey ( > > > > > > - VOID > > > > > > - ); > > > > > > - > > > > > > -/** > > > > > > - Locks the regenerate key interface. > > > > > > - > > > > > > - @retval EFI_SUCCESS The key interface was locked > successfully. > > > > > > - @retval EFI_UNSUPPORTED Locking the key interface is not > > > supported in the current boot configuration. > > > > > > - @retval Others An error occurred while attempting to lock > the > > > key interface. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -LockVariableKeyInterface ( > > > > > > - VOID > > > > > > - ); > > > > > > - > > > > > > -#endif > > > > > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > > deleted file mode 100644 > > > index 792e48250e..0000000000 > > > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > > +++ /dev/null > > > @@ -1,46 +0,0 @@ > > > -/** @file > > > > > > - NULL RpmcLib instance for build purpose. > > > > > > - > > > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > - > > > > > > -#include <Library/DebugLib.h> > > > > > > -#include <Library/RpmcLib.h> > > > > > > - > > > > > > -/** > > > > > > - Requests the monotonic counter from the designated RPMC counter. > > > > > > - > > > > > > - @param[out] CounterValue A pointer to a buffer to store the > RPMC > > > value. > > > > > > - > > > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > > attempting to update the counter. > > > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -RequestMonotonicCounter ( > > > > > > - OUT UINT32 *CounterValue > > > > > > - ) > > > > > > -{ > > > > > > - ASSERT (FALSE); > > > > > > - return EFI_UNSUPPORTED; > > > > > > -} > > > > > > - > > > > > > -/** > > > > > > - Increments the monotonic counter in the SPI flash device by 1. > > > > > > - > > > > > > - @retval EFI_SUCCESS The operation completed successfully. > > > > > > - @retval EFI_DEVICE_ERROR A device error occurred while > > > attempting to update the counter. > > > > > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -IncrementMonotonicCounter ( > > > > > > - VOID > > > > > > - ) > > > > > > -{ > > > > > > - ASSERT (FALSE); > > > > > > - return EFI_UNSUPPORTED; > > > > > > -} > > > > > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > deleted file mode 100644 > > > index 500edfa87d..0000000000 > > > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > +++ /dev/null > > > @@ -1,33 +0,0 @@ > > > -## @file > > > > > > -# Provides Null version of RpmcLib for build purpose. > > > > > > -# > > > > > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > -# > > > > > > -## > > > > > > - > > > > > > -[Defines] > > > > > > - INF_VERSION = 0x00010029 > > > > > > - BASE_NAME = RpmcLibNull > > > > > > - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 > > > > > > - MODULE_TYPE = BASE > > > > > > - VERSION_STRING = 1.0 > > > > > > - LIBRARY_CLASS = RpmcLib > > > > > > - > > > > > > -# > > > > > > -# The following information is for reference only and not required by the > > > build tools. > > > > > > -# > > > > > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > > > > > -# > > > > > > - > > > > > > -[Sources] > > > > > > - RpmcLibNull.c > > > > > > - > > > > > > -[Packages] > > > > > > - MdePkg/MdePkg.dec > > > > > > - SecurityPkg/SecurityPkg.dec > > > > > > - > > > > > > -[LibraryClasses] > > > > > > - BaseLib > > > > > > - DebugLib > > > > > > - > > > > > > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > > deleted file mode 100644 > > > index a08def767b..0000000000 > > > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > > +++ /dev/null > > > @@ -1,66 +0,0 @@ > > > -/** @file > > > > > > - Null version of VariableKeyLib for build purpose. Don't use it in real > > > product. > > > > > > - > > > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > - > > > > > > -**/ > > > > > > -#include <Library/DebugLib.h> > > > > > > -#include <Library/VariableKeyLib.h> > > > > > > - > > > > > > -/** > > > > > > - Retrieves the key for integrity and/or confidentiality of variables. > > > > > > - > > > > > > - @param[out] VariableKey A pointer to pointer for the variable > key > > > buffer. > > > > > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > > > > > - > > > > > > - @retval EFI_SUCCESS The variable key was returned. > > > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting > to > > > get the variable key. > > > > > > - @retval EFI_ACCESS_DENIED The function was invoked after > locking > > > the key interface. > > > > > > - @retval EFI_UNSUPPORTED The variable key is not supported in > the > > > current boot configuration. