From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50])
 by mx.groups.io with SMTP id smtpd.web11.7119.1605199558236830202
 for <devel@edk2.groups.io>;
 Thu, 12 Nov 2020 08:45:59 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@corthon-com.20150623.gappssmtp.com header.s=20150623 header.b=LGS/wCnJ;
 spf=none, err=permanent DNS error (domain: corthon.com, ip: 209.85.208.50, mailfrom: bret@corthon.com)
Received: by mail-ed1-f50.google.com with SMTP id v22so7047568edt.9
        for <devel@edk2.groups.io>; Thu, 12 Nov 2020 08:45:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=corthon-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Nubny1xL0LiLPV3JulyxAHyvT1+3flzUU5TUzcNCG9I=;
        b=LGS/wCnJVASttP5YiTRECUrMOEZGpzhC3qrjKIVQPzCov8SxbOIiLj9dF+qFt3Wgq8
         BUHdnqpNeGgG+JZwebTlpuNE8QWzttKkHlg9g4lxdEwdH9+HRVU3iXhtSmMdX+gsFwvN
         whMKlTEnMCmKP04riHy6OHUUm5dKYuAeAjzAh1nvB7SKE970OVqza4v0mQ2bYPyEuKuf
         +Wa6ZQ3eSsdAzeOONeHbrtMa57Jn8Paz8xhHtx38Sv8FYCIhFxLuT4OT54iMJQ+aTu/y
         wz9v0mwBB8TqoJ2hBZpSXqBTF5gBzIonE9z+HeHiCZ2Xu9so6mDkMJ106miudI252LSn
         L2OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Nubny1xL0LiLPV3JulyxAHyvT1+3flzUU5TUzcNCG9I=;
        b=jkvlAkBrCOSEHqQkffbzhmDuZFW2GRmDogIkGvjOHKJT6t+FLCVb+jTovL2oP3IUxO
         9Nx/zlIOKl0FKYAkXdcixLK/7NunH3M92VFkVDcv6hnizhKWrqyoUxiOa8Ml0Dze7VWj
         DWOrQWb6DwiX+i72Fn5AN6qF31QugOaIVv485MPWrb6TUPEsQvHF7pxBkmFoknCTjr1Y
         jRVjazqIgEAyyBB/+qee5BQBWU0WdN2SvYTq8xN8pC9RJ64OcqgFM/7OqQEqwq32G8Xq
         3jkb1ssRkKgCBli5e1Y8nOEN6U33fiHagkHyoaL75qBmB4fW6kx08UWCszAo0q4UP/MU
         6CrA==
X-Gm-Message-State: AOAM531exQMXHr19DxUVxGqIjrc6IaygK/hywSnCDjeciUCziHZtX8jx
	uCTEqBYqDRuAYbV/2NvzBI69TniekFjbi82kyuC9jQ==
X-Google-Smtp-Source: ABdhPJwXv10vdKhEFw6oWa8++JW0A5EN74CyKXWhjY29fC2jZ2KDMUiq+LYFhNg13WJFOENvGMJIme4zKx0lcNk2gXo=
X-Received: by 2002:a05:6402:114b:: with SMTP id g11mr738533edw.228.1605199556727;
 Thu, 12 Nov 2020 08:45:56 -0800 (PST)
MIME-Version: 1.0
References: <20201109064522.919-1-bret.barkelew@microsoft.com>
 <CA+ZiHMjVTYKYn4iwpf3mtzTVNa6qampkjOprrQJ5UskOXAJT+g@mail.gmail.com> <003b01d6b8ff$87dae810$9790b830$@byosoft.com.cn>
In-Reply-To: <003b01d6b8ff$87dae810$9790b830$@byosoft.com.cn>
From: "Bret Barkelew" <bret@corthon.com>
Date: Thu, 12 Nov 2020 08:45:45 -0800
Message-ID: <CA+ZiHMg1p4a=m0K8VvKODaBM8CKz6v-Dy+G1a83H2z+4CTuapg@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
To: gaoliming <gaoliming@byosoft.com.cn>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>, Laszlo Ersek <lersek@redhat.com>, 
	Michael D Kinney <michael.d.kinney@intel.com>
Content-Type: multipart/alternative; boundary="0000000000005f693305b3eba5a0"

--0000000000005f693305b3eba5a0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Yes, I'm working on a more sustainable solution for the test cases and have
opened this bug to track it.
