From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.3291.1593656030750112316 for ; Wed, 01 Jul 2020 19:13:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Pd6I4Yej; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: dandan.bi@intel.com) IronPort-SDR: 9p0DdTz8VABbYOeICClJhw36xFNBDdwUXzdsu/SEcp/mFvbJrobYmjE9T1kHEw/J4E7FCYDorH fAVAs7d4oHGg== X-IronPort-AV: E=McAfee;i="6000,8403,9669"; a="148309260" X-IronPort-AV: E=Sophos;i="5.75,302,1589266800"; d="scan'208";a="148309260" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jul 2020 19:13:50 -0700 IronPort-SDR: IHJQ96l5L+xd7bLlkOn31KX0H8wvh7LBr+NJwaSoPeokAT6DeyjeOkFAjZ5V4/GiJqGhhrUnyh Wr0znlVzSdBg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,302,1589266800"; d="scan'208";a="321395048" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by FMSMGA003.fm.intel.com with ESMTP; 01 Jul 2020 19:13:49 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 1 Jul 2020 19:13:49 -0700 Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 1 Jul 2020 19:13:49 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.105) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 1 Jul 2020 19:13:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BNqoIZDl8N+9Sk/TPwcfIOZIHvsaq3NBfgrqHfOaUqyY2lcIOoVySS46ZOyBciXv7voO9VTrdlwuW4WuSUVX72pWlZWYcA8YoRU+T8Uvrk6fQLc/y4uTGboyy7cnJC54iP2l4uhKJ3id4Y2ZiV/D0rYSZ2HYYNBuY6k88QuYpI9pWI4WToJJTm6mUiFyoE4HYGoFF6n8j8z3rlxNdWJ+DaYEN70Qtz1ZjEHNZE93IAYFifrBXRAp/UxwG2MRXe4pS6+4nEFyXFXsT+GAXJ3gAtg3Rc+1GgkYklVEpRJAFh9/TixMKGmYSYeVG+ygSy/TvoQeOA45yz1j0og44ulUBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XDJPnpJpRCxFT2gmnXBos3mVhwBG/jfbbdOZjVHbdic=; b=HKzC0ZzB8J5+/wknwcl+DCl2qjo1VHLCKrvaTkFt2M2DFu6Xesw10sgQqpGukdU+kOs9stMo06ZFlM9ofyhKNnAqkJ4ky4sQYcsd2+GWwhIGJQMhTSvVrgWLjdAR7zXCBz0N89zZm/Jnikwd5w8BQUagQH/62H1gVFvxfGbTYk39SB2sEI1MrcPOxxDMsuob7ZxGBHZ+8/JYNaVQU3juZuyOoIUSi+mmrYDhLVehKoIy1J0PYNoy7IEaUUFMtVU+sXqSqSo0+3n+KYUI1XruVbccXZQPBHp4AK5wr0PnYVylxN+/2UzFj+u6wd1hZp3mqMBWrXTbuKfaYyZNtZnJaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XDJPnpJpRCxFT2gmnXBos3mVhwBG/jfbbdOZjVHbdic=; b=Pd6I4YejMRHPzDlhe9+kw+xAMvH22Atc7QU13EpiIEDPm5pYq4jL+BBH9YHt5fUqsmczw62Owf6Aj5T0cCSRO+bKI2pGgSDdE0slXElqK491TNnMDd3Al+xsLXrbubxgE/Ka2PFqOL5LrqcmJ9pSn341UvnpQkpJz6TiVvT9I9s= Received: from BN6PR11MB1393.namprd11.prod.outlook.com (2603:10b6:404:3c::12) by BN8PR11MB3812.namprd11.prod.outlook.com (2603:10b6:408:90::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.21; Thu, 2 Jul 2020 02:13:46 +0000 Received: from BN6PR11MB1393.namprd11.prod.outlook.com ([fe80::a1f4:15d6:9a79:de03]) by BN6PR11MB1393.namprd11.prod.outlook.com ([fe80::a1f4:15d6:9a79:de03%11]) with mapi id 15.20.3153.024; Thu, 2 Jul 2020 02:13:46 +0000 From: "Dandan Bi" To: "devel@edk2.groups.io" , "bret@corthon.com" CC: "Yao, Jiewen" , "Zhang, Chao B" , "Wang, Jian J" , "Wu, Hao A" , "Gao, Liming" , "Justen, Jordan L" , Laszlo Ersek , "Ard Biesheuvel" , Andrew Fish , "Ni, Ray" Subject: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature Thread-Topic: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature Thread-Index: AQHWSVAuZdBkXd9Y9UWZINYJzo2326jzlZ8w Date: Thu, 2 Jul 2020 02:13:45 +0000 Message-ID: References: <20200623064104.1908-1-brbarkel@microsoft.com> In-Reply-To: <20200623064104.1908-1-brbarkel@microsoft.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.102.204.38] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ded32d5f-85a4-4350-a72b-08d81e2d8cf8 x-ms-traffictypediagnostic: BN8PR11MB3812: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0452022BE1 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: z+LgcYJJfB3Ju4R5xBdbJ6r5kNp3zCGhbTMZc+h6isq68q6P0oPb1mz8xsTG5bCgK5VDSBnEhRLwU+iXKXbQ4xX875u5MHZVrhUQMjQ6Pgg/HFLPLXrLjivqsKNI7KnI1nT/I5RmThkaPecoZJjHSWHm0ikiTtn+8uQVPgfcS9yBW/rs5lG30qDpoOouBkVrVzYxFX5DeX4yWpD+o8zkjw6ibnAOO9zJIn7FzFoHh4o4s+4z5hRhVBKtUAHfKCm6X3JxxKn0zkADmTVO6mzctSwDTDJpeoYqwF4PhBOgltmwGHosBKL4Fdznfyu9Q912nfRiG6ryJodwyi90G8mLD2Ewl0BwYp7eAmOCwvXOb5J7JqoI0Z/SmNyxfYLo/DrL0XS6T703ZZ5enZx4qXOVnA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN6PR11MB1393.