From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web08.28430.1644798388566371469 for ; Sun, 13 Feb 2022 16:26:29 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=R19ozP02; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: chasel.chiu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644798388; x=1676334388; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0q97S+M32ZX91Dk9hU5H5PbeJs8H20hRgesEnFEEnMU=; b=R19ozP02eVSMw6Qhifl+9ppPJ+77+HZcTI3wxO3/Vkp3zhVV6nB5+MAD eoBZ0nGDnNQ5oNHBnWjMltS1FKf+53GFIQ71dh5OAN5GbcE07k2vULCKz hwJR26joqZ4aIt3J3S4N3o2wRhSJtRthn+fuGWbelw0l/WAdBf5Qdn3Wk RjsYpiyNh+fvEkNDsNZ0L9WlIxVrg5w9wNEHuk8BfZYox4CajVbu4FVfU G5gVS+2gzGVHRAJNFubn7vLvHPjputjaQAzpkK2w8IgX+JzTFyJcD5JYI SFIQTNCrVjSXRbDiajjo/EoCCO75Wh+ANjaLqlNgnbEHAmjbwGRTDvZUA w==; X-IronPort-AV: E=McAfee;i="6200,9189,10257"; a="313265737" X-IronPort-AV: E=Sophos;i="5.88,366,1635231600"; d="scan'208";a="313265737" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Feb 2022 16:26:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,366,1635231600"; d="scan'208";a="586965902" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga008.fm.intel.com with ESMTP; 13 Feb 2022 16:26:27 -0800 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Sun, 13 Feb 2022 16:26:26 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Sun, 13 Feb 2022 16:26:26 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Sun, 13 Feb 2022 16:26:26 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nNTsHdgsuuwwmh9y5DdvyU+fzuygafdbxDhSzcI6KmrtAwOt/c9duacl1XBkwKocl57VgWCKlpVCgt5YghCAXWO5yeU2+DAgYq1zqHEPj94gAYUsEnvA6uiTBWy7fOVBU1IlKQ9p09bq7/W2oRuCyy02VJNJrRLU+kd1PgJ7o3Y+FSnUqgICWPsua3hc+GgKUx6a8xlhkdxi390IkoRvfLok4u180qYoT5nErOUoAs3/pbOGV2NI2QFgMHgaggpVMhWqhUAQaBif9aeEodJEC6YmAhWMEfdeedB953ubXyCB14MRHwmcB13ueK3a1jfaa6VnZcqUL3TrTwa2gUp+ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GWiYH1Fj9nmsxuRh/0QFlPGjGcnFaJTWTz/nh7yLYiI=; b=nbM273EjICxLqulJY7IJejzc/0tg+4OZTXLtTnYQ2NB9WyN7NfLarqH28VBEOPGy7XUYd316VGQqCvJmd1ByM93JWvsEod4EnPZ91kLireLyHFTRi5tR90K49zQqfYjGOmICurbz2y/WF25IF70WLd+t5Av5UcqcCB77sQ8Xs1Cgr+XkLhztEKUAZkV/XMFExWMTeOmcDyr1ZgBPT6Hcr/oq41nPV+P+uoGkrOm5/YXdRN1fbDzaIewB8L6nqkV07weBv7cZ+8UJOwrTfqaUb6O7ZkowMhP8uoxW1AcAkUsNSxaOY5AgvdsC9JK0QEFbNzoaUXgsfLwnSvknFD65ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from BN9PR11MB5483.namprd11.prod.outlook.com (2603:10b6:408:104::10) by MN2PR11MB4320.namprd11.prod.outlook.com (2603:10b6:208:195::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.18; Mon, 14 Feb 2022 00:26:24 +0000 Received: from BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::c8ff:c95c:e601:eee3]) by BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::c8ff:c95c:e601:eee3%6]) with mapi id 15.20.4975.017; Mon, 14 Feb 2022 00:26:24 +0000 From: "Chiu, Chasel" To: "Oram, Isaac W" , "devel@edk2.groups.io" CC: "Desimone, Nathaniel L" , "Gao, Liming" , "Dong, Eric" Subject: Re: [edk2-devel] [edk2-platforms: PATCH v3] MinPlatformPkg/SaveMemoryConfig: Variable may not be locked. Thread-Topic: [edk2-devel] [edk2-platforms: PATCH v3] MinPlatformPkg/SaveMemoryConfig: Variable may not be locked. Thread-Index: AQHYHyYgrdDuFCjIXkSZJCedBjRbgayPFfcAgAMaE7A= Date: Mon, 14 Feb 2022 00:26:24 +0000 Message-ID: References: <20220211090204.987-1-chasel.chiu@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4dc3e266-8294-4b52-a3e5-08d9ef50a208 x-ms-traffictypediagnostic: MN2PR11MB4320:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:173; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rvH9FN1WmPnkOLzJJO4Dz+qKsdR2K7PlA59xVduAp+pZZmf3csHjDtlecIZ2JKUQsMtMQ80g2tVI5Tef4R46O7rKHL46taGH03jjHGTbvXhveISEc25CYUpOKgwusiP3tpSbYGKeWvqxF6DR7PKHkE9rrK+kIwb76WcRdpvOmKlAGRa1lq/8ApPUQeiPAkA260h2aZKNAueFkvtCyfUQUOK4NfUX3XRdRQlBZXGmx37koo6/c5oceIllIy5bQvSmdzBpCCPjPEkYogpOn5VY6eGnzN0F+l/kfaWfnSDbE+f3tMwMGCM2hsTfPeamOxkG2tUJj7qV4rF6CXLXhIKdxkN9nBVxYXyMgZTBC6le4j3zeP151y+le5xt8aWj0aBJMWZhErsfteaJWQ4mi5yT44k70jYWbyh7JKGX8ftoUyWywox7ot8xBh0P9VszAj5DbcwxKFAKyp+YJoO11h/Z2bWaTfoJYrHB99tNEUMzRN9AMPcUo6NK/2Nhrerwddb6LRqBVUgrpRf1JcXTCJNqM2nywrp7QQgJVC1vWW1eStKUrcoBHYRpmxEm108qkHAtXdgotB+otd5pQ7aFEEupNSF4q0jw0ae4NPL9oM5uyr/JbetHLEi0v/egyu/fYLcf9jBEonxCVYYWB8QROGGVvLJelOzEJyswZVdgmjMRbvqXsPySa1cIruIWOmxJIBAF248E2oraxVdFxYmWw9D4k0CdM6sF+eexaW1uMMv47SEguCJzJwhYfkTL3QCYSeeaLq58Nh2GUTv0KhkXNjtaEi1Vv+U7/TloPrTb7M5JnhkpwosRpvwze3f0S+uw7u7GUWIslEU5NhDYjI3tNFAh2tu3tHk14h4Mug9gfN6FdNE= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN9PR11MB5483.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(66946007)(2906002)(86362001)(76116006)(64756008)(66446008)(66556008)(66476007)(8676002)(4326008)(52536014)(38100700002)(8936002)(38070700005)(5660300002)(122000001)(30864003)(82960400001)(186003)(26005)(107886003)(83380400001)(55016003)(71200400001)(53546011)(7696005)(6506007)(966005)(9686003)(508600001)(316002)(33656002)(110136005)(54906003)(11716005)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?1Pl8V1hOtYSbcFZvbFbAnJqOlRCu1POjIfQiGhuflmAqIFQrSOw4o61kyZR9?= =?us-ascii?Q?HM8QCCr9LV1MTLC+WI1m6DcbdebJgi8etFQ21CzddiSMzWb74Z7jZ6nfXHFU?= =?us-ascii?Q?p/RdmHOsH5KwDCdqcCHSDFYbwubHjuGQWuStySJanXU2R1HUNTgWaU1Jp0Fy?= =?us-ascii?Q?VTfQlGLzYjcKOPelBc8V50rBu1RgbFu9PRERaV/Lcurv72FxvuuGP9Qnvqvc?= =?us-ascii?Q?pYssaUDOgOP4y2+3fd4FthVgKhEBGE5CC9E06+yWFBOzDvj/hD2ubNcXhMJn?= =?us-ascii?Q?P7DyVzM0khKGVXbDTkxrgSXonavu1D13kCksSTf0zkqt0d6CqIOgEIbnmC/K?= =?us-ascii?Q?WC51mE9JSMSJdrG7rpnpPy0zQ4Onf3El6Nep9Ircxl6J8FzIwbv91MgeMtTE?= =?us-ascii?Q?S+ZH7tlFkMwfnfrDLd4o/zFh3CQMY7czUVjt7FSIqVDypTD70BiAfZLoNPl6?= =?us-ascii?Q?atkMlGKbuUrylZx4+08QMz0R6xeRhHIVjL2usUCjdximc4jwRtW4Ltf7HGhZ?= =?us-ascii?Q?eptehsOXY0l57HAVWD/oIhKhvoaXoPm8am4b3gLWkXA7tmKRjBZgyWTnVzwI?= =?us-ascii?Q?+VEe46zstF4Te+P/OiNLD0QG+GU4v0FdZ8UCE9O19iEWGk250//UevEzZHYf?= =?us-ascii?Q?2SvvGJzgV2eX2gZCEY4RvsLOVEtIiEeoiwTwaxacWVgvqYzJb4OqXqg7Yc7B?= =?us-ascii?Q?NCwKye0cxQlqdlXpfIemnsY45+nq6bi5i5A8qQ7OiqXWL7mAHOhBzUAJ4Pi7?= =?us-ascii?Q?hbqZrpPNgYMayzLL3zyYDV43/Goc1dxRd4cDwyd1YBF7fxzX4r4HRYx6Y3PV?= =?us-ascii?Q?vLIDFTZKP3aRi6FItu68dSnOIGtig+rD8Emnpsw26KfA/XYDNjCBwe7k19q0?= =?us-ascii?Q?HU74lYQggEVAlCapnIaflPYe3gY3brBW1Xrhv+BRp/lOsEtkQfXiQx/apYFz?= =?us-ascii?Q?/GMAPpg1aZWV2CqWKiIgndpo2nsiKaogCQ0FplFnUPIwtzau8x0WQrTRvhzm?= =?us-ascii?Q?0IqJXyBvOpolpdfhjqVe04nBHbPAmknZMO5VgrGK8Om8BPinFIFb+v7qe6WO?= =?us-ascii?Q?CJq9154/5tP4OIWnc+bBil7bxC80LK3xcB9VvByywZ+Gq/xTpCJ7yItur+oC?= =?us-ascii?Q?j2uhe9t9ej/NfmwvPyUGQ8xw6Zru9h0WtkFQr9OxoAFdloPzuKSOTf4iavAk?= =?us-ascii?Q?d6Su7SG9wngEP50jJijRIFpsmf9c+3tjEg1WD/QsKtBNnFjHzb+4tC7z/Y9/?= =?us-ascii?Q?/YaXI30fAGisYHBUOhiiquayF9sZ4B/xNfzO0JLzxbQtvCLbn78vd4j1M+zn?= =?us-ascii?Q?hoYoe0PbERfF/2m5Zdcxs0lK0IJOP3KIU6ho1NzSb6dFkWwu7joBLJkbqeRz?= =?us-ascii?Q?Zgw/pQrouWFWzRqzrbYMnK0y8k2dnfH+OE4HvLzGp+NB5mql4NEjlgkT/1Ao?= =?us-ascii?Q?EwuPCN4CqK7RuGmHdT64VjfCY18w6u0bBbrt5knq4pT0mWun96HCzYB+6ug9?= =?us-ascii?Q?uCuY663wtG2BYTWv1Gybgp+mCp4d0nvf7J8O02vo3eoMUXk91vmNJt3r1K70?= =?us-ascii?Q?4ZhiKmZ+vuKjG2SWohVAugEDrX9XdX8VkYooR1kJvonwD7OFe1BtyDjBLK3c?= =?us-ascii?Q?Lw=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5483.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4dc3e266-8294-4b52-a3e5-08d9ef50a208 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2022 00:26:24.3583 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uimx3nmbgBX49X21x8U7TXoIZkKX7EIPX5GyjdRTsj/wJT5e5IVn9wjYUBN+OwFUwJebKbJMpaWpIQ6hQzqasg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4320 Return-Path: chasel.chiu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks Isaac! I will correct them when pushing the patch. > -----Original Message----- > From: Oram, Isaac W > Sent: Saturday, February 12, 2022 8:48 AM > To: devel@edk2.groups.io; Chiu, Chasel > Cc: Desimone, Nathaniel L ; Gao, Liming > ; Dong, Eric > Subject: RE: [edk2-devel] [edk2-platforms: PATCH v3] > MinPlatformPkg/SaveMemoryConfig: Variable may not be locked. >=20 > Reviewed-by: Isaac Oram >=20 > Minor code style nits that can be fixed before pushing: These do not nee= d > another patch for review, if a maintainer agrees. >=20 > SaveMemoryConfig.c > Line 95 : EFI_ERROR( put a space before ( Line 101, 118: CpuDeadLoop( put= a > space before ( >=20 > LargeVariableWriteLib.c: > Lines 506, 519, 542: EFI_ERROR( put a space before ( >=20 > Regards, > Isaac >=20 > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Chiu, > Chasel > Sent: Friday, February 11, 2022 1:02 AM > To: devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Gao, Liming > ; Dong, Eric > Subject: [edk2-devel] [edk2-platforms: PATCH v3] > MinPlatformPkg/SaveMemoryConfig: Variable may not be locked. >=20 > From: "Chiu, Chasel" >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3829 >=20 > Fixed the bug that existing variable will not be locked when it is identi= cal with > hob data by creating LockLargeVariable function, also switched to > VariablePolicyProtocol for locking variables. >=20 > Failing to lock variable could be security vulnerability, so the function= will > return EFI_ABORTED when it failed and SaveMemoryConfig driver will halt > the system for developers to resolve this issue. >=20 > This patch also modified SaveMemoryConfig driver to be unloaded after > execution because it does not produce any service protocol. To achieve th= is > goal the DxeRuntimeVariableWriteLib should close registered > ExitBootService events in its DESTRUCTOR. >=20 > Cc: Nate DeSimone > Cc: Liming Gao > Cc: Eric Dong > Signed-off-by: Chasel Chiu ---V3:Updated > LargeVariableWriteLib to return EFI_ABORTED when locking variables > failed.Also SaveMemoryConfig driver will halt the system in this case for > developers to fixsuch security vulnerability issue. >=20 > Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMem > oryConfig.c | 27 ++++++++++++++++++++++++--- >=20 > Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariable > WriteLib.c | 115 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++----- >=20 > Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeRu > ntimeVariableWriteLib.c | 61 > +++++++++++++++++++++++++++++++++++++++++++++---------------- >=20 > Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMem > oryConfig.inf | 3 ++- > Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLib.h > | 25 +++++++++++++++++++++++-- >=20 > Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeRu > ntimeVariableWriteLib.inf | 8 +++++--- > 6 files changed, 209 insertions(+), 30 deletions(-) >=20 > diff --git > a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > moryConfig.c > b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > moryConfig.c > index 820585f676..54e11e20bd 100644 > --- > a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > moryConfig.c > +++ > b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > mo > +++ ryConfig.c > @@ -2,13 +2,14 @@ > This is the driver that locates the MemoryConfigurationData HOB, if it > exists, and saves the data to nvRAM. -Copyright (c) 2017 - 2021, Intel > Corporation. All rights reserved.
+Copyright (c) 2017 - 2022, Intel > Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clau= se- > Patent **/ #include #include +#include > #include #includ= e > #include @@ - > 18,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include #include > #include > +#include > #include /**@@ -86,6 +88,18 @@ > SaveMemoryConfigEntryPoint ( > Status =3D GetLargeVariable (L"FspNvsBuffer", > &gFspNvsBufferVariableGuid, &BufferSize, VariableData); if > (!EFI_ERROR (Status) && (BufferSize =3D=3D DataSize) && (0 =3D=3D Compare= Mem > (HobData, VariableData, DataSize))) { DataIsIdentical =3D T= RUE;+ > //+ // No need to update Variable, only lock it.+ = //+ > Status =3D LockLargeVariable (L"FspNvsBuffer", > &gFspNvsBufferVariableGuid);+ if (EFI_ERROR(Status)) {+ = //+ > // Fail to lock variable is security vulnerability and should not happen.= + > //+ DEBUG ((DEBUG_ERROR, "LockVariable is requested but fa= iled > unexpectedly!\n"));+ ASSERT_EFI_ERROR (Status);+ > CpuDeadLoop();+ } } FreePool (Variab= leData); }@@ - > 96,6 +110,13 @@ SaveMemoryConfigEntryPoint ( > if (!DataIsIdentical) { Status =3D SetLargeVariable (L"Fsp= NvsBuffer", > &gFspNvsBufferVariableGuid, TRUE, DataSize, HobData); > ASSERT_EFI_ERROR (Status);+ if (Status =3D=3D EFI_ABORTED) {+ = //+ > // Fail to lock variable is security vulnerability and should not happen.= + > //+ DEBUG ((DEBUG_ERROR, "LockVariable is requested but failed > unexpectedly!\n"));+ CpuDeadLoop();+ } DEBUG ((DE= BUG_INFO, > "Saved size of FSP / MRC Training Data: 0x%x\n", DataSize)); } else > { DEBUG ((DEBUG_INFO, "FSP / MRC Training Data is identical to da= ta > from last boot, no need to save.\n"));@@ -106,7 +127,7 @@ > SaveMemoryConfigEntryPoint ( > } //- // This driver cannot be unloaded because > DxeRuntimeVariableWriteLib constructor will register ExitBootServices > callback.+ // This driver does not produce any protocol services, so alw= ays > unload it. //- return EFI_SUCCESS;+ return > EFI_REQUEST_UNLOAD_IMAGE; }diff --git > a/Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariabl > eWriteLib.c > b/Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariabl > eWriteLib.c > index e4b97ef1df..154f6f448f 100644 > --- > a/Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariabl > eWriteLib.c > +++ b/Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVa > +++ riableWriteLib.c > @@ -10,7 +10,7 @@ > integer number will be added to the end of the variable name. This num= ber > will be incremented for each variable as needed to store the entire data = set. > - Copyright (c) 2021, Intel Corporation. All rights reserved.