3073 =E2=80=93 Provide test cases/apps for VarPol (tianocore.org)
<https://bugzilla.tianocore.org/show_bug.cgi?id=3D3073>

I just didn't want that to hold up the rest of the code that's already bee=
n
signed off on.

On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn> wrote=
:

> Bret:
>
>  V9 version change is mainly for MdeModule Variable driver. The change i=
s
> good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>
>
>
>  Besides, I find V9 doesn=E2=80=99t include the patch
> 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy.
> Because this patch doesn=E2=80=99t pass ECC, will you plan to add it lat=
er?
>
>
>
> Thanks
>
> Liming
>
> *=E5=8F=91=E4=BB=B6=E4=BA=BA:* bounce+27952+67296+4905953+8761045@groups=
.io <
> bounce+27952+67296+4905953+8761045@groups.io> *=E4=BB=A3=E8=A1=A8 *Bret =
Barkelew
> *=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:* 2020=E5=B9=B411=E6=9C=8812=E6=97=
=
=A5 2:44
> *=E6=94=B6=E4=BB=B6=E4=BA=BA:* edk2-devel-groups-io <devel@edk2.groups.i=
o>
> *=E4=B8=BB=E9=A2=98:* Re: [edk2-devel] [PATCH v9 00/13] Add the Variable=
Policy feature
>
>
>
> To clarify:
>
>
>
> The current solution to the MorLock EndOfDxe issue is to expressly call
> LockVariablePolicy() in the same locations that mEndOfDxe is set (which =
was
> the mechanism that previously locked the VariableLock interface). This
> solution maintains parity with the old design, which is keeping with the
> ethos of minimal changes and similar functionality to VariableLock. It d=
oes
> not introduce any new dependencies.
>
>
>
> The only drawback to this approach is that it preserves the strict
> ordering that was also previously required by MorLock, which I will atte=
mpt
> to address in later updates.
>
>
>
> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
>
> The 14 patches in this series add the VariablePolicy feature to the core=
,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding
> libraries,
> a protocol, an SMI communication handler, and VariableServices integrati=
on,
> the patches are broken up by individual library additions and then a fin=
al
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
>
> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Pro=
tocol---Enhanced-Method-for-Managing-Variables#platform-porting
>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://edk2.groups.io/g/devel/message/53712
> (the code branches shared in that discussion are now out of date, but th=
e
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Bret Barkelew <brbarkel@microsoft.com>
> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> v9 changes:
> * Rebase
> * Address the event ordering issues around MorLock at EndOfDxe
> * Drop problematic tests
> * Address ECC issues
>
> v8 changes:
> * Rebase
> * Small tweaks from final PRs
> * Drank a lot
> * Enrolled several members and a steward in CatFacts
>
> v7 changes:
> * Address comments from Dandan about security of the MM handler
> * Add readme
> * Fix bug around hex characters in BOOT####, etc
> * Add additional testing for hex characters
> * Add additional testing for authenticated variables
>
> v6 changes:
> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
> DeinitVariablePolicyLib()
> * Fix GCC building in shell-based functional test
> * Rebase on latest origin/master
>
> v5 changes:
> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
> * Fix EFIAPI mismatches in the functional unittest
> * Rebase on latest origin/master
>
> v4 changes:
> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
> platforms
> * Rebase on master
> * Migrate to new MmCommunicate2 protocol
> * Fix an oversight in the default return value for InitMmCommonCommBuffe=
r
> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
> variables
>
> V3 changes:
> * Address all non-unittest issues with ECC
> * Make additional style changes
> * Include section name in hunk headers in "ini-style" files
> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>   (now allocates its own buffer)
> * Change names from VARIABLE_POLICY_PROTOCOL and
> gVariablePolicyProtocolGuid
>   to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
> * Fix GCC warning about initializing externs
> * Add UNI strings for new PCD
> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
> * Reorder patches according to Liming's feedback about adding to platfor=
ms
>   before changing variable driver
>
> V2 changes:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (13):
>   MdeModulePkg: Define the VariablePolicy protocol interface
>   MdeModulePkg: Define the VariablePolicyLib
>   MdeModulePkg: Define the VariablePolicyHelperLib
>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>   ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>   UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>   MdeModulePkg: Connect VariablePolicy business logic to
>     VariableServices
>   MdeModulePkg: Allow VariablePolicy state to delete protected variables
>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>     variables
>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>  | 346 ++++++++
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>  | 396 ++++++++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>  |  46 ++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx=
e.c
> |  85 ++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>  | 830 ++++++++++++++++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
>  |  52 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
>  |  60 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
>   |  49 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
>  |  60 ++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>  |  71 ++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>   | 573 ++++++++++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
>  |   7 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
>  |  14 +
>  SecurityPkg/Library/AuthVariableLib/AuthService.c
>   |  30 +-
>  ArmVirtPkg/ArmVirt.dsc.inc
>  |   4 +
>  EmulatorPkg/EmulatorPkg.dsc
>   |   3 +
>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>   |  54 ++
>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>  | 164 ++++
>  MdeModulePkg/Include/Library/VariablePolicyLib.h
>  | 207 +++++
>  MdeModulePkg/Include/Protocol/VariablePolicy.h
>  | 157 ++++
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>  |  42 +
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>  |  12 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in=
f
>  |  35 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un=
i
>  |  12 +
>  MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>  | 406 ++++++++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>  |  48 ++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>  |  12 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>  |  51 ++
>  MdeModulePkg/MdeModulePkg.ci.yaml
>   |   4 +-
>  MdeModulePkg/MdeModulePkg.dec
>   |  26 +-
>  MdeModulePkg/MdeModulePkg.dsc
>   |   9 +
>  MdeModulePkg/MdeModulePkg.uni
>   |   7 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>   |   5 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
>  |   4 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>  |  11 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
>   |   4 +
>  OvmfPkg/OvmfPkgIa32.dsc
>   |   5 +
>  OvmfPkg/OvmfPkgIa32X64.dsc
>  |   5 +
>  OvmfPkg/OvmfPkgX64.dsc
>  |   5 +
>  OvmfPkg/OvmfXen.dsc
>   |   4 +
>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>   |   2 +
>  UefiPayloadPkg/UefiPayloadPkgIa32.dsc
>   |   4 +
>  UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
>  |   4 +
>  43 files changed, 3845 insertions(+), 80 deletions(-)
>  create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe=
.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>  create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>  create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib=
.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>  create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>  create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>
> --
> 2.28.0.windows.1
>
>=20
>

--0000000000005f693305b3eba5a0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">Yes, I&#39;m working on a more sustainabl=
e solution for the test cases and have opened this bug to track it.<br><a h=
ref=3D"https://bugzilla.tianocore.org/show_bug.cgi?id=3D3073">3073 =E2=80=
=93 Provide test cases/apps for VarPol (tianocore.org)</a><br></div><div d=
ir=3D"ltr"><br></div><div>I just didn&#39;t want that to hold up the rest o=
f the code that&#39;s already been signed off on.</div></div><br><div class=
=
=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Nov 12, 202=
0 at 6:25 AM gaoliming &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn">gaol=
iming@byosoft.com.cn</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204=
);padding-left:1ex"><div lang=3D"ZH-CN" style=3D"overflow-wrap: break-word;=
"><div class=3D"gmail-m_3398213527691940732WordSection1"><p class=3D"MsoNor=
mal"><span lang=3D"EN-US" style=3D"font-size:10.5pt;font-family:=E7=AD=89=
=E7=BA=BF">Bret:<u></u><u></u></span></p><p class=3D"MsoNormal"><span lang=
=
=3D"EN-US" style=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF"> =C2=
=A0V9 version change is mainly for MdeModule Variable driver. The change i=
s good to me. Reviewed-by: Liming Gao &lt;<a href=3D"mailto:gaoliming@byoso=
ft.com.cn" target=3D"_blank">gaoliming@byosoft.com.cn</a>&gt;<u></u><u></u>=
</span></p><p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:1=
0.5pt;font-family:=E7=AD=89=E7=BA=BF"><u></u>=C2=A0<u></u></span></p><p cla=
ss=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.5pt;font-family=
:=E7=AD=89=E7=BA=BF"> =C2=A0Besides, I find V9 doesn=E2=80=99t include the =
patch 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolic=
y. Because this patch doesn=E2=80=99t pass ECC, will you plan to add it lat=
er? <u></u><u></u></span></p><p class=3D"MsoNormal"><span lang=3D"EN-US" st=
yle=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF"><u></u>=C2=A0<u></u=
></span></p><p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:=
10.5pt;font-family:=E7=AD=89=E7=BA=BF">Thanks<u></u><u></u></span></p><p cl=
ass=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.5pt;font-famil=
y:=E7=AD=89=E7=BA=BF">Liming<u></u><u></u></span></p><div style=3D"border-t=
op:none;border-right:none;border-bottom:none;border-left:1.5pt solid blue;p=
adding:0cm 0cm 0cm 4pt"><div><div style=3D"border-right:none;border-bottom:=
none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm=
 0cm"><p class=3D"MsoNormal"><b><span style=3D"font-size:11pt;font-family:=
=E7=AD=89=E7=BA=BF">=E5=8F=91=E4=BB=B6=E4=BA=BA<span lang=3D"EN-US">:</spa=
n></span></b><span lang=3D"EN-US" style=3D"font-size:11pt;font-family:=E7=
=AD=89=E7=BA=BF"> <a href=3D"mailto:bounce%2B27952%2B67296%2B4905953%2B876=
1045@groups.io" target=3D"_blank">bounce+27952+67296+4905953+8761045@groups=
.io</a> &lt;<a href=3D"mailto:bounce%2B27952%2B67296%2B4905953%2B8761045@gr=
oups.io" target=3D"_blank">bounce+27952+67296+4905953+8761045@groups.io</a>=
&gt; </span><b><span style=3D"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF=
">=E4=BB=A3=E8=A1=A8 </span></b><span lang=3D"EN-US" style=3D"font-size:11p=
t;font-family:=E7=AD=89=E7=BA=BF">Bret Barkelew<br></span><b><span style=3D=
"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF">=E5=8F=91=E9=80=81=E6=97=B6=
