From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.7340.1607567083064919799 for ; Wed, 09 Dec 2020 18:24:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=GCABFxAs; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: hao.a.wu@intel.com) IronPort-SDR: A8q0lYS5hG95itGzTCsTUB2IvQsNBvosiHnldcOq1QMWFL26rYIS/dgh1Aj2bkae22Rjb8T6A0 mAa4NNU4zsIQ== X-IronPort-AV: E=McAfee;i="6000,8403,9830"; a="192495716" X-IronPort-AV: E=Sophos;i="5.78,407,1599548400"; d="scan'208";a="192495716" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Dec 2020 18:24:41 -0800 IronPort-SDR: UlQoWznDgPfnuSVYRwsIIiwK1V7UfYs2h/BgDOdqZj4k2WbCoDb1V9UVBEe+fL5Pdp+k217Gy9 VVfZSK7I5SMg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.78,407,1599548400"; d="scan'208";a="348595182" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by orsmga002.jf.intel.com with ESMTP; 09 Dec 2020 18:24:40 -0800 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 9 Dec 2020 18:24:40 -0800 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 9 Dec 2020 18:24:40 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 9 Dec 2020 18:24:39 -0800 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (104.47.37.58) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Wed, 9 Dec 2020 18:24:39 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A9FbXp5rLyfzj30SB3v/oEcnCRCwvjzlfOIcB2y9s6cGLFiXYMKI62XbsF3/cOadEjFLDiZXkoqGWGm3gXQM8QlMbS59+tm119rZjQx3B9pRQCTkJQMCx1AgCGt2ahygRbawoxQjMpOA0YsiPy0g8FFTLzhK7qgOtzbWbpWV5O4QyLwwNb9097HTdgqeLM972rxPJroSyXM2NjeVxj+FcGGYfODfhcF9x3m+KPt1qu/9o2CkfMVeXplqg1Psx/t3iB1cQULFOqI1TtJ0KvaVbZKOxX7nDF0/FWqy+SHH7/tsVshAbn22V4Tily/dfkVPPRy8iwmfpFIo8nElM6dp2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tj7nIfB66cvptBU+w94Q5KeNs0GDXJN25XU0afEULrw=; b=alLxLiiCUAiWXSDbUTkQORtvV8HatqVClAZz/rHq0Pipe2IGtHbi/idUjz7wzYglHVuTfgSx9/teN9DpQaX3uXGwSDS70frbKDU+dq0bJ16Dn9KExQtPXgZBVjqTi0AN5f7wp3BbmhsfO+1F7EE7oRrKMTXr2W27xqA1vSJpos22DrmHA0CI+rWYcxxoZc67yMW2aIsiJXeRcro+z0Z+ue5bBHVVlL3kNVKiV9vS6krZIyF8/pTxQBEtGqcOEKLfYawqXJSRMR9Ie8/iAUurwWP6fSyA9kFNxFF0rTC0RM2ghteVa+gydGlFd5oxoyowQpRfx4uheA7ZvQMq2uakUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tj7nIfB66cvptBU+w94Q5KeNs0GDXJN25XU0afEULrw=; b=GCABFxAsXrlpy4Upvn0bLOOFuuitq3GVAd+/gHmYspVV9OVKOwdxnxV77gVl/47l56sF5AzQAL4avBxgOt28tTAywcOQlNG6RmEk7xGprTPz8UbnaDJ1YR81QMeYy3VJKxNjnRTLmTcACLz7pajTbPnlzPhrLJbz1tF5kvtSsgE= Received: from BN8PR11MB3666.namprd11.prod.outlook.com (2603:10b6:408:8c::19) by BN6PR11MB1634.namprd11.prod.outlook.com (2603:10b6:405:c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Thu, 10 Dec 2020 02:24:37 +0000 Received: from BN8PR11MB3666.namprd11.prod.outlook.com ([fe80::4cda:993f:ffc1:f169]) by BN8PR11MB3666.namprd11.prod.outlook.com ([fe80::4cda:993f:ffc1:f169%6]) with mapi id 15.20.3654.014; Thu, 10 Dec 2020 02:24:37 +0000 From: "Wu, Hao A" To: "devel@edk2.groups.io" , "Kinney, Michael D" CC: Bret Barkelew , Liming Gao Subject: Re: [edk2-devel] [Patch v2 1/1] MdeModulePkg/Variable/RuntimeDxe: Restore Variable Lock Protocol behavior Thread-Topic: [edk2-devel] [Patch v2 1/1] MdeModulePkg/Variable/RuntimeDxe: Restore Variable Lock Protocol behavior Thread-Index: AQHWzlYHpbk0zif76kyxrBBi9qYzTanvjMvw Date: Thu, 10 Dec 2020 02:24:36 +0000 Message-ID: References: <20201209180605.1409-1-michael.d.kinney@intel.com> In-Reply-To: <20201209180605.1409-1-michael.d.kinney@intel.com> Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.218] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0eb2d26d-7274-46d1-52a3-08d89cb2bd7d x-ms-traffictypediagnostic: BN6PR11MB1634: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: yGa+HzzStLP81tQQ9i9yYAz3zyXBpx5Uxkttip4dNMEr+TxOa8AUYOhh15Xz8Z7HWydMzcQWkji50lPtC+Q0g8gSwrkWKG972YMT1Uv2yrweeieDQ12OgAUY+/i4s1u7Ltfv9ivv1MNYWydiSoQXAKNRiS939n7PuK1YwzS4LqsIVs9DRMPKXNd3a39//yOesiPhr8+GvEjxMMo68g85GdnLiDsqt1HtqahC/qDUiYZBmz1FYtFEbnvsKZ8V/TMS9LZHqDbErL45aS665AXV8pJY6HfsJSm03imxe8U9WWsHtUTsvkUwPPySadnVKeh+tjTaHmjW2qvq7EtEuxuW3WjPwHnsZRYF/JvbSOu/xHM8VM55agtf6PcB9ApWLG/lEN2Jq+NEEhYwJHrj36BrDw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN8PR11MB3666.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(376002)(136003)(26005)(66946007)(83380400001)(53546011)(5660300002)(186003)(52536014)(66556008)(71200400001)(76116006)(30864003)(8676002)(6506007)(110136005)(9686003)(66476007)(54906003)(966005)(64756008)(45080400002)(55016002)(66446008)(4326008)(8936002)(7696005)(33656002)(6636002)(86362001)(508600001)(2906002)(579004)(559001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?A1HyPW4XoJffNmlnHgOiaP2LOcqEcWXONPm13/KsFWkE9PZOeCsRkKklIpCR?= =?us-ascii?Q?ejQ6Z1J/eJxn+yXHbdnnxSZW/jdxlVMob9QECplrfRBdgW0aXP2p5Gh7WDb7?= =?us-ascii?Q?4ru7mcXbR9kAEfx3MuwAjnvfnSMCk1FKS9AeQp7YDIoHuHvN51OxsgdK4jPV?= =?us-ascii?Q?Jf06MsWHHd1RAafOjVcHmM5w2X38Cr473+lA45VXLh+XzEL2T44Jg0EoDpYb?= =?us-ascii?Q?d5orCZ2mcCa5u96OKXzoyCPxkLcB31dSI6lRIfxR2uMF9rns+uFKzmAzX83L?= =?us-ascii?Q?+hYjkYVB5EbG66DKneKg+qmei+aIx6rEsuBgQ3a2UUB4GZs1kZZzCQ2IwF9m?= =?us-ascii?Q?e01VmVgRMMrlEk65zAxuIzFqJyUIDaBG8a+3jpFUp9ZPP+lkU+WzAttPfBPv?= =?us-ascii?Q?1jZfRL7FXRCa1gPtoMfhP8KXp6Uw+5SIV1elqg3eUZTvcRQYVcwmy3ibTu31?= =?us-ascii?Q?hQshpj5F0ww6Ai/p8aQ6cv4PtF+QiQoBpJhGgawHczmoVOanJesUNX7fO0xx?= =?us-ascii?Q?WfDWRlrZbMMtKgpCAnKxMHTOeOtoipFIAFjumPj3NkBG1OSTABl0M7KCtw2p?= =?us-ascii?Q?X1E0LF38VvqsB3p3LY9mQBzr4wmYanhNCDabKRvqER3CwsONg+Ny5Ltz+/dK?= =?us-ascii?Q?5EkqfaMwWoHG2vIIEmlFnkAHqrAEtDYKdVBxerLhsupilShUEbY1LpefdUhE?= =?us-ascii?Q?zhdUF2jj2kEOhlHbBXA5WLqrBx0tCU1Pqc19+uWjZj0W68Xz0tY8nKDrHp1s?= =?us-ascii?Q?lHT8CUsBO3h1BgZuHR2gq2g11TP9SYAYEL8hM9oW6CudIWpUnSG4kcGyFTXY?= =?us-ascii?Q?V5WoJi4pqSaMswDboL+7TITtDMln+2AEMV2PNP6kmWSVtGduVWaIbAO/+kyD?= =?us-ascii?Q?qKilTYISeMGbx7pq6OgP5AIZlhf9EdwCw8aidUjRhWx8PHS2BUaGRUHOUbLS?= =?us-ascii?Q?89sKJ5DEr0kxwAz12p/X6SzF+7QVgv63XLko1oZP05bgU29DEPtjnIlmrYUY?= =?us-ascii?Q?j3r0?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN8PR11MB3666.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0eb2d26d-7274-46d1-52a3-08d89cb2bd7d X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Dec 2020 02:24:36.8025 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hg5nFAF7K4DWv2uYxYUbLHsdPFrSSwogRJEceT0upIeusQKVaRXQBfIavxf5YBuUSJwe96D5aalUXlJ+HLF58Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1634 Return-Path: hao.a.wu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Michael > D Kinney > Sent: Thursday, December 10, 2020 2:06 AM > To: devel@edk2.groups.io > Cc: Bret Barkelew ; Wu, Hao A > ; Liming Gao ; Bret > Barkelew > Subject: [edk2-devel] [Patch v2 1/1] MdeModulePkg/Variable/RuntimeDxe: > Restore Variable Lock Protocol behavior >=20 > From: Bret Barkelew >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3111 >=20 > The VariableLock shim currently fails if called twice because the underl= ying > Variable Policy engine returns an error if a policy is set on an existin= g variable. >=20 > This breaks existing code which expect it to silently pass if a variable= is locked > multiple times (because it should "be locked"). >=20 > Refactor the shim to confirm that the variable is indeed locked and then > change the error to EFI_SUCCESS and generate a DEBUG_ERROR message so > the duplicate lock can be reported in a debug log and removed. Hello, Is it possible to reuse: a) EvaluatePolicyMatch() and GetBestPolicyMatch() functions b) Macros like GET_NEXT_POLICY, GET_POLICY_NAME and etc. under MdeModulePkg\Library\VariablePolicyLib to reduce duplicate codes? A couple of minor inline comments below: >=20 > Add host based unit tests for the multiple lock case using Variable Lock > Protocol, Variable Policy Protocol, and mixes of Variable Lock Protocol = and > Variable Policy Protocol. >=20 > Cc: Michael D Kinney > Cc: Hao A Wu > Cc: Liming Gao > Signed-off-by: Bret Barkelew > --- > MdeModulePkg/Test/MdeModulePkgHostTest.dsc | 11 + > .../VariableLockRequestToLockUnitTest.c | 434 ++++++++++++++++++ > .../VariableLockRequestToLockUnitTest.inf | 36 ++ > .../RuntimeDxe/VariableLockRequestToLock.c | 363 +++++++++++++-- > 4 files changed, 809 insertions(+), 35 deletions(-) create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Vari > ableLockRequestToLockUnitTest.c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Vari > ableLockRequestToLockUnitTest.inf >=20 > diff --git a/MdeModulePkg/Test/MdeModulePkgHostTest.dsc > b/MdeModulePkg/Test/MdeModulePkgHostTest.dsc > index 72a119db4568..4da4692c8451 100644 > --- a/MdeModulePkg/Test/MdeModulePkgHostTest.dsc > +++ b/MdeModulePkg/Test/MdeModulePkgHostTest.dsc > @@ -19,6 +19,9 @@ [Defines] >=20 > !include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc >=20 > +[LibraryClasses] > + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf > + > [Components] >=20 > MdeModulePkg/Library/DxeResetSystemLib/UnitTest/MockUefiRuntimeSer > vicesTableLib.inf >=20 > @@ -30,3 +33,11 @@ [Components] >=20 > ResetSystemLib|MdeModulePkg/Library/DxeResetSystemLib/DxeResetSyst > emLib.inf >=20 > UefiRuntimeServicesTableLib|MdeModulePkg/Library/DxeResetSystemLib/ > UnitTest/MockUefiRuntimeServicesTableLib.inf > } > + > + > MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Vari > ableLockRequestToLockUnitTest.inf { > + > + > VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= i > b.inf > + > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Va > riablePolicyHelperLib.inf > + > + > + > gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDis > abl > + e|TRUE > + } > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Va > riableLockRequestToLockUnitTest.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Va > riableLockRequestToLockUnitTest.c > new file mode 100644 > index 000000000000..2f4c4d2f79f4 > --- /dev/null > +++ > b/MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Va > ri > +++ ableLockRequestToLockUnitTest.c > @@ -0,0 +1,434 @@ > +/** @file > + This is a host-based unit test for the VariableLockRequestToLock shim= . > + > + Copyright (c) Microsoft Corporation. > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > +#include #include > + #include #include > + > + > +#include > + > +#define UNIT_TEST_NAME "VarPol/VarLock Shim Unit Test" > +#define UNIT_TEST_VERSION "1.0" > + > +///=3D=3D=3D CODE UNDER TEST > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > +=3D=3D=3D=3D > + > +EFI_STATUS > +EFIAPI > +VariableLockRequestToLock ( > + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, > + IN CHAR16 *VariableName, > + IN EFI_GUID *VendorGuid > + ); > + > +///=3D=3D=3D TEST DATA > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +// > +// Test GUID 1 {F955BA2D-4A2C-480C-BFD1-3CC522610592} > +// > +EFI_GUID mTestGuid1 =3D { > + 0xf955ba2d, 0x4a2c, 0x480c, {0xbf, 0xd1, 0x3c, 0xc5, 0x22, 0x61, 0x5, > +0x92} }; > + > +// > +// Test GUID 2 {2DEA799E-5E73-43B9-870E-C945CE82AF3A} > +// > +EFI_GUID mTestGuid2 =3D { > + 0x2dea799e, 0x5e73, 0x43b9, {0x87, 0xe, 0xc9, 0x45, 0xce, 0x82, 0xaf, > +0x3a} }; > + > +// > +// Test GUID 3 {698A2BFD-A616-482D-B88C-7100BD6682A9} > +// > +EFI_GUID mTestGuid3 =3D { > + 0x698a2bfd, 0xa616, 0x482d, {0xb8, 0x8c, 0x71, 0x0, 0xbd, 0x66, 0x82, > +0xa9} }; > + > +#define TEST_VAR_1_NAME L"TestVar1" > +#define TEST_VAR_2_NAME L"TestVar2" > +#define TEST_VAR_3_NAME L"TestVar3" > + > +#define TEST_POLICY_ATTRIBUTES_NULL 0 > +#define TEST_POLICY_MIN_SIZE_NULL 0 > +#define TEST_POLICY_MAX_SIZE_NULL MAX_UINT32 > + > +#define TEST_POLICY_MIN_SIZE_10 10 > +#define TEST_POLICY_MAX_SIZE_200 200 > + > +///=3D=3D=3D HELPER FUNCTIONS > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > +=3D=3D=3D=3D > + > +/** > + Mocked version of GetVariable, for testing. > + > + @param VariableName > + @param VendorGuid > + @param Attributes > + @param DataSize > + @param Data > +**/ > +EFI_STATUS > +EFIAPI > +StubGetVariableNull ( > + IN CHAR16 *VariableName, > + IN EFI_GUID *VendorGuid, > + OUT UINT32 *Attributes, OPTIONAL > + IN OUT UINTN *DataSize, > + OUT VOID *Data OPTIONAL > + ) > +{ > + UINT32 MockedAttr; > + UINTN MockedDataSize; > + VOID *MockedData; > + EFI_STATUS MockedReturn; > + > + check_expected_ptr (VariableName); > + check_expected_ptr (VendorGuid); > + check_expected_ptr (DataSize); > + > + MockedAttr =3D (UINT32)mock(); > + MockedDataSize =3D (UINTN)mock(); > + MockedData =3D (VOID*)(UINTN)mock(); > + MockedReturn =3D (EFI_STATUS)mock(); > + > + if (Attributes !=3D NULL) { > + *Attributes =3D MockedAttr; > + } > + if (Data !=3D NULL && !EFI_ERROR (MockedReturn)) { > + CopyMem (Data, MockedData, MockedDataSize); } > + > + *DataSize =3D MockedDataSize; > + > + return MockedReturn; > +} > + > +// > +// Anything you think might be helpful that isn't a test itself. > +// > + > +/** > + This is a common setup function that will ensure the library is > +always > + initialized with the stubbed GetVariable. > + > + Not used by all test cases, but by most. > + > + @param[in] Context Unit test case context **/ STATIC > +UNIT_TEST_STATUS EFIAPI LibInitMocked ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + return EFI_ERROR (InitVariablePolicyLib (StubGetVariableNull)) ? > +UNIT_TEST_ERROR_PREREQUISITE_NOT_MET : UNIT_TEST_PASSED; } > + > +/** > + Common cleanup function to make sure that the library is always > +de-initialized > + prior to the next test case. > + > + @param[in] Context Unit test case context **/ STATIC VOID EFIAPI > +LibCleanup ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + DeinitVariablePolicyLib(); > +} > + > +///=3D=3D=3D TEST CASES > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +///=3D=3D=3D=3D=3D SHIM SUITE > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > =3D=3D > + > +/** > + Test Case that locks a single variable using the Variable Lock Protoc= ol. > + The call is expected to succeed. > + > + @param[in] Context Unit test case context **/ UNIT_TEST_STATUS > +EFIAPI LockingWithoutAnyPoliciesShouldSucceed ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + EFI_STATUS Status; > + > + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, > + &mTestGuid1); UT_ASSERT_NOT_EFI_ERROR (Status); > + > + return UNIT_TEST_PASSED; > +} > + > +/** > + Test Case that locks the same variable twice using the Variable Lock = Procol. Minor comment, typo for 'Procol' -> 'Protocol' > + Both calls are expected to succeed. > + > + @param[in] Context Unit test case context > + **/ > +UNIT_TEST_STATUS > +EFIAPI > +LockingTwiceShouldSucceed ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + EFI_STATUS Status; > + > + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, > + &mTestGuid1); UT_ASSERT_NOT_EFI_ERROR (Status); > + > + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, > + &mTestGuid1); UT_ASSERT_NOT_EFI_ERROR (Status); > + > + return UNIT_TEST_PASSED; > +} > + > +/** > + Test Case that locks a variable using the Variable Policy Protocol > +then locks > + the same variable using the Variable Lock Protocol. > + Both calls are expected to succeed. > + > + @param[in] Context Unit test case context > + **/ > +UNIT_TEST_STATUS > +EFIAPI > +LockingALockedVariableShouldSucceed ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + EFI_STATUS Status; > + VARIABLE_POLICY_ENTRY *NewEntry; > + > + // > + // Create a variable policy that locks the variable. > + // > + Status =3D CreateBasicVariablePolicy ( > + &mTestGuid1, > + TEST_VAR_1_NAME, > + TEST_POLICY_MIN_SIZE_NULL, > + TEST_POLICY_MAX_SIZE_200, > + TEST_POLICY_ATTRIBUTES_NULL, > + TEST_POLICY_ATTRIBUTES_NULL, > + VARIABLE_POLICY_TYPE_LOCK_NOW, > + &NewEntry > + ); > + UT_ASSERT_NOT_EFI_ERROR (Status); > + > + // > + // Register the new policy. > + // > + Status =3D RegisterVariablePolicy (NewEntry); > + > + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, > + &mTestGuid1); UT_ASSERT_NOT_EFI_ERROR (Status); > + > + FreePool (NewEntry); > + > + return UNIT_TEST_PASSED; > +} > + > +/** > + Test Case that locks a variable using the Variable Policy Protocol > +with a > + policy other than LOCK_NOW then attempts to lock the same variable > +using the > + Variable Lock Protocol. The call to Variable Policy is expected to > +succced 'succced' -> 'succeed' > + and the call to Variable Lock is expected to fail. > + > + @param[in] Context Unit test case context > + **/ > +UNIT_TEST_STATUS > +EFIAPI > +LockingAnUnlockedVariableShouldFail ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + EFI_STATUS Status; > + VARIABLE_POLICY_ENTRY *NewEntry; > + > + // Create a variable policy that locks the variable. > + Status =3D CreateVarStateVariablePolicy (&mTestGuid1, > + TEST_VAR_1_NAME, > + TEST_POLICY_MIN_SIZE_NULL, > + TEST_POLICY_MAX_SIZE_200, > + TEST_POLICY_ATTRIBUTES_NULL, > + TEST_POLICY_ATTRIBUTES_NULL, > + &mTestGuid2, > + 1, > + TEST_VAR_2_NAME, > + &NewEntry); > + UT_ASSERT_NOT_EFI_ERROR (Status); > + > + // Register the new policy. > + Status =3D RegisterVariablePolicy (NewEntry); > + > + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, > + &mTestGuid1); UT_ASSERT_TRUE (EFI_ERROR (Status)); > + > + FreePool (NewEntry); > + > + return UNIT_TEST_PASSED; > +} > + > +/** > + Test Case that locks a variable using Variable Lock Protocol Policy > +Protocol > + then and then attempts to lock the same variable using the Variable > +Policy > + Protocol. The call to Variable Lock is expected to succced and the 'succced' -> 'succeed' Best Regards, Hao Wu > +call to > + Variable Policy is expected to fail. > + > + @param[in] Context Unit test case context > + **/ > +UNIT_TEST_STATUS > +EFIAPI > +SettingPolicyForALockedVariableShouldFail ( > + IN UNIT_TEST_CONTEXT Context > + ) > +{ > + EFI_STATUS Status; > + VARIABLE_POLICY_ENTRY *NewEntry; > + > + // Lock the variable. > + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, > + &mTestGuid1); UT_ASSERT_NOT_EFI_ERROR (Status); > + > + // Create a variable policy that locks the variable. > + Status =3D CreateVarStateVariablePolicy (&mTestGuid1, > + TEST_VAR_1_NAME, > + TEST_POLICY_MIN_SIZE_NULL, > + TEST_POLICY_MAX_SIZE_200, > + TEST_POLICY_ATTRIBUTES_NULL, > + TEST_POLICY_ATTRIBUTES_NULL, > + &mTestGuid2, > + 1, > + TEST_VAR_2_NAME, > + &NewEntry); > + UT_ASSERT_NOT_EFI_ERROR (Status); > + > + // Register the new policy. > + Status =3D RegisterVariablePolicy (NewEntry); UT_ASSERT_TRUE > + (EFI_ERROR (Status)); > + > + FreePool (NewEntry); > + > + return UNIT_TEST_PASSED; > +} > + > +/** > + Main entry point to this unit test application. > + > + Sets up and runs the test suites. > +**/ > +VOID > +EFIAPI > +UnitTestMain ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + UNIT_TEST_FRAMEWORK_HANDLE Framework; > + UNIT_TEST_SUITE_HANDLE ShimTests; > + > + Framework =3D NULL; > + > + DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_NAME, > UNIT_TEST_VERSION)); > + > + // > + // Start setting up the test framework for running the tests. > + // > + Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_NAME, > + gEfiCallerBaseName, UNIT_TEST_VERSION); if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status > =3D %r\n", Status)); > + goto EXIT; > + } > + > + // > + // Add all test suites and tests. > + // > + Status =3D CreateUnitTestSuite ( > + &ShimTests, Framework, > + "Variable Lock Shim Tests", "VarPolicy.VarLockShim", NULL,= NULL > + ); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for > ShimTests\n")); > + Status =3D EFI_OUT_OF_RESOURCES; > + goto EXIT; > + } > + AddTestCase ( > + ShimTests, > + "Locking a variable with no matching policies should always work", > "EmptyPolicies", > + LockingWithoutAnyPoliciesShouldSucceed, LibInitMocked, LibCleanup, > NULL > + ); > + AddTestCase ( > + ShimTests, > + "Locking a variable twice should always work", "DoubleLock", > + LockingTwiceShouldSucceed, LibInitMocked, LibCleanup, NULL > + ); > + AddTestCase ( > + ShimTests, > + "Locking a variable that's already locked by another policy should = work", > "LockAfterPolicy", > + LockingALockedVariableShouldSucceed, LibInitMocked, LibCleanup, NUL= L > + ); > + AddTestCase ( > + ShimTests, > + "Locking a variable that already has an unlocked policy should fail= ", > "LockAfterUnlockedPolicy", > + LockingAnUnlockedVariableShouldFail, LibInitMocked, LibCleanup, NUL= L > + ); > + AddTestCase ( > + ShimTests, > + "Adding a policy for a variable that has previously been locked sho= uld > always fail", "SetPolicyAfterLock", > + SettingPolicyForALockedVariableShouldFail, LibInitMocked, LibCleanu= p, > NULL > + ); > + > + // > + // Execute the tests. > + // > + Status =3D RunAllTestSuites (Framework); > + > +EXIT: > + if (Framework !=3D NULL) { > + FreeUnitTestFramework (Framework); > + } > + > + return; > +} > + > +/// > +/// Avoid ECC error for function name that starts with lower case > +letter /// #define Main main > + > +/** > + Standard POSIX C entry point for host based unit test execution. > + > + @param[in] Argc Number of arguments > + @param[in] Argv Array of pointers to arguments > + > + @retval 0 Success > + @retval other Error > +**/ > +INT32 > +Main ( > + IN INT32 Argc, > + IN CHAR8 *Argv[] > + ) > +{ > + UnitTestMain (); > + return 0; > +} > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Va > riableLockRequestToLockUnitTest.inf > b/MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Va > riableLockRequestToLockUnitTest.inf > new file mode 100644 > index 000000000000..2a659d7e1370 > --- /dev/null > +++ > b/MdeModulePkg/Universal/Variable/RuntimeDxe/RuntimeDxeUnitTest/Va > ri > +++ ableLockRequestToLockUnitTest.inf > @@ -0,0 +1,36 @@ > +## @file > +# This is a host-based unit test for the VariableLockRequestToLock shim= . > +# > +# Copyright (c) Microsoft Corporation. > +# SPDX-License-Identifier: BSD-2-Clause-Patent ## > + > +[Defines] > + INF_VERSION =3D 0x00010017 > + BASE_NAME =3D VariableLockRequestToLockUnitTest > + FILE_GUID =3D A7388B6C-7274-4717-9649-BDC5DFD1FCBE > + VERSION_STRING =3D 1.0 > + MODULE_TYPE =3D HOST_APPLICATION > + > +# > +# The following information is for reference only and not required by t= he > build tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 > +# > + > +[Sources] > + VariableLockRequestToLockUnitTest.c > + ../VariableLockRequestToLock.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec > + > +[LibraryClasses] > + UnitTestLib > + DebugLib > + VariablePolicyLib > + VariablePolicyHelperLib > + BaseMemoryLib > + MemoryAllocationLib > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToL > ock.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToL > ock.c > index 4aa854aaf260..191de6b907c5 100644 > --- > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToL > ock.c > +++ > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToL > o > +++ ck.c > @@ -1,67 +1,360 @@ > -/** @file -- VariableLockRequestToLock.c -Temporary location of the > RequestToLock shim code while -projects are moved to VariablePolicy. > Should be removed when deprecated. > +/** @file > + Temporary location of the RequestToLock shim code while projects > + are moved to VariablePolicy. Should be removed when deprecated. >=20 > -Copyright (c) Microsoft Corporation. > -SPDX-License-Identifier: BSD-2-Clause-Patent > + Copyright (c) Microsoft Corporation. > + SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > #include > - > #include > +#include > #include > - > -#include > - > -#include > #include > #include > +#include >=20 > +// > +// NOTE: DO NOT USE THESE MACROS on any structure that has not been > validated. > +// Current table data has already been sanitized. > +// > +#define GET_NEXT_POLICY(CurPolicy) > +(VARIABLE_POLICY_ENTRY*)((UINT8*)CurPolicy + CurPolicy->Size) #define > +GET_POLICY_NAME(CurPolicy) (CHAR16*)((UINTN)CurPolicy + > +CurPolicy->OffsetToName) > + > +#define MATCH_PRIORITY_EXACT 0 > +#define MATCH_PRIORITY_MIN MAX_UINT8 > + > +/** > + This helper function evaluates a policy and determines whether it > +matches the > + target variable. If matched, will also return a value corresponding > +to the > + priority of the match. > + > + The rules for "best match" are listed in the Variable Policy Spec. > + Perfect name matches will return 0. > + Single wildcard characters will return the number of wildcard charact= ers. > + Full namespaces will return MAX_UINT8. > + > + @param[in] EvalEntry Pointer to the policy entry being evaluate= d. > + @param[in] VariableName Same as EFI_SET_VARIABLE. > + @param[in] VendorGuid Same as EFI_SET_VARIABLE. > + @param[out] MatchPriority [Optional] On finding a match, this value > contains > + the priority of the match. Lower number = =3D=3D higher > + priority. Only valid if a match found. > + > + @retval TRUE Current entry matches the target variable. > + @retval FALSE Current entry does not match at all. > + > +**/ > +STATIC > +BOOLEAN > +EvaluatePolicyMatch ( > + IN CONST VARIABLE_POLICY_ENTRY *EvalEntry, > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + OUT UINT8 *MatchPriority OPTIONAL > + ) > +{ > + BOOLEAN Result; > + CHAR16 *PolicyName; > + UINT8 CalculatedPriority; > + UINTN Index; > + > + Result =3D FALSE; > + CalculatedPriority =3D MATCH_PRIORITY_EXACT; > + > + // > + // Step 1: If the GUID doesn't match, we're done. No need to evaluate > anything else. > + // > + if (!CompareGuid (&EvalEntry->Namespace, VendorGuid)) { > + goto Exit; > + } > + > + // > + // If the GUID matches, check to see whether there is a Name > + associated // with the policy. If not, this policy matches the entire > namespace. > + // Missing Name is indicated by size being equal to name. > + // > + if (EvalEntry->Size =3D=3D EvalEntry->OffsetToName) { > + CalculatedPriority =3D MATCH_PRIORITY_MIN; > + Result =3D TRUE; > + goto Exit; > + } > + > + // > + // Now that we know the name exists, get it. > + // > + PolicyName =3D GET_POLICY_NAME (EvalEntry); > + > + // > + // Evaluate the name against the policy name and check for a match. > + // Account for any wildcards. > + // > + Index =3D 0; > + Result =3D TRUE; > + // > + // Keep going until the end of both strings. > + // > + while (PolicyName[Index] !=3D CHAR_NULL || VariableName[Index] !=3D > CHAR_NULL) { > + // > + // If we don't have a match... > + // > + if (PolicyName[Index] !=3D VariableName[Index] || PolicyName[Index]= =3D=3D > '#') { > + // > + // If this is a numerical wildcard, we can consider it a match if= we alter > + // the priority. > + // > + if (PolicyName[Index] =3D=3D L'#' && > + ((L'0' <=3D VariableName[Index] && VariableName[Index] <=3D= L'9') || > + (L'A' <=3D VariableName[Index] && VariableName[Index] <=3D= L'F') || > + (L'a' <=3D VariableName[Index] && VariableName[Index] <=3D= L'f'))) { > + if (CalculatedPriority < MATCH_PRIORITY_MIN) { > + CalculatedPriority++; > + } > + // > + // Otherwise, not a match. > + // > + } else { > + Result =3D FALSE; > + goto Exit; > + } > + } > + Index++; > + } > + > +Exit: > + if (Result && MatchPriority !