+ Copy= right > (c) 2021 - 2022, Intel Corporation. All rights reserved.
SPDX-Licen= se- > Identifier: BSD-2-Clause-Patent **/@@ -245,7 +245,7 @@ Done: > @retval EFI_DEVICE_ERROR The variable could not be retrieved due= to a > hardware error. @retval EFI_WRITE_PROTECTED The variable in question= is > read-only. @retval EFI_WRITE_PROTECTED The variable in question cann= ot > be deleted.-+ @retval EFI_ABORTED LockVariable was requested = but > failed. @retval EFI_NOT_FOUND The variable trying to be update= d or > deleted was not found. **/@@ -412,7 +412,7 @@ SetLargeVariable ( > // all data is saved. // if (LockVariable) {- for (Inde= x =3D 0; Index < > VariablesSaved; Index++) {+ for (Index =3D 0; Index <=3D VariablesSa= ved; > Index++) { ZeroMem (TempVariableName, > MAX_VARIABLE_NAME_SIZE); UnicodeSPrint (TempVariableName, > MAX_VARIABLE_NAME_SIZE, L"%s%d", VariableName, Index); @@ -420,7 > +420,7 @@ SetLargeVariable ( > Status =3D VarLibVariableRequestToLock (TempVariableName, > VendorGuid); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ER= ROR, > "SetLargeVariable: Error locking variable: Status =3D %r\n", Status));- > VariablesSaved =3D 0;+ Status =3D EFI_ABORTED; goto > Done; } }@@ -442,9 +442,114 @@ Done: > 0, NULL );- DEB= UG ((DEBUG_ERROR, > "SetLargeVariable: Error deleting variable: Status =3D %r\n", Status2));+= if > (EFI_ERROR (Status2)) {+ DEBUG ((DEBUG_ERROR, "SetLargeVariable: > Error deleting variable: Status =3D %r\n", Status2));+ } } } = DEBUG > ((DEBUG_ERROR, "SetLargeVariable: Status =3D %r\n", Status)); return > Status; }++/**+ Locks the existing large variable.++ @param[in] > VariableName A Null-terminated string that is the name of the vendo= r's > variable.+ Each VariableName is unique fo= r each VendorGuid. > VariableName must+ contain 1 or more char= acters. If > VariableName is an empty string,+ then > EFI_INVALID_PARAMETER is returned.+ @param[in] VendorGuid A > unique identifier for the vendor.+ @retval EFI_SUCCESS The fi= rmware > has successfully locked the variable.+ @retval EFI_INVALID_PARAMETER An > invalid combination of variable name and GUID was supplied+ @retval > EFI_UNSUPPORTED The service for locking variable is not ready.+ @= retval > EFI_NOT_FOUND The targeting variable for locking is not present.= + > @retval EFI_ABORTED Fail to lock > variable.+**/+EFI_STATUS+EFIAPI+LockLargeVariable (+ IN CHAR16 > *VariableName,+ IN EFI_GUID *VendorGuid+ )+{+ CHA= R16 > TempVariableName[MAX_VARIABLE_NAME_SIZE];+ UINT64 > VariableSize;+ EFI_STATUS Status;+ UINTN Index;++ //+ // C= heck > input parameters.+ //+ if (VariableName =3D=3D NULL || VariableName[0] = =3D=3D 0 > || VendorGuid =3D=3D NULL) {+ return EFI_INVALID_PARAMETER;+ }++ if > (!VarLibIsVariableRequestToLockSupported ()) {+ return > EFI_UNSUPPORTED;+ }++ VariableSize =3D 0;+ Index =3D 0;+ ZeroMem > (TempVariableName, MAX_VARIABLE_NAME_SIZE);+ UnicodeSPrint > (TempVariableName, MAX_VARIABLE_NAME_SIZE, L"%s%d", VariableName, > Index);+ Status =3D VarLibGetVariable (TempVariableName, VendorGuid, > NULL, &VariableSize, NULL);+ if (Status =3D=3D EFI_BUFFER_TOO_SMALL) {+ > //+ // Lock multiple variables.+ //++ //+ // Lock first varia= ble and > continue to rest of the variables.+ //+ DEBUG ((DEBUG_INFO, "Lockin= g %s, > Guid =3D %g\n", TempVariableName, VendorGuid));+ Status =3D > VarLibVariableRequestToLock (TempVariableName, VendorGuid);+ if > (EFI_ERROR(Status)) {+ DEBUG ((DEBUG_ERROR, "LockLargeVariable: > Failed! Satus =3D %r\n", Status));+ return EFI_ABORTED;+ }+ fo= r (Index =3D 1; > Index < MAX_VARIABLE_SPLIT; Index++) {+ ZeroMem > (TempVariableName, MAX_VARIABLE_NAME_SIZE);+ UnicodeSPrint > (TempVariableName, MAX_VARIABLE_NAME_SIZE, L"%s%d", VariableName, > Index);++ VariableSize =3D 0;+ Status =3D VarLibGetVariable > (TempVariableName, VendorGuid, NULL, &VariableSize, NULL);+ if (Stat= us > =3D=3D EFI_BUFFER_TOO_SMALL) {+ DEBUG ((DEBUG_INFO, "Locking %s, > Guid =3D %g\n", TempVariableName, VendorGuid));+ Status =3D > VarLibVariableRequestToLock (TempVariableName, VendorGuid);+ if > (EFI_ERROR(Status)) {+ DEBUG ((DEBUG_ERROR, "LockLargeVariable: > Failed! Satus =3D %r\n", Status));+ return EFI_ABORTED;+ = }+ } else if > (Status =3D=3D EFI_NOT_FOUND) {+ //+ // No more variables n= eed to > lock.+ //+ return EFI_SUCCESS;+ }+ } // End of fo= r loop+ } else if > (Status =3D=3D EFI_NOT_FOUND) {+ //+ // Check if it is single varia= ble > scenario.+ //+ VariableSize =3D 0;+ Status =3D VarLibGetVariable > (VariableName, VendorGuid, NULL, &VariableSize, NULL);+ if (Status =3D= =3D > EFI_BUFFER_TOO_SMALL) {+ //+ // Lock single variable.+ //+ > DEBUG ((DEBUG_INFO, "Locking %s, Guid =3D %g\n", VariableName, > VendorGuid));+ Status =3D VarLibVariableRequestToLock (VariableName, > VendorGuid);+ if (EFI_ERROR(Status)) {+ DEBUG ((DEBUG_ERROR, > "LockLargeVariable: Failed! Satus =3D %r\n", Status));+ return > EFI_ABORTED;+ }+ return EFI_SUCCESS;+ }+ }++ //+ // Here = probably > means variable not present.+ //+ return Status;++}diff --git > a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/Dxe > RuntimeVariableWriteLib.c > b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/Dxe > RuntimeVariableWriteLib.c > index 9ed59f8827..28730f858b 100644 > --- > a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/Dxe > RuntimeVariableWriteLib.c > +++ > b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/D > +++ xeRuntimeVariableWriteLib.c > @@ -10,7 +10,7 @@ > Using this library allows code to be written in a generic manner that = can be > used in DXE or SMM without modification. - Copyright (c) 2021, Intel > Corporation. All rights reserved.
+ Copyright (c) 2021 - 2022, Intel > Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2- > Clause-Patent **/@@ -18,14 +18,16 @@ > #include #include -#include > +#include > #include #include #include > #include > -STATIC > EDKII_VARIABLE_LOCK_PROTOCOL *mVariableWriteLibVariableLock =3D > NULL;+STATIC EDKII_VARIABLE_POLICY_PROTOCOL > *mVariableWriteLibVariablePolicy =3D NULL;+EFI_EVENT > mExitBootServiceEvent;+EFI_EVENT mLegacyBoot= Event; /** > Sets the value of a variable.@@ -144,7 +146,7 @@ > VarLibIsVariableRequestToLockSupported ( > VOID ) {- if (mVariableWriteLibVariableLock !=3D NULL) {+ if > (mVariableWriteLibVariablePolicy !=3D NULL) { return TRUE; } else {= return > FALSE;@@ -178,16 +180,45 @@ VarLibVariableRequestToLock ( > { EFI_STATUS Status =3D EFI_UNSUPPORTED; - if > (mVariableWriteLibVariableLock !=3D NULL) {- Status =3D > mVariableWriteLibVariableLock->RequestToLock (- > mVariableWriteLibVariableLock,- = VariableName,- > VendorGuid- );+ if > (mVariableWriteLibVariablePolicy !=3D NULL) {+ Status =3D > RegisterBasicVariablePolicy (+ mVariableWriteLibVariablePol= icy,+ > (CONST EFI_GUID*) VendorGuid,+ (CONST CHAR16 *) > VariableName,+ VARIABLE_POLICY_NO_MIN_SIZE,+ > VARIABLE_POLICY_NO_MAX_SIZE,+ > VARIABLE_POLICY_NO_MUST_ATTR,+ > VARIABLE_POLICY_NO_CANT_ATTR,+ > VARIABLE_POLICY_TYPE_LOCK_NOW+ ); } return Status; } +/= **+ > Close events when driver unloaded.++ @param[in] ImageHandle A handle > for the image that is initializing this driver+ @param[in] SystemTable = A > pointer to the EFI system table++ @retval EFI_SUCCESS The initializa= tion > finished > successfully.+**/+EFI_STATUS+EFIAPI+DxeRuntimeVariableWriteLibDestruc > tor (+ IN EFI_HANDLE ImageHandle,+ IN EFI_SYSTEM_TABLE > *SystemTable+ )+{+ if (mExitBootServiceEvent !=3D 0) {+ gBS->CloseEv= ent > (mExitBootServiceEvent);+ }+ if (mLegacyBootEvent !=3D 0) {+ gBS- > >CloseEvent (mLegacyBootEvent);+ }+ return EFI_SUCCESS;+}+ /** Exit > Boot Services Event notification handler. @@ -202,7 +233,7 @@ > DxeRuntimeVariableWriteLibOnExitBootServices ( > IN VOID *Context ) {- mVariableWriteLibVar= iableLock =3D > NULL;+ mVariableWriteLibVariablePolicy =3D NULL; } /**@@ -227,13 +258,1= 1 > @@ DxeRuntimeVariableWriteLibConstructor ( > ) { EFI_STATUS Status;- EFI_EVENT ExitBootServiceEvent;- EF= I_EVENT > LegacyBootEvent; // // Locate VariableLockProtocol. //- Status = =3D gBS- > >LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID > **)&mVariableWriteLibVariableLock);+ Status =3D gBS->LocateProtocol > (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID > **)&mVariableWriteLibVariablePolicy); ASSERT_EFI_ERROR (Status); > //@@ -245,7 +274,7 @@ DxeRuntimeVariableWriteLibConstructor ( > DxeRuntimeVariableWriteLibOnExitBootServices, = NULL, > &gEfiEventExitBootServicesGuid,- &ExitBootServiceEvent+ > &mExitBootServiceEvent ); ASSERT_EFI_ERROR (Status); @@ -2= 57,7 > +286,7 @@ DxeRuntimeVariableWriteLibConstructor ( > TPL_NOTIFY, DxeRuntimeVariableWriteLibOnExitBo= otServices, > NULL,- &LegacyBootEvent+ &mLegacyBootEvent = ); > ASSERT_EFI_ERROR (Status); diff --git > a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > moryConfig.inf > b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > moryConfig.inf > index e2dbd2fb49..61e85a6586 100644 > --- > a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > moryConfig.inf > +++ > b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMe > mo > +++ ryConfig.inf > @@ -1,7 +1,7 @@ > ### @file # Component information file for SaveMemoryConfig module #-# > Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved.
+# > Copyright (c) 2017 - 2022, Intel Corporation. All rights reserved.