=
=E9=97=B4<span lang=3D"EN-US">:</span></span></b><span lang=3D"EN-US" styl=
e=3D"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF"> 2020</span><span style=
=
=3D"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF">=E5=B9=B4<span lang=3D"=
EN-US">11</span>=E6=9C=88<span lang=3D"EN-US">12</span>=E6=97=A5<span lang=
=3D"EN-US"> 2:44<br></span><b>=E6=94=B6=E4=BB=B6=E4=BA=BA<span lang=3D"EN-=
US">:</span></b><span lang=3D"EN-US"> edk2-devel-groups-io &lt;<a href=3D"m=
ailto:devel@edk2.groups.io" target=3D"_blank">devel@edk2.groups.io</a>&gt;<=
br></span><b>=E4=B8=BB=E9=A2=98<span lang=3D"EN-US">:</span></b><span lang=
=3D"EN-US"> Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy featu=
re<u></u><u></u></span></span></p></div></div><p class=3D"MsoNormal"><span =
lang=3D"EN-US"><u></u>=C2=A0<u></u></span></p><div><div><p class=3D"MsoNorm=
al"><span lang=3D"EN-US">To clarify:<u></u><u></u></span></p></div><div><p =
class=3D"MsoNormal"><span lang=3D"EN-US"><u></u>=C2=A0<u></u></span></p></d=
iv><div><p class=3D"MsoNormal"><span lang=3D"EN-US">The current solution to=
 the MorLock EndOfDxe issue is to expressly call LockVariablePolicy() in th=
e same locations that mEndOfDxe is set (which was the mechanism that previo=
usly locked the VariableLock interface). This solution maintains parity wit=
h the old design, which is keeping with the ethos of minimal changes and si=
milar functionality to VariableLock. It does not introduce any new dependen=
cies.<u></u><u></u></span></p></div><div><p class=3D"MsoNormal"><span lang=
=3D"EN-US"><u></u>=C2=A0<u></u></span></p></div><div><p class=3D"MsoNormal=
"><span lang=3D"EN-US">The only drawback to this approach is that it preser=
ves the strict ordering that was also previously required by MorLock, which=
 I will attempt to address in later updates.<u></u><u></u></span></p></div>=
<p class=3D"MsoNormal"><span lang=3D"EN-US"><u></u>=C2=A0<u></u></span></p>=
<div><div><p class=3D"MsoNormal"><span lang=3D"EN-US">On Sun, Nov 8, 2020 a=
t 10:45 PM Bret Barkelew &lt;<a href=3D"mailto:bret@corthon.com" target=3D"=
_blank">bret@corthon.com</a>&gt; wrote:<u></u><u></u></span></p></div><bloc=
kquote style=3D"border-top:none;border-right:none;border-bottom:none;border=
-left:1pt solid rgb(204,204,204);padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;=
margin-right:0cm"><p class=3D"MsoNormal" style=3D"margin-bottom:12pt"><span=
 lang=3D"EN-US">The 14 patches in this series add the VariablePolicy featur=
e to the core,<br>deprecate Edk2VarLock (while adding a compatibility layer=
 to reduce code<br>churn), and integrate the VariablePolicy libraries and p=
rotocols into<br>Variable Services.<br><br>Since the integration requires m=
ultiple changes, including adding libraries,<br>a protocol, an SMI communic=
ation handler, and VariableServices integration,<br>the patches are broken =
up by individual library additions and then a final<br>integration. Securit=
y-sensitive changes like bypassing Authenticated<br>Variable enforcement ar=
e also broken out into individual patches so that<br>attention can be calle=
d directly to them.<br><br>Platform porting instructions are described in t=
his wiki entry:<br><a href=3D"https://github.com/tianocore/tianocore.github=
.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#p=
latform-porting" target=3D"_blank">https://github.com/tianocore/tianocore.g=
ithub.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variab=
les#platform-porting</a><br><br>Discussion of the feature can be found in m=
ultiple places throughout<br>the last year on the RFC channel, staging bran=
ches, and in devel.<br><br>Most recently, this subject was discussed in thi=
s thread:<br><a href=3D"https://edk2.groups.io/g/devel/message/53712" targe=
t=3D"_blank">https://edk2.groups.io/g/devel/message/53712</a><br>(the code =
branches shared in that discussion are now out of date, but the<br>whitepap=
ers and discussion are relevant).<br><br>Cc: Jiewen Yao &lt;<a href=3D"mail=
to:jiewen.yao@intel.com" target=3D"_blank">jiewen.yao@intel.com</a>&gt;<br>=
Cc: Dandan Bi &lt;<a href=3D"mailto:dandan.bi@intel.com" target=3D"_blank">=
dandan.bi@intel.com</a>&gt;<br>Cc: Chao Zhang &lt;<a href=3D"mailto:chao.b.=
zhang@intel.com" target=3D"_blank">chao.b.zhang@intel.com</a>&gt;<br>Cc: Ji=
an J Wang &lt;<a href=3D"mailto:jian.j.wang@intel.com" target=3D"_blank">ji=
an.j.wang@intel.com</a>&gt;<br>Cc: Hao A Wu &lt;<a href=3D"mailto:hao.a.wu@=
intel.com" target=3D"_blank">hao.a.wu@intel.com</a>&gt;<br>Cc: Liming Gao &=
lt;<a href=3D"mailto:liming.gao@intel.com" target=3D"_blank">liming.gao@int=
el.com</a>&gt;<br>Cc: Jordan Justen &lt;<a href=3D"mailto:jordan.l.justen@i=
ntel.com" target=3D"_blank">jordan.l.justen@intel.com</a>&gt;<br>Cc: Laszlo=
 Ersek &lt;<a href=3D"mailto:lersek@redhat.com" target=3D"_blank">lersek@re=
dhat.com</a>&gt;<br>Cc: Ard Biesheuvel &lt;<a href=3D"mailto:ard.biesheuvel=
@arm.com" target=3D"_blank">ard.biesheuvel@arm.com</a>&gt;<br>Cc: Andrew Fi=
sh &lt;<a href=3D"mailto:afish@apple.com" target=3D"_blank">afish@apple.com=
</a>&gt;<br>Cc: Ray Ni &lt;<a href=3D"mailto:ray.ni@intel.com" target=3D"_b=
lank">ray.ni@intel.com</a>&gt;<br>Cc: Bret Barkelew &lt;<a href=3D"mailto:b=
rbarkel@microsoft.com" target=3D"_blank">brbarkel@microsoft.com</a>&gt;<br>=
Signed-off-by: Bret Barkelew &lt;<a href=3D"mailto:brbarkel@microsoft.com" =
target=3D"_blank">brbarkel@microsoft.com</a>&gt;<br><br>v9 changes:<br>* Re=
base<br>* Address the event ordering issues around MorLock at EndOfDxe<br>*=
 Drop problematic tests<br>* Address ECC issues<br><br>v8 changes:<br>* Reb=
ase<br>* Small tweaks from final PRs<br>* Drank a lot<br>* Enrolled several=
 members and a steward in CatFacts<br><br>v7 changes:<br>* Address comments=
 from Dandan about security of the MM handler<br>* Add readme<br>* Fix bug =
around hex characters in BOOT####, etc<br>* Add additional testing for hex =
characters<br>* Add additional testing for authenticated variables<br><br>v=
6 changes:<br>* Fix an issue with uninitialized Status in InitVariablePolic=
yLib() and DeinitVariablePolicyLib()<br>* Fix GCC building in shell-based f=
unctional test<br>* Rebase on latest origin/master<br><br>v5 changes:<br>* =
Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c<br>* =
Fix EFIAPI mismatches in the functional unittest<br>* Rebase on latest orig=
in/master<br><br>v4 changes:<br>* Remove Optional PcdAllowVariablePolicyEnf=
orcementDisable PCD from platforms<br>* Rebase on master<br>* Migrate to ne=
w MmCommunicate2 protocol<br>* Fix an oversight in the default return value=
 for InitMmCommonCommBuffer<br>* Fix in VariablePolicyLib to allow ExtraIni=
tRuntimeDxe to consume variables<br><br>V3 changes:<br>* Address all non-un=
ittest issues with ECC<br>* Make additional style changes<br>* Include sect=
ion name in hunk headers in &quot;ini-style&quot; files<br>* Remove require=
ment for the EdkiiPiSmmCommunicationsRegionTable driver<br>=C2=A0 (now allo=
cates its own buffer)<br>* Change names from VARIABLE_POLICY_PROTOCOL and g=
VariablePolicyProtocolGuid<br>=C2=A0 to EDKII_VARIABLE_POLICY_PROTOCOL and =
gEdkiiVariablePolicyProtocolGuid<br>* Fix GCC warning about initializing ex=
terns<br>* Add UNI strings for new PCD<br>* Add patches for ArmVirtPkg, Ovm=
fXen, and UefiPayloadPkg<br>* Reorder patches according to Liming&#39;s fee=
dback about adding to platforms<br>=C2=A0 before changing variable driver<b=
r><br>V2 changes:<br>* Fixed implementation for RuntimeDxe<br>* Add PCD to =
block DisableVariablePolicy<br>* Fix the DumpVariablePolicy pagination in S=
