public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Long, Qin" <qin.long@intel.com>
To: "Zhang, Chao B" <chao.b.zhang@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>,
	"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
Date: Wed, 1 Nov 2017 08:47:24 +0000	[thread overview]
Message-ID: <BF2CCE9263284D428840004653A28B6E5401C079@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <20171031063439.6232-2-chao.b.zhang@intel.com>

Reviewed-by: Long Qin <qin.long@intel.com>


-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang, Chao B
Sent: Tuesday, October 31, 2017 2:35 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Zeng, Star <star.zeng@intel.com>; Long, Qin <qin.long@intel.com>
Subject: [edk2] [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS

Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated. Also update some function descriptors accordingly.

Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
---
 MdePkg/Include/Uefi/UefiMultiPhase.h       | 8 +++++---
 MdePkg/Include/Uefi/UefiSpec.h             | 8 +++-----
 MdePkg/Library/UefiRuntimeLib/RuntimeLib.c | 4 ++--
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/MdePkg/Include/Uefi/UefiMultiPhase.h b/MdePkg/Include/Uefi/UefiMultiPhase.h
index 9f1ef3e..0dcbb1b 100644
--- a/MdePkg/Include/Uefi/UefiMultiPhase.h
+++ b/MdePkg/Include/Uefi/UefiMultiPhase.h
@@ -1,7 +1,7 @@
 /** @file
   This includes some definitions introduced in UEFI that will be used in both PEI and DXE phases.
 
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials are licensed and made available under  the terms and conditions of the BSD License that accompanies this distribution.
 The full text of the license may be found at @@ -169,10 +169,12 @@ typedef struct {  ///  /// Attributes of Authenticated Variable  ///
-#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS              0x00000010
 #define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS   0x00000020
 #define EFI_VARIABLE_APPEND_WRITE                            0x00000040
-
+///
+/// NOTE: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be considered reserved.
+///
+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS              0x00000010
 
 ///
 /// AuthInfo is a WIN_CERTIFICATE using the wCertificateType diff --git a/MdePkg/Include/Uefi/UefiSpec.h b/MdePkg/Include/Uefi/UefiSpec.h index d394127..92575ae 100644
--- a/MdePkg/Include/Uefi/UefiSpec.h
+++ b/MdePkg/Include/Uefi/UefiSpec.h
@@ -701,8 +701,7 @@ EFI_STATUS
                                  then EFI_INVALID_PARAMETER is returned.
   @param[in]  VendorGuid         A unique identifier for the vendor.
   @param[in]  Attributes         Attributes bitmask to set for the variable.
-  @param[in]  DataSize           The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE, 
-                                 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, or 
+  @param[in]  DataSize           The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE or
                                  EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero 
                                  causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is 
                                  set, then a SetVariable() call with a DataSize of zero will not cause any change to @@ -721,9 +720,8 @@ EFI_STATUS
   @retval EFI_DEVICE_ERROR       The variable could not be retrieved due to a hardware error.
   @retval EFI_WRITE_PROTECTED    The variable in question is read-only.
   @retval EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 
-                                 or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, but the AuthInfo 
-                                 does NOT pass the validation check carried out by the firmware.
+  @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set,
+                                 but the AuthInfo does NOT pass the validation check carried out by the firmware.
   
   @retval EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
 
diff --git a/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c b/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c
index 63ae976..ba8b862 100644
--- a/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c
+++ b/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c
@@ -6,7 +6,7 @@
   OS virtual address space. All pointer values are different for a virtual 
   mapping than from the normal physical mapping at boot services time.
 
-Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at @@ -483,7 +483,7 @@ EfiGetNextVariableName (
   @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
   @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
   @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @retval  EFI_SECURITY_VIOLATION The variable could not be written due 
+ to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                   set but the AuthInfo does NOT pass the validation check carried
                                   out by the firmware.
   @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
--
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


  reply	other threads:[~2017-11-01  8:43 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-31  6:34 [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support Zhang, Chao B
2017-10-31  6:34 ` [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS Zhang, Chao B
2017-11-01  8:47   ` Long, Qin [this message]
2017-10-31  6:34 ` [PATCH 3/3] MdeModulePkg: " Zhang, Chao B
2017-11-01  8:47   ` Long, Qin
2017-11-01  8:47 ` [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support Long, Qin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BF2CCE9263284D428840004653A28B6E5401C079@SHSMSX103.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox