From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.35694.1681275607965036880 for ; Tue, 11 Apr 2023 22:00:08 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=agPJUuaa; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: linus.liu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681275607; x=1712811607; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=EoCsu4FZqQPI2TH1ojLTOD2vKFgww2XL4y/RBw4uBXk=; b=agPJUuaar4SBZV8dOCcMBfdSOAPQsiswlszVv7G0VicbJGQR+oTZx90C JTbwNG8lKCmS59FRD4W7h56fTf2vtvc2D/nGmoXFuDvaHlsPzysGpCHnM jb0HCkftMGWC/oYiKVpt5y9Uzp8A+ueppcvvmQnipN9ZSJeI9LjiidkYG q/oftu6k8//XxEzAoyb/9Tzv5VTjAGVFXpvDLjfPDMffUAT1puItLCqAr yaHgakfiT4ocQ9BG035ebG8VgpUgLc/h55Gb7JfulzVClWf4p+PP1KXkt 6LdDy8V9Eol8kPw8Qv+JSgk0LDG95xkKnQU7uxl8MQiD7tV1gNm1IZcyq Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10677"; a="345594893" X-IronPort-AV: E=Sophos;i="5.98,338,1673942400"; d="scan'208";a="345594893" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2023 22:00:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10677"; a="666208735" X-IronPort-AV: E=Sophos;i="5.98,338,1673942400"; d="scan'208";a="666208735" Received: from linusliu-desk1.gar.corp.intel.com ([10.5.215.134]) by orsmga006.jf.intel.com with ESMTP; 11 Apr 2023 22:00:06 -0700 From: "Linus Liu" To: devel@edk2.groups.io Cc: Linus Liu , Jiewen Yao , Maggie Chu Subject: [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Date: Tue, 11 Apr 2023 22:00:01 -0700 Message-Id: <20230412050001.928-1-linus.liu@intel.com> X-Mailer: git-send-email 2.33.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Linus Liu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c Cc: Jiewen Yao Cc: Maggie Chu Signed-off-by: Linus Liu --- SecurityPkg/HddPassword/HddPasswordDxe.c | 28 ++++++++++++-------- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass= word/HddPasswordDxe.c index 55dfb25886..6f36b5a0a2 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/=0D =0D #include "HddPasswordDxe.h"=0D +#include =0D =0D EFI_GUID mHddPasswordVendorGuid =3D HDD_PASSWORD_CONFIG_GUID;= =0D CHAR16 mHddPasswordVendorStorageName[] =3D L"HDD_PASSWORD_CONFIG";=0D @@ -2818,11 +2819,11 @@ HddPasswordDxeInit ( IN EFI_SYSTEM_TABLE *SystemTable=0D )=0D {=0D - EFI_STATUS Status;=0D - HDD_PASSWORD_DXE_PRIVATE_DATA *Private;=0D - VOID *Registration;=0D - EFI_EVENT EndOfDxeEvent;=0D - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;=0D + EFI_STATUS Status;=0D + HDD_PASSWORD_DXE_PRIVATE_DATA *Private;=0D + VOID *Registration;=0D + EFI_EVENT EndOfDxeEvent;=0D + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;=0D =0D Private =3D NULL;=0D =0D @@ -2858,13 +2859,18 @@ HddPasswordDxeInit ( //=0D // Make HDD_PASSWORD_VARIABLE_NAME variable read-only.=0D //=0D - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLock);=0D + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,= (VOID **)&VariablePolicy);=0D if (!EFI_ERROR (Status)) {=0D - Status =3D VariableLock->RequestToLock (=0D - VariableLock,=0D - HDD_PASSWORD_VARIABLE_NAME,=0D - &mHddPasswordVendorGuid=0D - );=0D + Status =3D RegisterBasicVariablePolicy (=0D + VariablePolicy,=0D + &mHddPasswordVendorGuid,=0D + HDD_PASSWORD_VARIABLE_NAME,=0D + VARIABLE_POLICY_NO_MIN_SIZE,=0D + VARIABLE_POLICY_NO_MAX_SIZE,=0D + VARIABLE_POLICY_NO_MUST_ATTR,=0D + VARIABLE_POLICY_NO_CANT_ATTR,=0D + VARIABLE_POLICY_TYPE_LOCK_NOW=0D + );=0D DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PAS= SWORD_VARIABLE_NAME, Status));=0D ASSERT_EFI_ERROR (Status);=0D }=0D diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPass= word/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include =0D #include =0D #include =0D -#include =0D =0D #include =0D #include =0D diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPa= ssword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib=0D UefiLib=0D LockBoxLib=0D + VariablePolicyHelperLib=0D S3BootScriptLib=0D PciLib=0D BaseCryptLib=0D @@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES=0D gEfiAtaPassThruProtocolGuid ## CONSUMES=0D gEfiPciIoProtocolGuid ## CONSUMES=0D - gEdkiiVariableLockProtocolGuid ## CONSUMES=0D + gEdkiiVariablePolicyProtocolGuid ## CONSUMES=0D =0D [Pcd]=0D gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES=0D diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf=0D SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro= visionLib/SecureBootVariableProvisionLib.inf=0D TdxLib|MdePkg/Library/TdxLib/TdxLib.inf=0D + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf=0D =0D [LibraryClasses.ARM, LibraryClasses.AARCH64]=0D #=0D --=20 2.33.1.windows.1