MM<br><br>Bret Barkelew (13):<br>=C2=A0 MdeModulePkg: Define the VariablePo=
licy protocol interface<br>=C2=A0 MdeModulePkg: Define the VariablePolicyLi=
b<br>=C2=A0 MdeModulePkg: Define the VariablePolicyHelperLib<br>=C2=A0 MdeM=
odulePkg: Define the VarCheckPolicyLib and SMM interface<br>=C2=A0 OvmfPkg:=
 Add VariablePolicy engine to OvmfPkg platform<br>=C2=A0 EmulatorPkg: Add V=
ariablePolicy engine to EmulatorPkg platform<br>=C2=A0 ArmVirtPkg: Add Vari=
ablePolicy engine to ArmVirtPkg platform<br>=C2=A0 UefiPayloadPkg: Add Vari=
ablePolicy engine to UefiPayloadPkg platform<br>=C2=A0 MdeModulePkg: Connec=
t VariablePolicy business logic to<br>=C2=A0 =C2=A0 VariableServices<br>=C2=
=
=A0 MdeModulePkg: Allow VariablePolicy state to delete protected variables=
<br>=C2=A0 SecurityPkg: Allow VariablePolicy state to delete authenticated<=
br>=C2=A0 =C2=A0 variables<br>=C2=A0 MdeModulePkg: Change TCG MOR variables=
 to use VariablePolicy<br>=C2=A0 MdeModulePkg: Drop VarLock from RuntimeDxe=
 variable driver<br><br>=C2=A0MdeModulePkg/Library/VarCheckPolicyLib/VarChe=
ckPolicyLib.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
| 346 ++++++++<br>=C2=A0MdeModulePkg/Library/VariablePolicyHelperLib/Variab=
lePolicyHelperLib.c=C2=A0 =C2=A0 =C2=A0| 396 ++++++++++<br>=C2=A0MdeModuleP=
kg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c=C2=A0 =C2=A0 =C2=
=
=A0 =C2=A0|=C2=A0 46 ++<br>=C2=A0MdeModulePkg/Library/VariablePolicyLib/Va=
riablePolicyExtraInitRuntimeDxe.c |=C2=A0 85 ++<br>=C2=A0MdeModulePkg/Libra=
ry/VariablePolicyLib/VariablePolicyLib.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0| 830 ++++++++++++++++++++<br>=C2=A0MdeModulePk=
g/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 52 +-<br>=C2=A0MdeModulePkg/Univ=
ersal/Variable/RuntimeDxe/TcgMorLockSmm.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 60 +-<br>=C2=A0MdeModulePkg/Universal/V=
ariable/RuntimeDxe/VarCheck.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 49 +-<br>=C2=A0MdeModulePkg/Univer=
sal/Variable/RuntimeDxe/VariableDxe.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 60 ++<br>=C2=A0MdeModulePkg/Univers=
al/Variable/RuntimeDxe/VariableLockRequestToLock.c=C2=A0 =C2=A0 =C2=A0|=C2=
=A0 71 ++<br>=C2=A0MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePoli=
cySmmDxe.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 573 ++++++++++++++<br>=C2=A0=
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A07 +<br>=
=C2=A0MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 14 +<br>=C2=A0SecurityPkg/Librar=
y/AuthVariableLib/AuthService.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 30 +-<br>=C2=A0Ar=
mVirtPkg/ArmVirt.dsc.inc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A04 +<br>=
=C2=A0EmulatorPkg/EmulatorPkg.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A03 +<br>=
=
=C2=A0MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 |=C2=A0 54 ++<br>=C2=A0MdeModulePkg/Include/Library/VariablePol=
icyHelperLib.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0| 164 ++++<br>=C2=A0MdeModulePkg/Include/Library/Variable=
PolicyLib.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 207 +++++<br>=C2=A0MdeModulePkg/Includ=
e/Protocol/VariablePolicy.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 157 ++++<br>=C2=
=A0MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 42 +<br>=C2=A0MdeModu=
lePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 12 +<br>=C2=A0MdeModulePkg/Libra=
ry/VariablePolicyHelperLib/VariablePolicyHelperLib.inf=C2=A0 =C2=A0|=C2=A0 =
35 +<br>=C2=A0MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHe=
lperLib.uni=C2=A0 =C2=A0|=C2=A0 12 +<br>=C2=A0MdeModulePkg/Library/Variable=
PolicyLib/ReadMe.md=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 406 ++++++++++<br>=C2=A0MdeModu=
