From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.1.1600184651465743105 for ; Tue, 15 Sep 2020 08:44:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=tOOL1EV6; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: dandan.bi@intel.com) IronPort-SDR: /zhVW7T9iUR/QLrK/Ww+ecScRofvbGET6GBM65mva4QNmLQ7URM2/bGUTIhhxdM/O0f7eDyurC d5uoFXe2+pyg== X-IronPort-AV: E=McAfee;i="6000,8403,9745"; a="223471298" X-IronPort-AV: E=Sophos;i="5.76,430,1592895600"; d="scan'208";a="223471298" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Sep 2020 08:44:08 -0700 IronPort-SDR: 3LClG+zHEg3lma7/YGRzcIoMCXBKOUi+yo2HQ4bx5NSj87cZc1RpzibHZ5J0OEbYYGAUJVGT30 EKVMvd8iJ9jg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,430,1592895600"; d="scan'208";a="331254127" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga004.fm.intel.com with ESMTP; 15 Sep 2020 08:44:07 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 15 Sep 2020 08:44:07 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 15 Sep 2020 08:44:07 -0700 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (104.47.37.54) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 15 Sep 2020 08:44:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fsIXTLnEv8F/3MbEPT0IO4k7piq968YIuv0T1VLJrrv4YDap/odNJWMYmDyyauPRLN6kBo66uaxGydlgSnYH1xk0BatYKNMjAh3DYJcxD3A+22/I7K661qYEzrzHCymZMLW3ltW/Qsn0eCtIcch+dxGyfc6TDgMaEPeAUVdQCk7icpaDs0NlHn6zNR1cq+XovjgU3XT8Aec1fRxOEcdsCX8sU2P7O5bGu3HoqSrK9TPPzFuap/n8tUMo+anxkMaGOlZnfkRdwPly2lCzo14/TjM+peYQVGSlGDwYi+Pb8HQrVOOuHQXDA8nxsvPmQKw4uWDUkhN/UEiE0kDRsgwF1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x88hxS6BHD2qh5Nmdsiv0wxUryjTbgS+vHO1okuAmfw=; b=EOiaQTGBLzf2TJNM+8+bed+1aNbcPfjnoXAU0PuZyP6UclugJxtJrZHVNmn8GcvteRyGAvmMNUsEt2NQcpLRDxvZQeXHu1cFad4MvNW7+Wsq6PlcO093Kwb0pYeeXYnsQvBh/c9KIHIKGqsvfuvEgkUEozI/NR85Nqz9k9a4BiaiOpMhdthkHIahrLbYWt7shKnjlB8nEzt4UyBfDKDeuZn9w1l5JnyNjahUjNwJji1gXisS0g3LdRvx+eH2JQBDXgxYeGyKEm8VTU3RNM7vsuuvA5NbIo2t/GF0ywNlMSkftip/HDikqZ3Qh+XkZjMlbnAjhERbRXsvjeTZ/PT7Cw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x88hxS6BHD2qh5Nmdsiv0wxUryjTbgS+vHO1okuAmfw=; b=tOOL1EV6/Z5siI1iAvQKTWMmfyQ3ibpQPc5RkG4Z4g2Hk1589ED9lmD8a/b1x7vL9ZZUzPeO+5li5P/OpB/DiRzKGr+NJ5uYpdg+R9Nvr9gXPXZW8q+qoM+x17eNbo40wVn0vdUAuFGGvRbq5hr9rAlVJ/lidON8tb6x5tcjpkU= Received: from BN6PR11MB1393.namprd11.prod.outlook.com (2603:10b6:404:3c::12) by BN6PR11MB0018.namprd11.prod.outlook.com (2603:10b6:405:68::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.18; Tue, 15 Sep 2020 15:44:02 +0000 Received: from BN6PR11MB1393.namprd11.prod.outlook.com ([fe80::253e:c7af:e716:9ecf]) by BN6PR11MB1393.namprd11.prod.outlook.com ([fe80::253e:c7af:e716:9ecf%3]) with mapi id 15.20.3370.017; Tue, 15 Sep 2020 15:44:02 +0000 From: "Dandan Bi" To: "devel@edk2.groups.io" , "bret@corthon.com" CC: "Yao, Jiewen" , Chao Zhang , "Wang, Jian J" , "Wu, Hao A" , "Gao, Liming" , "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , Andrew Fish , "Ni, Ray" Subject: Re: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature Thread-Topic: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature Thread-Index: AQHWfP9Sn4tFGgFHRkWMt9z4GYngqqlp7/Sw Date: Tue, 15 Sep 2020 15:44:01 +0000 Message-ID: References: <20200828055127.1610-1-brbarkel@microsoft.com> In-Reply-To: <20200828055127.1610-1-brbarkel@microsoft.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.102.204.38] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 100164f8-ee69-4e73-7ac9-08d8598e2b76 x-ms-traffictypediagnostic: BN6PR11MB0018: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: WFCnUmmDFQBtDOgXvQ+sOXRKex5hOYXfNIiPmgivjJgfXkcSeofSdMxADQ4e2jVjJCHM9o28v3XEq/S+YucSExkH0ltYmusSDRAY+RPt8yspuk0YdoqTshVb+zwYfA640JhIIfyDmOFmxAUDR/Ax0e/iGO/JWroI4DLqjc03Lei6SMqBeXk/cDdnAqfR0ntoPh23a+6rrEGNel8wAhWy4DDs37HGVaU12u0E/QQzYAMhkxTu1p3tu4RliuIwcXGcGBEgeoFC13epcrXh8ilfu8XBYFj8TLUg1fUKB50AN2UmLbNwM0b1XsHO3jOJ+X42gFYIBklp2ZqjmHbDyIfPWnRV7o+V1rLfRfu3KD3mRI+qZnoxtJUGCO3mVdXA5S7vmRcKuq8Xg1CSZG/UEJs6cZRKMp6zS8Dr7prtEcZ1jUDG4M/YHQU0dcB8PkryeG8i x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN6PR11MB1393.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(39860400002)(366004)(346002)(376002)(8676002)(76116006)(83380400001)(7696005)(478600001)(966005)(86362001)(55016002)(30864003)(4326008)(107886003)(110136005)(54906003)(9686003)(19627235002)(8936002)(5660300002)(52536014)(2906002)(66556008)(33656002)(66476007)(64756008)(186003)(66946007)(316002)(71200400001)(66446008)(26005)(6506007)(53546011);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: n4oZ2njv6Z5fKr9c4NRFQgJwkNmvcApessF/xDYjJsXXUfbJYOxyXrAQ0QWtSJAO1DvHTGMjXT6Xacy3QC3ygQV6NBKkt1lgIgz0nP+4uscUzX+CHbpANmWF+GkR1WqpT90jYSMJMlSNee5H4VMONyqp+YBQGmcA6lDhn+noB38E//23p6jZA7G09Yzpyy44o4I3k8iDWR4cywyaLfANlvNeSa9LFDafFQWFSYg7A1Sf1UL59cQDxBWNmBs5zhNLlZx3UIa2LhSVmYp4rLZGmdLvaSKbx78MPIl3U0CE4Vt85+ORh+zcPdqPHIiw7R3X6YSLGRig38fzGIiqB9u89QeosyvFlss4kDJJuB1s5mO8ElTKWKlgf8G8uX+Xj+iFStFw5D+vOoIFVV2baxUBz+ZdOBkxYqXngmcUpjCb48qkjSJ0Rcsk0EI8kSAZXdJIKLPMWU2OTDxRWL5xfhv8kFgw1JWIlzOCCtqsSg6i+lXLu3DcoTabEcMnUwnnIr8Gj9kVoEoxWgULLqWPgqV1zPveXMy6+bGqyPBNGum0J3evhZ3bM6uAs5EyNSBApQt3dbRh1BJUzTV+NHO7MyWWUIdnKENX2A2GbuCZbBjI9jDK1sxQYAXgaxhYvUy3Sa+5qw+gud3G9bg/Zo3ebuftMw== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1393.