From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.4239.1609912018113970499 for ; Tue, 05 Jan 2021 21:46:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=jghDZTua; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: hao.a.wu@intel.com) IronPort-SDR: GarrMr7sBzJ+J2ZvF1W83QWdeVmy1zJhEn5La1sDCZICegQnNCv5eXc6ITOoQXO+fbjGQqRWs6 OKWWzWZEMovg== X-IronPort-AV: E=McAfee;i="6000,8403,9855"; a="177385887" X-IronPort-AV: E=Sophos;i="5.78,479,1599548400"; d="scan'208";a="177385887" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Jan 2021 21:46:57 -0800 IronPort-SDR: BpyB2x0XeOPdGyf5A1sjplJ1aAArJX6UNiAmZZJ4wwHZB4wH2eUWeLK86iEta0mbI/vaNj2aF9 9p6Eb1vebkUA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.78,479,1599548400"; d="scan'208";a="497042692" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by orsmga004.jf.intel.com with ESMTP; 05 Jan 2021 21:46:57 -0800 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 5 Jan 2021 21:46:57 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 5 Jan 2021 21:46:57 -0800 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 5 Jan 2021 21:46:56 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WUN9duTrT7DxOrGt1emOVKTSp8CWqlbkQszzc1Djwryl6bzu1LP/1BvjBGsFtlix26nabJXf//Sx+6POE3c8im69LVF7iNZuR81jaeNMgwyQK/86Du6fU6R8D6+OH+VgUxUFfYmoAiKZcbPtwzZF0ZNW7YmLwHgKoF02S0X9CRpuTNdk72aNaFBWk0l0Dx/dTeKc80TRevsvUaduYeHveTZz5d3J3LH67fK5fcL5jl7DcZUvZD1MVQMUOYf/KnqqPwnWGxksNo/MteOjAbRIn29xvJ2dLOWwxwwe/PI/uixeMnWtjQPFHQywI5muVie7GxlVeu3wK7BToCVSl+7DBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mxZpwcmxppA+BssuqCp1/xRcZWguDk8Tq4U6P9Y9Z1k=; b=gXeUCGNQpxcMjWoCdvkuK9tyr1Cilho4KiDbqyLgCohqpM0/nNaj99aMMnq1T2UP6toja4OTq2uQQVEdtTbQ2Sm0KhQtWrGnFogfgdmyuakZw/OyZqsrlp5eSH9t8BOJMXWVPKZTXvyz9pXYgTwO6fmumCUQFacDWvqLC/OjpNRgaTsa7vWuNJ4zE3lfGmPdDb9ewoIX3/gVVdI/JUmxADbEh4K+SFq8+/VR8bq0dccKiK9niCGwfcBIdSV2ZpYolPeWLCz9S3yaXo+MipYXW8HExPptV9kgsNPQrY1woq0kIxeXsB98+EqrfKhYDze+9GarV5PQVLgSlyaOHCLUUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mxZpwcmxppA+BssuqCp1/xRcZWguDk8Tq4U6P9Y9Z1k=; b=jghDZTua9riGnbGfOhDcetEUADDmD5F6DAZ0dL4HfoSq9yPN9oTrEqsji4Ca89aEcMO09AfU+kWFTC5xE5ML7/ogh8Rq0ZjyOIuhqih82bnklPTN9Ke/XqOBNQPBjVyudJWRl38DjNzjzVIlibr1AmmZ9gmb/dMYWRpsTkqcNhM= Received: from BN8PR11MB3666.namprd11.prod.outlook.com (2603:10b6:408:8c::19) by BN6PR11MB1954.namprd11.prod.outlook.com (2603:10b6:404:106::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.23; Wed, 6 Jan 2021 05:46:56 +0000 Received: from BN8PR11MB3666.namprd11.prod.outlook.com ([fe80::d11e:3b2:e34f:7f0f]) by BN8PR11MB3666.namprd11.prod.outlook.com ([fe80::d11e:3b2:e34f:7f0f%5]) with mapi id 15.20.3742.006; Wed, 6 Jan 2021 05:46:56 +0000 From: "Wu, Hao A" To: "Kinney, Michael D" , "devel@edk2.groups.io" CC: Bret Barkelew , Liming Gao Subject: Re: [Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM Thread-Topic: [Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM Thread-Index: AQHW498iT5kZfUheOUO85J0tye4/YqoaFItw Date: Wed, 6 Jan 2021 05:46:55 +0000 Message-ID: References: <20210106035043.1412-1-michael.d.kinney@intel.com> In-Reply-To: <20210106035043.1412-1-michael.d.kinney@intel.com> Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.218] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1daf6cea-a7eb-4235-1fbe-08d8b2067a0e x-ms-traffictypediagnostic: BN6PR11MB1954: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7s9TYSfJuKcSHph0++ha6NpkenJeyNRUqgv+wr08C14L5/tD81R0HXjOKI7S0HWv+NgJMh6gGLihHeyM+tE15QrWn64bqJ6ku/MD93YsBQA6YV7SZwfZsU7wNQpODmX0EZNBts5naNQ5zBcistO3GaoeC1bSnbOzBfZj3iMtb7JgMQXS31UzGfPVEHZ4Psj4BWJ1F+0LjNwQl6Uxakw9vWBYK9yb4N6GQQ904j0CQAJQWojjsJ9bbBfWO9dRCmHC1jP0nrjq4pBRM1u+GydtaoN56wFWmXFJx5aT0s4X9XIt+DF+DAeG91h2MhalzAdBWWUkXPwoxVgImuE7NeOpFliSzqY4WgUYYKIGyOG7MoYs+Ht7Xqbay6cFXSP4pLuSISyL3KubJPyVJFsmwWpCQZHbd+JQSjX370qewnPU9i74G6Uja4JzWamsLYWjiL9ORfL7Hc8LHYpP5A8oEOjrkQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN8PR11MB3666.