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(136003)(39860400002)(396003)(346002)(376002)(76116006)(8936002)(316002)(966005)(55016002)(30864003)(110136005)(33656002)(9686003)(4326008)(107886003)(19627235002)(54906003)(8676002)(83380400001)(2906002)(66946007)(66556008)(64756008)(478600001)(66476007)(86362001)(66446008)(71200400001)(53546011)(6506007)(186003)(5660300002)(7696005)(52536014)(26005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 9haz49XGgzaYgACKi9F2kCQY5fnlSpolfOw0XXsL9HtlhMNQzFBWSjTbGjIcgHpO9aNP9AQD2aq0CRNIk7pJxWbbNAvMrCENi4k5V0Zl5coZDiTLYgCroGSGEPKjDLfblGAom3dLRJA/mctlMyVqups7ZxSR6DATe9HGNx94WpDAY2ajvjYrFzfvoLycfSE/gauIhL+qubAaE+yYTqYDIgfo0OBbEfe2L+vRVpfxbgEbCpTca836XMEzfpWMxTaos/taDf/EnhwwFN8Io90AUv1pzNyMZMekaN5YaHWUlxk8i1ITcVJ86+zmXd2uQfQUFdybGEov5fmXqEUHxyDbHm/ofMio+csXNsZhwA3kBua8k3Hm0MGvv+qrh72woxNTF5uz+KxJH7V49UJL/8ENsD6hyVq1qcEWuxRKU5Zb6m6hoPwdG9yBvfwc5YUuqJ4BC48egu1QXth69YG4I5ffWkXxZQ+4GmNowSQ0YOrYIx/cvChRfVyIE09C8aiotKxW MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1393.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ded32d5f-85a4-4350-a72b-08d81e2d8cf8 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2020 02:13:45.9862 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2l1kkVwOA4k5+Zf45vLKWXZv2RC1J1Lr1xtY2l6fGgGd+ZwVQw+3ToMMlEMgy0RvaSNfbD/xXsot3EMb8gJ2bw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3812 Return-Path: dandan.bi@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Bret, Thanks for the contribution. I have taken an overview of this patch series and have some small comments= in the related patches, please check in sub-patch. I will review the patch series more in details and bring more comments bac= k if have. Do you have a branch for these patches in GitHub? Which should b= e easy for review. Thanks, Dandan > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Bret > Barkelew > Sent: Tuesday, June 23, 2020 2:41 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Zhang, Chao B > ; Wang, Jian J ; Wu, Hao > A ; Gao, Liming ; Justen, > Jordan L ; Laszlo Ersek ; > Ard Biesheuvel ; Andrew Fish > ; Ni, Ray > Subject: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 >=20 > The 14 patches in this series add the VariablePolicy feature to the core= , > deprecate Edk2VarLock (while adding a compatibility layer to reduce code > churn), and integrate the VariablePolicy libraries and protocols into Va= riable > Services. >=20 > Since the integration requires multiple changes, including adding librar= ies, a > protocol, an SMI communication handler, and VariableServices integration= , > the patches are broken up by individual library additions and then a fin= al > integration. Security-sensitive changes like bypassing Authenticated Var= iable > enforcement are also broken out into individual patches so that attentio= n can > be called directly to them. >=20 > Platform porting instructions are described in this wiki entry: > https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy- > Protocol---Enhanced-Method-for-Managing-Variables#platform-porting >=20 > Discussion of the feature can be found in multiple places throughout the= last > year on the RFC channel, staging branches, and in devel. >=20 > Most recently, this subject was discussed in this thread: > https://edk2.groups.io/g/devel/message/53712 > (the code branches shared in that discussion are now out of date, but th= e > whitepapers and discussion are relevant). >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Liming Gao > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Andrew Fish > Cc: Ray Ni > Cc: Bret Barkelew > Signed-off-by: Bret Barkelew >=20 > v6 changes: > * Fix an issue with uninitialized Status in InitVariablePolicyLib() and > DeinitVariablePolicyLib() > * Fix GCC building in shell-based functional test > * Rebase on latest origin/master >=20 > v5 changes: > * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c > * Fix EFIAPI mismatches in the functional unittest > * Rebase on latest origin/master >=20 > v4 changes: > * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from > platforms > * Rebase on master > * Migrate to new MmCommunicate2 protocol > * Fix an oversight in the default return value for > InitMmCommonCommBuffer > * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume varia= bles >=20 > V3 changes: > * Address all non-unittest issues with ECC > * Make additional style changes > * Include section name in hunk headers in "ini-style" files > * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable > driver > (now allocates its own buffer) > * Change names from VARIABLE_POLICY_PROTOCOL and > gVariablePolicyProtocolGuid > to EDKII_VARIABLE_POLICY_PROTOCOL and > gEdkiiVariablePolicyProtocolGuid > * Fix GCC warning about initializing externs > * Add UNI strings for new PCD > * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg > * Reorder patches according to Liming's feedback about adding to platfor= ms > before changing variable driver >=20 > V2 changes: > * Fixed implementation for RuntimeDxe > * Add PCD to block DisableVariablePolicy > * Fix the DumpVariablePolicy pagination in SMM >=20 > Bret Barkelew (14): > MdeModulePkg: Define the VariablePolicy protocol interface > MdeModulePkg: Define the VariablePolicyLib > MdeModulePkg: Define the VariablePolicyHelperLib > MdeModulePkg: Define the VarCheckPolicyLib and SMM interface > OvmfPkg: Add VariablePolicy engine to OvmfPkg platform > EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform > ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform > UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform > MdeModulePkg: Connect VariablePolicy business logic to > VariableServices > MdeModulePkg: Allow VariablePolicy state to delete protected variables > SecurityPkg: Allow VariablePolicy state to delete authenticated > variables > MdeModulePkg: Change TCG MOR variables to use VariablePolicy > MdeModulePkg: Drop VarLock from RuntimeDxe variable driver > MdeModulePkg: Add a shell-based functional test for VariablePolicy >=20 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > | 320 +++ > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c > | 396 ++++ > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c > | 46 + >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx > e.c | 85 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > | 816 +++++++ >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.c | 2440 ++++++++++++++++++++ >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.c | 1978 ++++++++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c > | 52 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c > | 60 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c > | 49 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > | 53 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock > .c | 71 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > | 642 +++++ >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe. > c | 14 + > SecurityPkg/Library/AuthVariableLib/AuthService.c = | 22 > +- > ArmVirtPkg/ArmVirt.dsc.inc = | 4 + > EmulatorPkg/EmulatorPkg.dsc = | 3 + > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h = | > 54 + > MdeModulePkg/Include/Library/VariablePolicyHelperLib.h > | 164 ++ > MdeModulePkg/Include/Library/VariablePolicyLib.h = | > 207 ++ > MdeModulePkg/Include/Protocol/VariablePolicy.h = | > 157 ++ > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > | 42 + > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > | 12 + > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in= f > | 35 + > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un= i > | 12 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > | 44 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > | 12 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf > | 51 + >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.inf | 40 + > MdeModulePkg/MdeModulePkg.ci.yaml = | 4 +- > MdeModulePkg/MdeModulePkg.dec = | 26 +- > MdeModulePkg/MdeModulePkg.dsc = | 15 + > MdeModulePkg/MdeModulePkg.uni = | 7 + > MdeModulePkg/Test/MdeModulePkgHostTest.dsc = | > 11 + > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md > | 55 + >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.inf | 42 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > | 5 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > | 4 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.i > nf | 10 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > | 4 + > OvmfPkg/OvmfPkgIa32.dsc = | 5 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 5 + > OvmfPkg/OvmfPkgX64.dsc = | 5 + > OvmfPkg/OvmfXen.dsc = | 4 + > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf = | > 2 + > UefiPayloadPkg/UefiPayloadPkgIa32.dsc = | 4 + > UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc = | 4 + > 47 files changed, 8015 insertions(+), 78 deletions(-) create mode 1006= 44 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx > e.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.c > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock > .c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > create mode 100644 > MdeModulePkg/Include/Library/VariablePolicyHelperLib.h > create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h > create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.inf > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.inf >=20 > -- > 2.26.2.windows.1.8.g01c50adf56.20200515075929 >=20 >=20 >=20