# = # > SPDX-License-Identifier: BSD-2-Clause-Patent #@@ -25,6 +25,7 @@ > BaseMemoryLib LargeVariableReadLib LargeVariableWriteLib+ BaseLib > [Packages] MdePkg/MdePkg.decdiff --git > a/Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLib.h > b/Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLib.h > index c847d7f152..64b0090c2c 100644 > --- > a/Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLib.h > +++ b/Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLi > +++ b.h > @@ -16,7 +16,7 @@ > is possible, adjusting the value of PcdMaxVariableSize may provide a > simpler solution to this problem. - Copyright (c) 2021, Intel Corporat= ion. All > rights reserved.
+ Copyright (c) 2021 - 2022, Intel Corporation. All = rights > reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -52,7 > +52,7 @@ > @retval EFI_DEVICE_ERROR The variable could not be retrieved due= to a > hardware error. @retval EFI_WRITE_PROTECTED The variable in question= is > read-only. @retval EFI_WRITE_PROTECTED The variable in question cann= ot > be deleted.-+ @retval EFI_ABORTED LockVariable was requested = but > failed. @retval EFI_NOT_FOUND The variable trying to be update= d or > deleted was not found. **/@@ -66,4 +66,25 @@ SetLargeVariable ( > IN VOID *Data ); +/**+ Locks the existing = large variable.++ > @param[in] VariableName A Null-terminated string that is the name = of > the vendor's variable.+ Each VariableName= is unique for each > VendorGuid. VariableName must+ contain 1 = or more > characters. If VariableName is an empty string,+ = then > EFI_INVALID_PARAMETER is returned.+ @param[in] VendorGuid A > unique identifier for the vendor.+ @retval EFI_SUCCESS The fi= rmware > has successfully locked the variable.+ @retval EFI_INVALID_PARAMETER An > invalid combination of variable name and GUID was supplied+ @retval > EFI_UNSUPPORTED The service for locking variable is not ready.+ @= retval > EFI_NOT_FOUND The targeting variable for locking is not present.= + > @retval EFI_ABORTED Fail to lock > variable.+**/+EFI_STATUS+EFIAPI+LockLargeVariable (+ IN CHAR16 > *VariableName,+ IN EFI_GUID *VendorGuid+ );+ #endi= f // > _LARGE_VARIABLE_WRITE_LIB_H_diff --git > a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/Dxe > RuntimeVariableWriteLib.inf > b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/Dxe > RuntimeVariableWriteLib.inf > index 704a8ac7cc..f83090c847 100644 > --- > a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/Dxe > RuntimeVariableWriteLib.inf > +++ > b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/D > +++ xeRuntimeVariableWriteLib.inf > @@ -10,7 +10,7 @@ > # Using this library allows code to be written in a generic manner that = can be > # used in DXE or SMM without modification. #-# Copyright (c) 2021, Intel > Corporation. All rights reserved.
+# Copyright (c) 2021 - 2022, Intel > Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2- > Clause-Patent #@@ -24,6 +24,7 @@ > MODULE_TYPE =3D DXE_RUNTIME_DRIVER LIBRARY_CLASS > =3D VariableWriteLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER > UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR =3D > DxeRuntimeVariableWriteLibConstructor+ DESTRUCTOR = =3D > DxeRuntimeVariableWriteLibDestructor [Packages] > MdePkg/MdePkg.dec@@ -37,13 +38,14 @@ > UefiLib UefiBootServicesTableLib UefiRuntimeServicesTableLib+ > VariablePolicyHelperLib [Guids] gEfiEventExitBootServicesGuid ## > CONSUMES ## Event [Protocols] gEfiVariableWriteArchProtocolGuid ## > CONSUMES- gEdkiiVariableLockProtocolGuid ## CONSUMES+ > gEdkiiVariablePolicyProtocolGuid ## CONSUMES [Depex]- > gEfiVariableWriteArchProtocolGuid AND gEdkiiVariableLockProtocolGuid+ > gEfiVariableWriteArchProtocolGuid AND gEdkiiVariablePolicyProtocolGuid-- > 2.28.0.windows.1 >=20 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#86614): https://edk2.groups.io/g/devel/message/86614 > Mute This Topic: https://groups.io/mt/89067146/1492418 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub > [isaac.w.oram@intel.com] -=3D-=3D-=3D-=3D-=3D-=3D >=20