lePkg/Library/VariablePolicyLib/VariablePolicyLib.inf=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 48 ++<br>=C2=A0MdeModulePkg/Libr=
ary/VariablePolicyLib/VariablePolicyLib.uni=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 12 +<br>=C2=A0MdeModulePkg/Library/Variabl=
ePolicyLib/VariablePolicyLibRuntimeDxe.inf=C2=A0 =C2=A0 =C2=A0|=C2=A0 51 ++=
<br>=C2=A0MdeModulePkg/MdeModulePkg.ci.yaml=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A04 +-<br>=C2=A0MdeM=
odulePkg/MdeModulePkg.dec=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 26 +-<br>=C2=A0MdeModulePkg=
/MdeModulePkg.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A09 +<br>=C2=A0MdeModulePkg/Md=
eModulePkg.uni=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A07 +<br>=C2=A0MdeModulePkg/Univer=
sal/Variable/RuntimeDxe/VariableRuntimeDxe.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 |=C2=A0 =C2=A05 +<br>=C2=A0MdeModulePkg/Universal/Variable/RuntimeD=
xe/VariableSmm.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0|=C2=A0 =C2=A04 +<br>=C2=A0MdeModulePkg/Universal/Variable/RuntimeDx=
e/VariableSmmRuntimeDxe.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 11 +<br>=C2=
=A0MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A04 +<br>=C2=A0OvmfPkg/OvmfPkgIa32.ds=
c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A05 +<br>=C2=A0OvmfPkg/Ovmf=
PkgIa32X64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A05 +<br>=C2=A0OvmfPk=
g/OvmfPkgX64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A05 +<b=
r>=C2=A0OvmfPkg/OvmfXen.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
|=C2=A0 =C2=A04 +<br>=C2=A0SecurityPkg/Library/AuthVariableLib/AuthVariable=
Lib.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 |=C2=A0 =C2=A02 +<br>=C2=A0UefiPayloadPkg/UefiPayloadPkgIa32.dsc=C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A04 +<br>=
=
=C2=A0UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A04 +<br>=C2=A043 files changed, 3845 =
insertions(+), 80 deletions(-)<br>=C2=A0create mode 100644 MdeModulePkg/Lib=
rary/VarCheckPolicyLib/VarCheckPolicyLib.c<br>=C2=A0create mode 100644 MdeM=
odulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c<br>=C2=
=A0create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yExtraInitNull.c<br>=C2=A0create mode 100644 MdeModulePkg/Library/VariableP=
olicyLib/VariablePolicyExtraInitRuntimeDxe.c<br>=C2=A0create mode 100644 Md=
eModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c<br>=C2=A0create mo=
de 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToL=
ock.c<br>=C2=A0create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDx=
e/VariablePolicySmmDxe.c<br>=C2=A0create mode 100644 MdeModulePkg/Include/G=
uid/VarCheckPolicyMmi.h<br>=C2=A0create mode 100644 MdeModulePkg/Include/Li=
brary/VariablePolicyHelperLib.h<br>=C2=A0create mode 100644 MdeModulePkg/In=
clude/Library/VariablePolicyLib.h<br>=C2=A0create mode 100644 MdeModulePkg/=
Include/Protocol/VariablePolicy.h<br>=C2=A0create mode 100644 MdeModulePkg/=
Library/VarCheckPolicyLib/VarCheckPolicyLib.inf<br>=C2=A0create mode 100644=
 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni<br>=C2=A0crea=
te mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyH=
elperLib.inf<br>=C2=A0create mode 100644 MdeModulePkg/Library/VariablePolic=
yHelperLib/VariablePolicyHelperLib.uni<br>=C2=A0create mode 100644 MdeModul=
ePkg/Library/VariablePolicyLib/ReadMe.md<br>=C2=A0create mode 100644 MdeMod=
ulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf<br>=C2=A0create mode=
 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni<br>=C2=
=
=A0create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLibRuntimeDxe.inf<br><br>-- <br>2.28.0.windows.1<u></u><u></u></span></p><=
/blockquote></div></div><div><p class=3D"MsoNormal"></u><u></u></span></p><=
/div></div></div></div></blockquote></div>

--0000000000005f693305b3eba5a0--