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -GetVariableKey ( > > > > > > - OUT VOID **VariableKey, > > > > > > - IN OUT UINTN *VariableKeySize > > > > > > - ) > > > > > > -{ > > > > > > - ASSERT (FALSE); > > > > > > - return EFI_UNSUPPORTED; > > > > > > -} > > > > > > - > > > > > > -/** > > > > > > - Regenerates the variable key. > > > > > > - > > > > > > - @retval EFI_SUCCESS The variable key was regenerated > > > successfully. > > > > > > - @retval EFI_DEVICE_ERROR An error occurred while attempting > to > > > regenerate the key. > > > > > > - @retval EFI_ACCESS_DENIED The function was invoked after > locking > > > the key interface. > > > > > > - @retval EFI_UNSUPPORTED Key regeneration is not supported > in > > > the current boot configuration. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -RegenerateVariableKey ( > > > > > > - VOID > > > > > > - ) > > > > > > -{ > > > > > > - ASSERT (FALSE); > > > > > > - return EFI_UNSUPPORTED; > > > > > > -} > > > > > > - > > > > > > -/** > > > > > > - Locks the regenerate key interface. > > > > > > - > > > > > > - @retval EFI_SUCCESS The key interface was locked > successfully. > > > > > > - @retval EFI_UNSUPPORTED Locking the key interface is not > > > supported in the current boot configuration. > > > > > > - @retval Others An error occurred while attempting to lock > the > > > key interface. > > > > > > -**/ > > > > > > -EFI_STATUS > > > > > > -EFIAPI > > > > > > -LockVariableKeyInterface ( > > > > > > - VOID > > > > > > - ) > > > > > > -{ > > > > > > - ASSERT (FALSE); > > > > > > - return EFI_UNSUPPORTED; > > > > > > -} > > > > > > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > deleted file mode 100644 > > > index ea74e38cf9..0000000000 > > > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > +++ /dev/null > > > @@ -1,33 +0,0 @@ > > > -## @file > > > > > > -# Provides Null version of VariableKeyLib for build only. > > > > > > -# > > > > > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > > > > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > -# > > > > > > -## > > > > > > - > > > > > > -[Defines] > > > > > > - INF_VERSION = 0x00010029 > > > > > > - BASE_NAME = VariableKeyLibNull > > > > > > - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A > > > > > > - MODULE_TYPE = BASE > > > > > > - VERSION_STRING = 1.0 > > > > > > - LIBRARY_CLASS = VariableKeyLib > > > > > > - > > > > > > -# > > > > > > -# The following information is for reference only and not required by the > > > build tools. > > > > > > -# > > > > > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > > > > > -# > > > > > > - > > > > > > -[Sources] > > > > > > - VariableKeyLibNull.c > > > > > > - > > > > > > -[Packages] > > > > > > - MdePkg/MdePkg.dec > > > > > > - SecurityPkg/SecurityPkg.dec > > > > > > - > > > > > > -[LibraryClasses] > > > > > > - BaseLib > > > > > > - DebugLib > > > > > > - > > > > > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > > > index 7ecf9565d9..358b3dc543 100644 > > > --- a/SecurityPkg/SecurityPkg.dec > > > +++ b/SecurityPkg/SecurityPkg.dec > > > @@ -80,14 +80,6 @@ > > > # > > > > > > TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h > > > > > > > > > > > > - ## @libraryclass Provides interfaces to access RPMC device. > > > > > > - # > > > > > > - RpmcLib|Include/Library/RpmcLib.h > > > > > > - > > > > > > - ## @libraryclass Provides interfaces to access variable root key. > > > > > > - # > > > > > > - VariableKeyLib|Include/Library/VariableKeyLib.h > > > > > > - > > > > > > ## @libraryclass Provides interfaces about firmware TPM > measurement. > > > > > > # > > > > > > TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h > > > > > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > > > index 30d911d8a1..2f679c87a9 100644 > > > --- a/SecurityPkg/SecurityPkg.dsc > > > +++ b/SecurityPkg/SecurityPkg.dsc > > > @@ -68,8 +68,6 @@ > > > > > > > TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi > > > b.inf > > > > > > > > > > TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi > > > b.inf > > > > > > > > > > ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseReset > > > SystemLibNull.inf > > > > > > - > > > > VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.in > > > f > > > > > > - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > > > > > > > > TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventL > > > ogRecordLib.inf > > > > > > > > > > MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnbloc > > > kMemoryLibNull.inf > > > > > > > > > > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo > > > otVariableLib.inf > > > > > > @@ -264,8 +262,6 @@ > > > # > > > > > > # Variable Confidentiality & Integrity > > > > > > # > > > > > > - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > > > > > - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > > > > > > > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionL > > > ibVarPolicy.inf > > > > > > > > > > > > # > > > > > > -- > > > 2.36.1.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib 2022-12-15 3:10 ` Yao, Jiewen 2022-12-15 18:27 ` Michael D Kinney @ 2022-12-21 1:51 ` Judah Vang 1 sibling, 0 replies; 5+ messages in thread From: Judah Vang @ 2022-12-21 1:51 UTC (permalink / raw) To: Yao, Jiewen, Wang, Jian J, devel@edk2.groups.io Cc: Kinney, Michael D, Mistry, Nishant C I reviewed it and it looks good to me. Judah -----Original Message----- From: Yao, Jiewen <jiewen.yao@intel.com> Sent: Wednesday, December 14, 2022 7:11 PM To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Mistry, Nishant C <nishant.c.mistry@intel.com>; Vang, Judah <judah.vang@intel.com> Subject: RE: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib Agree. Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> I will wait for 1 work week to see if there is any objection. If anyone has concern, please let us know as soon as possible. Thank you Yao, Jiewen > -----Original Message----- > From: Wang, Jian J <jian.j.wang@intel.com> > Sent: Thursday, December 15, 2022 11:02 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Mistry, Nishant C > <nishant.c.mistry@intel.com>; Vang, Judah <judah.vang@intel.com> > Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 > > There's no real usage of these two libraries. They're deprecated. > > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Nishant C Mistry <nishant.c.mistry@intel.com> > Cc: Judah Vang <judah.vang@intel.com> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com> > --- > SecurityPkg/Include/Library/RpmcLib.h | 42 ------------ > SecurityPkg/Include/Library/VariableKeyLib.h | 59 ----------------- > SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 ------------- > .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ---------- > .../VariableKeyLibNull/VariableKeyLibNull.c | 66 ------------------- > .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ---------- > SecurityPkg/SecurityPkg.dec | 8 --- > SecurityPkg/SecurityPkg.dsc | 4 -- > 8 files changed, 291 deletions(-) > delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h > delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > delete mode 100644 > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > delete mode 100644 > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > diff --git a/SecurityPkg/Include/Library/RpmcLib.h > b/SecurityPkg/Include/Library/RpmcLib.h > deleted file mode 100644 > index df4ba34ba8..0000000000 > --- a/SecurityPkg/Include/Library/RpmcLib.h > +++ /dev/null > @@ -1,42 +0,0 @@ > -/** @file > > - Public definitions for the Replay Protected Monotonic Counter > (RPMC) Library. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#ifndef _RPMC_LIB_H_ > > -#define _RPMC_LIB_H_ > > - > > -#include <Uefi/UefiBaseType.h> > > - > > -/** > > - Requests the monotonic counter from the designated RPMC counter. > > - > > - @param[out] CounterValue A pointer to a buffer to store the RPMC > value. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RequestMonotonicCounter ( > > - OUT UINT32 *CounterValue > > - ); > > - > > -/** > > - Increments the monotonic counter in the SPI flash device by 1. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -IncrementMonotonicCounter ( > > - VOID > > - ); > > - > > -#endif > > diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h > b/SecurityPkg/Include/Library/VariableKeyLib.h > deleted file mode 100644 > index 561ebad09d..0000000000 > --- a/SecurityPkg/Include/Library/VariableKeyLib.h > +++ /dev/null > @@ -1,59 +0,0 @@ > -/** @file > > - Public definitions for Variable Key Library. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#ifndef _VARIABLE_KEY_LIB_H_ > > -#define _VARIABLE_KEY_LIB_H_ > > - > > -#include <Uefi/UefiBaseType.h> > > - > > -/** > > - Retrieves the key for integrity and/or confidentiality of variables. > > - > > - @param[out] VariableKey A pointer to pointer for the variable key > buffer. > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > - > > - @retval EFI_SUCCESS The variable key was returned. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > get the variable key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED The variable key is not supported in the > current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetVariableKey ( > > - OUT VOID **VariableKey, > > - IN OUT UINTN *VariableKeySize > > - ); > > - > > -/** > > - Regenerates the variable key. > > - > > - @retval EFI_SUCCESS The variable key was regenerated > successfully. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > regenerate the key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED Key regeneration is not supported in > the current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RegenerateVariableKey ( > > - VOID > > - ); > > - > > -/** > > - Locks the regenerate key interface. > > - > > - @retval EFI_SUCCESS The key interface was locked successfully. > > - @retval EFI_UNSUPPORTED Locking the key interface is not > supported in the current boot configuration. > > - @retval Others An error occurred while attempting to lock the > key interface. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -LockVariableKeyInterface ( > > - VOID > > - ); > > - > > -#endif > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > deleted file mode 100644 > index 792e48250e..0000000000 > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > +++ /dev/null > @@ -1,46 +0,0 @@ > -/** @file > > - NULL RpmcLib instance for build purpose. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#include <Library/DebugLib.h> > > -#include <Library/RpmcLib.h> > > - > > -/** > > - Requests the monotonic counter from the designated RPMC counter. > > - > > - @param[out] CounterValue A pointer to a buffer to store the RPMC > value. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RequestMonotonicCounter ( > > - OUT UINT32 *CounterValue > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > - > > -/** > > - Increments the monotonic counter in the SPI flash device by 1. > > - > > - @retval EFI_SUCCESS The operation completed successfully. > > - @retval EFI_DEVICE_ERROR A device error occurred while > attempting to update the counter. > > - @retval EFI_UNSUPPORTED The operation is un-supported. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -IncrementMonotonicCounter ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > deleted file mode 100644 > index 500edfa87d..0000000000 > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > +++ /dev/null > @@ -1,33 +0,0 @@ > -## @file > > -# Provides Null version of RpmcLib for build purpose. > > -# > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -## > > - > > -[Defines] > > - INF_VERSION = 0x00010029 > > - BASE_NAME = RpmcLibNull > > - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 > > - MODULE_TYPE = BASE > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = RpmcLib > > - > > -# > > -# The following information is for reference only and not required by > the build tools. > > -# > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > -# > > - > > -[Sources] > > - RpmcLibNull.c > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - > > -[LibraryClasses] > > - BaseLib > > - DebugLib > > - > > diff --git > a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > deleted file mode 100644 > index a08def767b..0000000000 > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > +++ /dev/null > @@ -1,66 +0,0 @@ > -/** @file > > - Null version of VariableKeyLib for build purpose. Don't use it in > real product. > > - > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > -#include <Library/DebugLib.h> > > -#include <Library/VariableKeyLib.h> > > - > > -/** > > - Retrieves the key for integrity and/or confidentiality of variables. > > - > > - @param[out] VariableKey A pointer to pointer for the variable key > buffer. > > - @param[in,out] VariableKeySize The size in bytes of the variable key. > > - > > - @retval EFI_SUCCESS The variable key was returned. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > get the variable key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED The variable key is not supported in the > current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -GetVariableKey ( > > - OUT VOID **VariableKey, > > - IN OUT UINTN *VariableKeySize > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > - > > -/** > > - Regenerates the variable key. > > - > > - @retval EFI_SUCCESS The variable key was regenerated > successfully. > > - @retval EFI_DEVICE_ERROR An error occurred while attempting to > regenerate the key. > > - @retval EFI_ACCESS_DENIED The function was invoked after locking > the key interface. > > - @retval EFI_UNSUPPORTED Key regeneration is not supported in > the current boot configuration. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -RegenerateVariableKey ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > - > > -/** > > - Locks the regenerate key interface. > > - > > - @retval EFI_SUCCESS The key interface was locked successfully. > > - @retval EFI_UNSUPPORTED Locking the key interface is not > supported in the current boot configuration. > > - @retval Others An error occurred while attempting to lock the > key interface. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -LockVariableKeyInterface ( > > - VOID > > - ) > > -{ > > - ASSERT (FALSE); > > - return EFI_UNSUPPORTED; > > -} > > diff --git > a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > deleted file mode 100644 > index ea74e38cf9..0000000000 > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > +++ /dev/null > @@ -1,33 +0,0 @@ > -## @file > > -# Provides Null version of VariableKeyLib for build only. > > -# > > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -## > > - > > -[Defines] > > - INF_VERSION = 0x00010029 > > - BASE_NAME = VariableKeyLibNull > > - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A > > - MODULE_TYPE = BASE > > - VERSION_STRING = 1.0 > > - LIBRARY_CLASS = VariableKeyLib > > - > > -# > > -# The following information is for reference only and not required by > the build tools. > > -# > > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 > > -# > > - > > -[Sources] > > - VariableKeyLibNull.c > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - > > -[LibraryClasses] > > - BaseLib > > - DebugLib > > - > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 7ecf9565d9..358b3dc543 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -80,14 +80,6 @@ > # > > TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h > > > > - ## @libraryclass Provides interfaces to access RPMC device. > > - # > > - RpmcLib|Include/Library/RpmcLib.h > > - > > - ## @libraryclass Provides interfaces to access variable root key. > > - # > > - VariableKeyLib|Include/Library/VariableKeyLib.h > > - > > ## @libraryclass Provides interfaces about firmware TPM measurement. > > # > > TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 30d911d8a1..2f679c87a9 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -68,8 +68,6 @@ > > TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore > TcgStorageCoreLib|Li > b.inf > > > TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpal > TcgStorageOpalLib|Li > b.inf > > > ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseReset > SystemLibNull.inf > > - > VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNu > VariableKeyLib|ll.in > f > > - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEvent > TcgEventLogRecordLib|L > ogRecordLib.inf > > > MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnbloc > kMemoryLibNull.inf > > > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/Secure > SecureBootVariableLib|Bo > otVariableLib.inf > > @@ -264,8 +262,6 @@ > # > > # Variable Confidentiality & Integrity > > # > > - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf > > - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf > > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtect > ionL > ibVarPolicy.inf > > > > # > > -- > 2.36.1.windows.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-12-21 5:58 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-12-15 3:02 [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib Wang, Jian J 2022-12-15 3:10 ` Yao, Jiewen 2022-12-15 18:27 ` Michael D Kinney 2022-12-21 5:58 ` Yao, Jiewen 2022-12-21 1:51 ` Judah Vang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox