From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by mx.groups.io with SMTP id smtpd.web08.5354.1624441968237659020
 for <devel@edk2.groups.io>;
 Wed, 23 Jun 2021 02:52:48 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=e394ZcbL;
 spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1624441967;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=1B4iA6vHIqrLDJU7hJs4MsdC31MPit6npJ6mHnr1x74=;
	b=e394ZcbLRUdhhpzzMitS1iEGu2chqX6P2fWV6xhGzQjFFphIf7UQkgyiQW1n6s4gisENIH
	t25LbHKOjnwctE24BwjpCwUB7zlAMtUxdCV7shjGtMlQV4yh85CZhe6nmsMCUNcLvTDw4/
	La9XR7h/mUD7BepBBXzhBGgIE234EKo=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-399-O3FPvTAjMAeqWvTtxi3XRg-1; Wed, 23 Jun 2021 05:52:43 -0400
X-MC-Unique: O3FPvTAjMAeqWvTtxi3XRg-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7048A362FC;
	Wed, 23 Jun 2021 09:52:42 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-200.ams2.redhat.com [10.36.112.200])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9A93410016F8;
	Wed, 23 Jun 2021 09:52:38 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy
To: devel@edk2.groups.io, kenlautner3@gmail.com
Cc: Jian J Wang <jian.j.wang@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Zhichao Gao <zhichao.gao@intel.com>, Ray Ni <ray.ni@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>
References: <20210621195954.852-1-kenlautner3@gmail.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <75845d18-82e5-0603-e32f-c53fd8c41ef8@redhat.com>
Date: Wed, 23 Jun 2021 11:52:37 +0200
MIME-Version: 1.0
In-Reply-To: <20210621195954.852-1-kenlautner3@gmail.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 06/21/21 21:59, Kenneth Lautner wrote:
> From: Ken Lautner <klautner@microsoft.com>
> 
> Changed BdsEntry.c to use Variable Policy instead of Variable Lock
> as Variable Lock will be Deprecated eventually
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> 
> Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
> ---
>  MdeModulePkg/Universal/BdsDxe/Bds.h      |  1 -
>  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf |  3 ++-
>  MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 20 +++++++++++++++-----
>  3 files changed, 17 insertions(+), 7 deletions(-)
> 
> diff --git a/MdeModulePkg/Universal/BdsDxe/Bds.h b/MdeModulePkg/Universal/BdsDxe/Bds.h
> index e7a9b5b4b7cb..84548041e861 100644
> --- a/MdeModulePkg/Universal/BdsDxe/Bds.h
> +++ b/MdeModulePkg/Universal/BdsDxe/Bds.h
> @@ -17,7 +17,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  
>  #include <Protocol/Bds.h>
>  #include <Protocol/LoadedImage.h>
> -#include <Protocol/VariableLock.h>
>  #include <Protocol/DeferredImageLoad.h>
>  
>  #include <Library/UefiDriverEntryPoint.h>
> diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> index 9310b4dccb18..5bac635def93 100644
> --- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> +++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> @@ -50,6 +50,7 @@
>    BaseMemoryLib
>    DebugLib
>    UefiBootManagerLib
> +  VariablePolicyHelperLib
>    PlatformBootManagerLib
>    PcdLib
>    PrintLib
> @@ -77,7 +78,7 @@
>  [Protocols]
>    gEfiBdsArchProtocolGuid                       ## PRODUCES
>    gEfiSimpleTextInputExProtocolGuid             ## CONSUMES
> -  gEdkiiVariableLockProtocolGuid                ## SOMETIMES_CONSUMES
> +  gEdkiiVariablePolicyProtocolGuid              ## SOMETIMES_CONSUMES
>    gEfiDeferredImageLoadProtocolGuid             ## CONSUMES
>  
>  [FeaturePcd]
> diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> index 83b773a2fa5f..13c10bdc5bf8 100644
> --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include "Bds.h"
>  #include "Language.h"
>  #include "HwErrRecSupport.h"
> +#include <Library/VariablePolicyHelperLib.h>
>  
>  #define SET_BOOT_OPTION_SUPPORT_KEY_COUNT(a, c) {  \
>        (a) = ((a) & ~EFI_BOOT_OPTION_SUPPORT_COUNT) | (((c) << LowBitSet32 (EFI_BOOT_OPTION_SUPPORT_COUNT)) & EFI_BOOT_OPTION_SUPPORT_COUNT); \
> @@ -670,7 +671,7 @@ BdsEntry (
>    EFI_STATUS                      Status;
>    UINT32                          BootOptionSupport;
>    UINT16                          BootTimeOut;
> -  EDKII_VARIABLE_LOCK_PROTOCOL    *VariableLock;
> +  EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy;
>    UINTN                           Index;
>    EFI_BOOT_MANAGER_LOAD_OPTION    LoadOption;
>    UINT16                          *BootNext;
> @@ -716,12 +717,21 @@ BdsEntry (
>    //
>    // Mark the read-only variables if the Variable Lock protocol exists
>    //
> -  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock);
> -  DEBUG ((EFI_D_INFO, "[BdsDxe] Locate Variable Lock protocol - %r\n", Status));
> +  Status = gBS->LocateProtocol(&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy);
> +  DEBUG((DEBUG_INFO, "[BdsDxe] Locate Variable Policy protocol - %r\n", Status));
>    if (!EFI_ERROR (Status)) {
>      for (Index = 0; Index < ARRAY_SIZE (mReadOnlyVariables); Index++) {
> -      Status = VariableLock->RequestToLock (VariableLock, mReadOnlyVariables[Index], &gEfiGlobalVariableGuid);
> -      ASSERT_EFI_ERROR (Status);
> +      Status = RegisterBasicVariablePolicy(
> +                 VariablePolicy,
> +                 &gEfiGlobalVariableGuid,
> +                 mReadOnlyVariables[Index],
> +                 VARIABLE_POLICY_NO_MIN_SIZE,
> +                 VARIABLE_POLICY_NO_MAX_SIZE,
> +                 VARIABLE_POLICY_NO_MUST_ATTR,
> +                 VARIABLE_POLICY_NO_CANT_ATTR,
> +                 VARIABLE_POLICY_TYPE_LOCK_NOW
> +                 );
> +      ASSERT_EFI_ERROR(Status);
>      }
>    }
>  
> 

We should have a TianoCore BZ ticket for this change; please reference
the ticket in the commit message.

(No need to repost just for this; I think whoever merges the patch
should please update the commit message.)

Thanks
Laszlo