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 100164f8-ee69-4e73-7ac9-08d8598e2b76 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2020 15:44:02.0399 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vkVI8+eFUfdeppGKFJJJEaBYET4ZQE4rRqHNjBle3DZ5iahnK4y+l2zjd8fxKk41RnV6ZmWqvjMMV/OGohElPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB0018 Return-Path: dandan.bi@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Bret, The V7 version is OK from my side. Reviewed-by:=A0Dandan Bi Please hold to see if any comments from other reviewers. Hi Jiewen and Jian, Do you have any comments? =20 Thanks, Dandan > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Bret > Barkelew > Sent: Friday, August 28, 2020 1:51 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Chao Zhang > ; Wang, Jian J ; Wu, Hao > A ; Gao, Liming ; Justen, > Jordan L ; Laszlo Ersek ; > Ard Biesheuvel ; Andrew Fish > ; Ni, Ray > Subject: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature >=20 > The 14 patches in this series add the VariablePolicy feature to the core= , > deprecate Edk2VarLock (while adding a compatibility layer to reduce code > churn), and integrate the VariablePolicy libraries and protocols into Va= riable > Services. >=20 > Since the integration requires multiple changes, including adding librar= ies, a > protocol, an SMI communication handler, and VariableServices integration= , > the patches are broken up by individual library additions and then a fin= al > integration. Security-sensitive changes like bypassing Authenticated Var= iable > enforcement are also broken out into individual patches so that attentio= n can > be called directly to them. >=20 > Platform porting instructions are described in this wiki entry: > https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy- > Protocol---Enhanced-Method-for-Managing-Variables#platform-porting >=20 > Discussion of the feature can be found in multiple places throughout the= last > year on the RFC channel, staging branches, and in devel. >=20 > Most recently, this subject was discussed in this thread: > https://edk2.groups.io/g/devel/message/53712 > (the code branches shared in that discussion are now out of date, but th= e > whitepapers and discussion are relevant). >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Liming Gao > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Andrew Fish > Cc: Ray Ni > Cc: Bret Barkelew > Signed-off-by: Bret Barkelew >=20 > v7 changes: > * Address comments from Dandan about security of the MM handler > * Add readme > * Fix bug around hex characters in BOOT####, etc > * Add additional testing for hex characters > * Add additional testing for authenticated variables >=20 > v6 changes: > * Fix an issue with uninitialized Status in InitVariablePolicyLib() and > DeinitVariablePolicyLib() > * Fix GCC building in shell-based functional test > * Rebase on latest origin/master >=20 > v5 changes: > * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c > * Fix EFIAPI mismatches in the functional unittest > * Rebase on latest origin/master >=20 > v4 changes: > * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from > platforms > * Rebase on master > * Migrate to new MmCommunicate2 protocol > * Fix an oversight in the default return value for > InitMmCommonCommBuffer > * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume varia= bles >=20 > V3 changes: > * Address all non-unittest issues with ECC > * Make additional style changes > * Include section name in hunk headers in "ini-style" files > * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable > driver > (now allocates its own buffer) > * Change names from VARIABLE_POLICY_PROTOCOL and > gVariablePolicyProtocolGuid > to EDKII_VARIABLE_POLICY_PROTOCOL and > gEdkiiVariablePolicyProtocolGuid > * Fix GCC warning about initializing externs > * Add UNI strings for new PCD > * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg > * Reorder patches according to Liming's feedback about adding to platfor= ms > before changing variable driver >=20 > V2 changes: > * Fixed implementation for RuntimeDxe > * Add PCD to block DisableVariablePolicy > * Fix the DumpVariablePolicy pagination in SMM >=20 >=20 > Bret Barkelew (14): > MdeModulePkg: Define the VariablePolicy protocol interface > MdeModulePkg: Define the VariablePolicyLib > MdeModulePkg: Define the VariablePolicyHelperLib > MdeModulePkg: Define the VarCheckPolicyLib and SMM interface > OvmfPkg: Add VariablePolicy engine to OvmfPkg platform > EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform > ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform > UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform > MdeModulePkg: Connect VariablePolicy business logic to > VariableServices > MdeModulePkg: Allow VariablePolicy state to delete protected variables > SecurityPkg: Allow VariablePolicy state to delete authenticated > variables > MdeModulePkg: Change TCG MOR variables to use VariablePolicy > MdeModulePkg: Drop VarLock from RuntimeDxe variable driver > MdeModulePkg: Add a shell-based functional test for VariablePolicy >=20 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > | 345 +++ > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c > | 396 ++++ > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c > | 46 + >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx > e.c | 85 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > | 830 +++++++ >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.c | 2452 ++++++++++++++++++++ >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.c | 2226 ++++++++++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c > | 52 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c > | 60 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c > | 49 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > | 53 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock > .c | 71 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > | 642 +++++ >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe. > c | 14 + > SecurityPkg/Library/AuthVariableLib/AuthService.c = | 22 > +- > ArmVirtPkg/ArmVirt.dsc.inc = | 4 + > EmulatorPkg/EmulatorPkg.dsc = | 3 + > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h = | > 54 + > MdeModulePkg/Include/Library/VariablePolicyHelperLib.h > | 164 ++ > MdeModulePkg/Include/Library/VariablePolicyLib.h = | > 207 ++ > MdeModulePkg/Include/Protocol/VariablePolicy.h = | > 157 ++ > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > | 42 + > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > | 12 + > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in= f > | 35 + > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un= i > | 12 + > MdeModulePkg/Library/VariablePolicyLib/ReadMe.md = | > 410 ++++ > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > | 49 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > | 12 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf > | 51 + >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.inf | 45 + > MdeModulePkg/MdeModulePkg.ci.yaml = | 8 +- > MdeModulePkg/MdeModulePkg.dec = | 26 +- > MdeModulePkg/MdeModulePkg.dsc = | 9 + > MdeModulePkg/MdeModulePkg.uni = | 7 + > MdeModulePkg/Test/MdeModulePkgHostTest.dsc = | > 11 + > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md > | 55 + >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.inf | 47 + >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTe > stAuthVar.h | 128 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > | 5 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > | 4 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.i > nf | 11 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > | 4 + > OvmfPkg/OvmfPkgIa32.dsc = | 5 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 5 + > OvmfPkg/OvmfPkgX64.dsc = | 5 + > OvmfPkg/OvmfXen.dsc = | 4 + > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf = | > 2 + > UefiPayloadPkg/UefiPayloadPkgIa32.dsc = | 4 + > UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc = | 4 + > 49 files changed, 8865 insertions(+), 79 deletions(-) create mode 1006= 44 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx > e.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.c > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock > .c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > create mode 100644 > MdeModulePkg/Include/Library/VariablePolicyHelperLib.h > create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h > create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni > create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo > licyUnitTest.inf > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu > ncTestApp.inf > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTe > stAuthVar.h >=20 > -- > 2.28.0.windows.1 >=20 >=20 >=20