From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9081821C913C5 for ; Wed, 1 Nov 2017 01:43:54 -0700 (PDT) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Nov 2017 01:47:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,327,1505804400"; d="scan'208";a="1212733688" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga001.fm.intel.com with ESMTP; 01 Nov 2017 01:47:46 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 1 Nov 2017 01:47:46 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 1 Nov 2017 01:47:46 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.93]) with mapi id 14.03.0319.002; Wed, 1 Nov 2017 16:47:44 +0800 From: "Long, Qin" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Zeng, Star" Thread-Topic: [PATCH 3/3] MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS Thread-Index: AQHTUhJoOZt4kNH/ZUmkmWRKhGXG/6L/N/Pg Date: Wed, 1 Nov 2017 08:47:44 +0000 Message-ID: References: <20171031063439.6232-1-chao.b.zhang@intel.com> <20171031063439.6232-3-chao.b.zhang@intel.com> In-Reply-To: <20171031063439.6232-3-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 3/3] MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2017 08:43:54 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Long Qin -----Original Message----- From: Zhang, Chao B=20 Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Long, Qin ; Zeng, Star ; Zhang= , Chao B Subject: [PATCH 3/3] MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRI= TE_ACCESS Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated. 1. Make SetVariable/QueryVariableInfo return EFI_UNSUPPORTED with this attribute 2. No change to GetVariable/GetNextVariableName Also update several functio= n descriptors accordingly Cc: Long Qin Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang --- MdeModulePkg/Include/Guid/VariableFormat.h | 9 ++++++= +-- MdeModulePkg/Include/Library/AuthVariableLib.h | 7 +++---= - MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c | 7 +++---= - MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 8 +++---= -- MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h | 8 +++---= -- MdeModulePkg/Universal/BdsDxe/Bds.h | 10 ++++--= ---- MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 8 +++---= -- MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 4 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 5 ++++- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | 1 - 10 files changed, 32 insertions(+), 35 deletions(-) diff --git a/MdeModulePkg/Include/Guid/VariableFormat.h b/MdeModulePkg/Incl= ude/Guid/VariableFormat.h index ce71aab..b0c2616 100644 --- a/MdeModulePkg/Include/Guid/VariableFormat.h +++ b/MdeModulePkg/Include/Guid/VariableFormat.h @@ -2,7 +2,7 @@ The variable data structures are related to EDK II-specific implementati= on of UEFI variables. VariableFormat.h defines variable data headers and variable storage regi= on headers. =20 -Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availabl= e under the terms and conditions of the BSD License that accompanies this = distribution. The full text of the license may be found at @@ -115,11 +115,16 @@ typedef= struct { /// #define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_V= ARIABLE_BOOTSERVICE_ACCESS) #define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS |= EFI_VARIABLE_RUNTIME_ACCESS) -#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTIC= ATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_BS_RT_AT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VA= RIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VA= RIABLE_NON_VOLATILE) #define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI= _VARIABLE_HARDWARE_ERROR_RECORD) #define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI= _VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) +#define VARIABLE_ATTRIBUTE_AT EFI_VARIABLE_TIME_BASED_AUTHENTICA= TED_WRITE_ACCESS +#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT (VARIABLE_ATTRIBUTE_NV_BS_RT_= HR | VARIABLE_ATTRIBUTE_AT) +/// +/// EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be=20 +considered as reserved /// +#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTIC= ATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI= _VARIABLE_AUTHENTICATED_WRITE_ACCESS) #define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_= RT_HR | VARIABLE_ATTRIBUTE_AT_AW) =20 diff --git a/MdeModulePkg/Include/Library/AuthVariableLib.h b/MdeModulePkg/= Include/Library/AuthVariableLib.h index 0731b8d..bdf5963 100644 --- a/MdeModulePkg/Include/Library/AuthVariableLib.h +++ b/MdeModulePkg/Include/Library/AuthVariableLib.h @@ -1,7 +1,7 @@ /** @file Provides services to initialize and process authenticated variables. =20 -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availabl= e under the terms and conditions of the BSD License that accompanies this = distribution. The full text of the license may be found at @@ -228,7 +228,7 @@ AuthVaria= bleLibInitialize ( ); =20 /** - Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIAB= LE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS= set. =20 @param[in] VariableName Name of the variable. @param[in] VendorGuid Variable vendor GUID. @@ -241,8 +241,7 @@ AuthVariableLibInitialize ( @retval EFI_INVALID_PARAMETER Invalid parameter. @retval EFI_WRITE_PROTECTED Variable is write-protected. @retval EFI_OUT_OF_RESOURCES There is not enough resource. - @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTH= ENTICATED_WRITE_ACCESS - or EFI_VARIABLE_TIME_BASED_AUTHENTICAT= ED_WRITE_ACESS + @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME= _BASED_AUTHENTICATED_WRITE_ACESS set, but the AuthInfo does NOT pass th= e validation check carried out by the firmware. @retval EFI_UNSUPPORTED Unsupported to process authenticated v= ariable. diff --git a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c= b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c index 054131f..e5c2c8c 100644 --- a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c +++ b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c @@ -1,7 +1,7 @@ /** @file Implements NULL authenticated variable services. =20 -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -43,7 +43,= 7 @@ AuthVariableLibInitialize ( } =20 /** - Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIAB= LE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS= set. =20 @param[in] VariableName Name of the variable. @param[in] VendorGuid Variable vendor GUID. @@ -56,8 +56,7 @@ AuthVariableLibInitialize ( @retval EFI_INVALID_PARAMETER Invalid parameter. @retval EFI_WRITE_PROTECTED Variable is write-protected. @retval EFI_OUT_OF_RESOURCES There is not enough resource. - @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTH= ENTICATED_WRITE_ACCESS - or EFI_VARIABLE_TIME_BASED_AUTHENTICAT= ED_WRITE_ACESS + @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME= _BASED_AUTHENTICATED_WRITE_ACESS set, but the AuthInfo does NOT pass th= e validation check carried out by the firmware. @retval EFI_UNSUPPORTED Unsupported to process authenticated v= ariable. diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c b/MdeModulePk= g/Library/UefiBootManagerLib/BmMisc.c index a3fa254..81d3659 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c +++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c @@ -305,8 +305,7 @@ BmSetMemoryTypeInformationVariable ( @param VendorGuid A unique identifier for the vendor. @param Attributes Attributes bitmask to set for the variabl= e. @param DataSize The size in bytes of the Data buffer. Unl= ess the EFI_VARIABLE_APPEND_WRITE,=20 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, = or=20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI= TE_ACCESS attribute is set, a size of zero=20 + or=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a=20 + size of zero causes the variable to be deleted. When t= he EFI_VARIABLE_APPEND_WRITE attribute is=20 set, then a SetVariable() call with a Dat= aSize of zero will not cause any change to=20 the variable value (the timestamp associa= ted with the variable may be updated however @@ -324,9 +323,8 @@ BmSetMemor= yTypeInformationVariable ( @retval EFI_DEVICE_ERROR The variable could not be retrieved due t= o a hardware error. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delete= d. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS=20 - or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_= WRITE_ACESS being set, but the AuthInfo=20 - does NOT pass the validation check carrie= d out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS + being set, but the AuthInfo does NOT pass= the validation check carried out by the firmware. =20 @retval EFI_NOT_FOUND The variable trying to be updated or dele= ted was not found. **/ diff --git a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h b/MdeModu= lePkg/Library/UefiBootManagerLib/InternalBm.h index ef09050..0224bd3 100644 --- a/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h +++ b/MdeModulePkg/Library/UefiBootManagerLib/InternalBm.h @@ -275,8 +275,7 @@ BmStopHotkeyService ( @param VendorGuid A unique identifier for the vendor. @param Attributes Attributes bitmask to set for the variabl= e. @param DataSize The size in bytes of the Data buffer. Unl= ess the EFI_VARIABLE_APPEND_WRITE,=20 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, = or=20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI= TE_ACCESS attribute is set, a size of zero=20 + or=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a=20 + size of zero causes the variable to be deleted. When t= he EFI_VARIABLE_APPEND_WRITE attribute is=20 set, then a SetVariable() call with a Dat= aSize of zero will not cause any change to=20 the variable value (the timestamp associa= ted with the variable may be updated however @@ -294,9 +293,8 @@ BmStopHotk= eyService ( @retval EFI_DEVICE_ERROR The variable could not be retrieved due t= o a hardware error. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delete= d. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS=20 - or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_= WRITE_ACESS being set, but the AuthInfo=20 - does NOT pass the validation check carrie= d out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS + being set, but the AuthInfo does NOT pass= the validation check carried out by the firmware. =20 @retval EFI_NOT_FOUND The variable trying to be updated or dele= ted was not found. **/ diff --git a/MdeModulePkg/Universal/BdsDxe/Bds.h b/MdeModulePkg/Universal/B= dsDxe/Bds.h index 1f8a192..5658e61 100644 --- a/MdeModulePkg/Universal/BdsDxe/Bds.h +++ b/MdeModulePkg/Universal/BdsDxe/Bds.h @@ -1,7 +1,7 @@ /** @file Head file for BDS Architectural Protocol implementation =20 -Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -80,8 +80,= 7 @@ BdsEntry ( @param VendorGuid A unique identifier for the vendor. @param Attributes Attributes bitmask to set for the variabl= e. @param DataSize The size in bytes of the Data buffer. Unl= ess the EFI_VARIABLE_APPEND_WRITE,=20 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, = or=20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI= TE_ACCESS attribute is set, a size of zero=20 + or=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a=20 + size of zero causes the variable to be deleted. When t= he EFI_VARIABLE_APPEND_WRITE attribute is=20 set, then a SetVariable() call with a Dat= aSize of zero will not cause any change to=20 the variable value (the timestamp associa= ted with the variable may be updated however @@ -99,9 +98,8 @@ BdsEntry ( @retval EFI_DEVICE_ERROR The variable could not be retrieved due t= o a hardware error. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delete= d. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS=20 - or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_= WRITE_ACESS being set, but the AuthInfo=20 - does NOT pass the validation check carrie= d out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS + being set, but the AuthInfo does NOT pass= the validation check carried out by the firmware. =20 @retval EFI_NOT_FOUND The variable trying to be updated or dele= ted was not found. **/ diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Univer= sal/BdsDxe/BdsEntry.c index a6fe617..dccc490 100644 --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c @@ -1112,8 +1112,7 @@ BdsEntry ( @param VendorGuid A unique identifier for the vendor. @param Attributes Attributes bitmask to set for the variabl= e. @param DataSize The size in bytes of the Data buffer. Unl= ess the EFI_VARIABLE_APPEND_WRITE,=20 - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, = or=20 - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRI= TE_ACCESS attribute is set, a size of zero=20 + or=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a=20 + size of zero causes the variable to be deleted. When t= he EFI_VARIABLE_APPEND_WRITE attribute is=20 set, then a SetVariable() call with a Dat= aSize of zero will not cause any change to=20 the variable value (the timestamp associa= ted with the variable may be updated however @@ -1131,9 +1130,8 @@ BdsEntry= ( @retval EFI_DEVICE_ERROR The variable could not be retrieved due t= o a hardware error. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delete= d. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS=20 - or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_= WRITE_ACESS being set, but the AuthInfo=20 - does NOT pass the validation check carrie= d out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to = EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS + being set, but the AuthInfo does NOT pass= the validation check carried out by the firmware. =20 @retval EFI_NOT_FOUND The variable trying to be updated or dele= ted was not found. **/ diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/M= deModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index 93a300a..c26616e 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -4,7 +4,7 @@ This module initilizes MemoryOverwriteRequestControlLock variable. This module adds Variable Hook and check MemoryOverwriteRequestControlLo= ck. =20 -Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -116,7 +11= 6,7 @@ IsMorLockVariable ( @retval EFI_DEVICE_ERROR The variable could not be saved due to a= hardware failure. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delet= ed. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to= EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + @retval EFI_SECURITY_VIOLATION The variable could not be written due=20 + to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set but the AuthInfo does NOT pass the v= alidation check carried out by the firmware. @retval EFI_NOT_FOUND The variable trying to be updated or del= eted was not found. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeMod= ulePkg/Universal/Variable/RuntimeDxe/Variable.c index d68dfbe..f39be6b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -3133,8 +3133,11 @@ VariableServiceSetVariable ( =20 // // Check for reserverd bit in variable attribute. + // EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated but we still=20 + allow // the delete operation of common authenticated variable at user p= hysical presence. + // So leave EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute check=20 + to AuthVariableLib // - if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) !=3D 0) { + if ((Attributes & (~(EFI_VARIABLE_ATTRIBUTES_MASK |=20 + EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS))) !=3D 0) { return EFI_INVALID_PARAMETER; } =20 diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeMod= ulePkg/Universal/Variable/RuntimeDxe/Variable.h index ec9b984..b35e8ab 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h @@ -50,7 +50,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. EFI_VARIABLE_BOOTSERVICE_ACCESS | \ EFI_VARIABLE_RUNTIME_ACCESS | \ EFI_VARIABLE_HARDWARE_ERROR_RECORD |= \ - EFI_VARIABLE_AUTHENTICATED_WRITE_ACC= ESS | \ EFI_VARIABLE_TIME_BASED_AUTHENTICATE= D_WRITE_ACCESS | \ EFI_VARIABLE_APPEND_WRITE) =20 -- 1.9.5.msysgit.1