=3D NULL) { > + *MatchPriority =3D CalculatedPriority; > + } > + return Result; > +} > + > +/** > + This helper function walks the current policy table and returns a > +pointer > + to the best match, if any are found. Leverages EvaluatePolicyMatch() > +to > + determine "best". > + > + @param[in] PolicyTable Pointer to current policy table. > + @param[in] PolicyTableSize Size of current policy table. > + @param[in] VariableName Same as EFI_SET_VARIABLE. > + @param[in] VendorGuid Same as EFI_SET_VARIABLE. > + @param[out] ReturnPriority [Optional] If pointer is provided, retur= n the > + priority of the match. Same as EvaluateP= olicyMatch(). > + Only valid if a match is returned. > + > + @retval VARIABLE_POLICY_ENTRY* Best match that was found. > + @retval NULL No match was found. > + > +**/ > +STATIC > +VARIABLE_POLICY_ENTRY* > +GetBestPolicyMatch ( > + IN UINT8 *PolicyTable, > + IN UINT32 PolicyTableSize, > + IN CONST CHAR16 *VariableName, > + IN CONST EFI_GUID *VendorGuid, > + OUT UINT8 *ReturnPriority OPTIONAL > + ) > +{ > + VARIABLE_POLICY_ENTRY *BestResult; > + VARIABLE_POLICY_ENTRY *CurrentEntry; > + UINT8 MatchPriority; > + UINT8 CurrentPriority; > + > + BestResult =3D NULL; > + MatchPriority =3D MATCH_PRIORITY_EXACT; > + > + // > + // Walk all entries in the table, looking for matches. > + // > + CurrentEntry =3D (VARIABLE_POLICY_ENTRY*)PolicyTable; > + while ((UINTN)CurrentEntry < (UINTN)((UINT8*)PolicyTable + > PolicyTableSize)) { > + // > + // Check for a match. > + // > + if (EvaluatePolicyMatch (CurrentEntry, VariableName, VendorGuid, > &CurrentPriority)) { > + // > + // If match is better, take it. > + // > + if (BestResult =3D=3D NULL || CurrentPriority < MatchPriority) { > + BestResult =3D CurrentEntry; > + MatchPriority =3D CurrentPriority; > + } > + > + // > + // If you've hit the highest-priority match, can exit now. > + // > + if (MatchPriority =3D=3D 0) { > + break; > + } > + } > + > + // > + // If we're still in the loop, move to the next entry. > + // > + CurrentEntry =3D GET_NEXT_POLICY (CurrentEntry); } > + > + // > + // If a return priority was requested, return it. > + // > + if (ReturnPriority !=3D NULL) { > + *ReturnPriority =3D MatchPriority; > + } > + > + return BestResult; > +} > + > +/** > + This helper function will dump and walk the current policy tables to > +determine > + whether a matching policy already exists that satisfies the lock requ= est. > + > + @param[in] VariableName A pointer to the variable name that is being > searched. > + @param[in] VendorGuid A pointer to the vendor GUID that is being > searched. > + > + @retval TRUE We can safely assume this variable is locked. > + @retval FALSE An error has occurred or we cannot prove that the var= iable > is > + locked. > + > +**/ > +STATIC > +BOOLEAN > +IsVariableAlreadyLocked ( > + IN CHAR16 *VariableName, > + IN EFI_GUID *VendorGuid > + ) > +{ > + EFI_STATUS Status; > + UINT8 *PolicyTable; > + UINT32 PolicyTableSize; > + BOOLEAN Result; > + VARIABLE_POLICY_ENTRY *MatchPolicy; > + UINT8 MatchPriority; > + > + Result =3D TRUE; > + > + // > + // First, we need to dump the existing policy table. > + // > + PolicyTableSize =3D 0; > + PolicyTable =3D NULL; > + Status =3D DumpVariablePolicy (PolicyTable, &PolicyTableSize); if > + (Status !=3D EFI_BUFFER_TOO_SMALL) { > + DEBUG ((DEBUG_ERROR, "%a - Failed to determine policy table > size! %r\n", __FUNCTION__, Status)); > + return FALSE; > + } > + PolicyTable =3D AllocateZeroPool (PolicyTableSize); if (PolicyTable = = =3D=3D > + NULL) { > + DEBUG ((DEBUG_ERROR, "%a - Failed to allocated space for policy tab= le! > 0x%X\n", __FUNCTION__, PolicyTableSize)); > + return FALSE; > + } > + Status =3D DumpVariablePolicy (PolicyTable, &PolicyTableSize); if > + (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a - Failed to dump policy table! %r\n", > __FUNCTION__, Status)); > + Result =3D FALSE; > + goto Exit; > + } > + > + // > + // Now we need to walk the table looking for a match. > + // > + MatchPolicy =3D GetBestPolicyMatch ( > + PolicyTable, > + PolicyTableSize, > + VariableName, > + VendorGuid, > + &MatchPriority > + ); > + if (MatchPolicy !=3D NULL && MatchPriority !