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(136003)(366004)(346002)(39860400002)(376002)(110136005)(6506007)(66446008)(53546011)(55016002)(86362001)(66946007)(4326008)(26005)(64756008)(66476007)(316002)(71200400001)(5660300002)(54906003)(9686003)(66556008)(7696005)(33656002)(2906002)(83380400001)(52536014)(186003)(478600001)(8936002)(966005)(8676002)(76116006);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?YetXmpiV4ecZJUHR15OHX95TX/RYzh0uMQyuYEeAZbi9oDu+MlPS2rwsBqXb?= =?us-ascii?Q?kIE8b512NRNhy98Tng72zH95RWwwoftYihf1846T1lnA/JhN5A7G0Zd81s5m?= =?us-ascii?Q?9GsPZbk6MdLN3MRIt6Jkc9lVyPLo8f+WGFIyqI2eVWnX15rOxMguJ45NqOmc?= =?us-ascii?Q?giQ3M/MkBhAUBiPH/5FFWcIKa1mKJKUH7V++HnTro95PW3fkIquuvYHQcgbQ?= =?us-ascii?Q?uFrGj7bhZSOfcrd/xTisk1sOKnmnCRHfnavevMggDdZp2EZZv5yElGpTUHhv?= =?us-ascii?Q?LBS8M5Uxava5X+B0cQP/bVxDw43l2Gw3wa/YIIaiuiMyjfd8WBb1/CgeM1sg?= =?us-ascii?Q?kOx421LXCwrMn/D2qbuIwmT4K70KWJ2Tjs8djwHLh8SAoM+fda+9uULqIv83?= =?us-ascii?Q?nq4oJ9an6Oh30FfyLUE8i9nfAqEKrquOMD2uK2hVNYFAdWWJ0Be8hmxLz/lX?= =?us-ascii?Q?nCxWkBll6wzvRMzof8F1FyFTKshvnV63SpTovTrUz2Ci6hh6OILZk+x4vxig?= =?us-ascii?Q?poPsyaYS6uz/cP1P7oikp8LJ2OWaqt1xtiU6ak4ra3olho3phlWpKmS2400s?= =?us-ascii?Q?0gMwUuBH3/I4EDEnRS8D3GF+2D6I2L7gClTjUutzCu/Zm8M4tWLpFGVGCLhg?= =?us-ascii?Q?HOFEAYjDdtC1e8Fxx2IfViMVDCNlnrOt+YFNCP+SsGIKuDJtFks6BfnAvW0n?= =?us-ascii?Q?u6TEfzcSYB3u29fSwI+pJpkZl3yDuAGOhugqOSJus2/90c155od08jVrgFIF?= =?us-ascii?Q?xV1QZfUIpcldET4uE/jWlZqesqUSJp/kPTtpD6a9/Fa+XJ5X2+dNgzNb5Nnr?= =?us-ascii?Q?ojxMf00/jgDKI/IGtX5I+NxJOxxOaMdncuc97nGMf6E1/gYKkK/9+ynRDEp+?= =?us-ascii?Q?mZOSgL4wMssYaHA7xBplDAw1DeA0AF5JOvsRDx09nyDnU0rj9UfBYRK32cfF?= =?us-ascii?Q?03aMSfgYjYLI1aEJIifUn5x/w6Pgo4/2FIf9oe8g7wQ=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN8PR11MB3666.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1daf6cea-a7eb-4235-1fbe-08d8b2067a0e X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2021 05:46:55.8889 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bfjSvNcK3869Azg0N48reTkLLZRMn9Oa7v6UTvC720dmUvveM2RIc1s1MQ9JRE7/RCJZ2OdyGx0/KIzMg043Gg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1954 Return-Path: hao.a.wu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Michael D Kinney > Sent: Wednesday, January 6, 2021 11:51 AM > To: devel@edk2.groups.io > Cc: Bret Barkelew ; Wu, Hao A > ; Liming Gao > Subject: [Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable > from SMM >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3154 >=20 > Update VarCheckLibSetVariableCheck() to allow locked variables to be > updated if the RequestSource is VarCheckFromTrusted even if one or more > variable check handlers return EFI_WRITE_PROTECTED. > RequestSource is only set to VarCheckFromTrusted if the request is throug= h > the EFI_SMM_VARAIBLE_PROTOCOL. Hello Mike, Sorry for a question. If a SetVar request is blocked by a registered VarCheck handler, I think it= would better to change that handler to allow requests from SMM. I am not sure if there is a VarCheck handler that has its own specific rule= to return 'EFI_WRITE_PROTECTED' to block some SetVar requests. Is there any special consideration (e.g. VarCheck handler not being able to= get the source of the SetVar request) for not doing this way? Thanks in advance. Best Regards, Hao Wu >=20 > Cc: Bret Barkelew > Cc: Hao A Wu > Cc: Liming Gao > Signed-off-by: Michael D Kinney > --- > MdeModulePkg/Library/VarCheckLib/VarCheckLib.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c > b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c > index 470d782444bf..9596d760e945 100644 > --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c > +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c > @@ -1,7 +1,7 @@ > /** @file > Implementation functions and structures for var check services. >=20 > -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ > @@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck ( > DataSize, > Data > ); > + if (Status =3D=3D EFI_WRITE_PROTECTED && RequestSource =3D=3D > VarCheckFromTrusted) { > + // > + // If RequestSource is trusted, then allow variable to be set even= if it > + // is write protected. > + // > + continue; > + } > if (EFI_ERROR (Status)) { > DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", St= atus, > VendorGuid, VariableName)); > return Status; > -- > 2.29.2.windows.2