=3D MATCH_PRIORITY_EXACT)= { > + DEBUG ((DEBUG_ERROR, "%a - We would not have expected a non-exact > match! %d\n", __FUNCTION__, MatchPriority)); > + Result =3D FALSE; > + goto Exit; > + } > + > + // > + // Now we can check to see whether this variable is currently locked. > + // > + if (MatchPolicy->LockPolicyType !=3D VARIABLE_POLICY_TYPE_LOCK_NOW) { > + DEBUG ((DEBUG_INFO, "%a - Policy may not lock variable! %d\n", > __FUNCTION__, MatchPolicy->LockPolicyType)); > + Result =3D FALSE; > + goto Exit; > + } > + > +Exit: > + if (PolicyTable !=3D NULL) { > + FreePool (PolicyTable); > + } > + > + return Result; > +} >=20 > /** > DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING. > - Mark a variable that will become read-only after leaving the DXE phas= e of > execution. > - Write request coming from SMM environment through > EFI_SMM_VARIABLE_PROTOCOL is allowed. > + Mark a variable that will become read-only after leaving the DXE > + phase of execution. Write request coming from SMM environment > through > + EFI_SMM_VARIABLE_PROTOCOL is allowed. >=20 > @param[in] This The VARIABLE_LOCK_PROTOCOL instance. > - @param[in] VariableName A pointer to the variable name that will be > made read-only subsequently. > - @param[in] VendorGuid A pointer to the vendor GUID that will be ma= de > read-only subsequently. > + @param[in] VariableName A pointer to the variable name that will be > made > + read-only subsequently. > + @param[in] VendorGuid A pointer to the vendor GUID that will be ma= de > + read-only subsequently. >=20 > - @retval EFI_SUCCESS The variable specified by the VariableN= ame and > the VendorGuid was marked > - as pending to be read-only. > + @retval EFI_SUCCESS The variable specified by the VariableN= ame and > + the VendorGuid was marked as pending to= be > + read-only. > @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. > Or VariableName is an empty string. > - @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID > or EFI_EVENT_GROUP_READY_TO_BOOT has > - already been signaled. > - @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold > the lock request. > + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID > or > + EFI_EVENT_GROUP_READY_TO_BOOT has alrea= dy been > + signaled. > + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold > the lock > + request. > **/ > EFI_STATUS > EFIAPI > VariableLockRequestToLock ( > - IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, > - IN CHAR16 *VariableName, > - IN EFI_GUID *VendorGuid > + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, > + IN CHAR16 *VariableName, > + IN EFI_GUID *VendorGuid > ) > { > - EFI_STATUS Status; > - VARIABLE_POLICY_ENTRY *NewPolicy; > + EFI_STATUS Status; > + VARIABLE_POLICY_ENTRY *NewPolicy; > + > + DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! %a() will go away > + soon!\n", __FUNCTION__)); DEBUG ((DEBUG_ERROR, "!!! DEPRECATED > + INTERFACE !!! Please move to use Variable Policy!\n")); DEBUG > + ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", > + VendorGuid, VariableName)); >=20 > NewPolicy =3D NULL; > - Status =3D CreateBasicVariablePolicy( VendorGuid, > - VariableName, > - VARIABLE_POLICY_NO_MIN_SIZE, > - VARIABLE_POLICY_NO_MAX_SIZE, > - VARIABLE_POLICY_NO_MUST_ATTR, > - VARIABLE_POLICY_NO_CANT_ATTR, > - VARIABLE_POLICY_TYPE_LOCK_NOW, > - &NewPolicy ); > + Status =3D CreateBasicVariablePolicy( > + VendorGuid, > + VariableName, > + VARIABLE_POLICY_NO_MIN_SIZE, > + VARIABLE_POLICY_NO_MAX_SIZE, > + VARIABLE_POLICY_NO_MUST_ATTR, > + VARIABLE_POLICY_NO_CANT_ATTR, > + VARIABLE_POLICY_TYPE_LOCK_NOW, > + &NewPolicy > + ); > if (!EFI_ERROR( Status )) { > - Status =3D RegisterVariablePolicy( NewPolicy ); > + Status =3D RegisterVariablePolicy (NewPolicy); > + > + // > + // If the error returned is EFI_ALREADY_STARTED, we need to check t= he > + // current database for the variable and see whether it's locked. I= f it's > + // locked, we're still fine, but also generate a DEBUG_ERROR messag= e so > the > + // duplicate lock can be removed. > + // > + if (Status =3D=3D EFI_ALREADY_STARTED) { > + if (IsVariableAlreadyLocked (VariableName, VendorGuid)) { > + DEBUG ((DEBUG_ERROR, " Variable: %g %s is already locked!\n", > VendorGuid, VariableName)); > + Status =3D EFI_SUCCESS; > + } > + } > } > - if (EFI_ERROR( Status )) { > + if (EFI_ERROR (Status)) { > DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", > __FUNCTION__, VariableName, Status )); > - ASSERT_EFI_ERROR( Status ); > } > if (NewPolicy !=3D NULL) { > FreePool( NewPolicy ); > -- > 2.29.2.windows.2 >=20 >=20 >=20 >=20 >=20