Looks like I should have everything I need on this patch set. Can I assume
that someone will stage it to make it into 2011-stable?

On Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew <bret@corthon.com> wrote:

> Yes, I'm working on a more sustainable solution for the test cases and
> have opened this bug to track it.
> 3073 – Provide test cases/apps for VarPol (tianocore.org)
> <https://bugzilla.tianocore.org/show_bug.cgi?id=3073>
>
> I just didn't want that to hold up the rest of the code that's already
> been signed off on.
>
> On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn>
> wrote:
>
>> Bret:
>>
>>  V9 version change is mainly for MdeModule Variable driver. The change is
>> good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>>
>>
>>
>>  Besides, I find V9 doesn’t include the patch
>> 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy.
>> Because this patch doesn’t pass ECC, will you plan to add it later?
>>
>>
>>
>> Thanks
>>
>> Liming
>>
>> *发件人:* bounce+27952+67296+4905953+8761045@groups.io <
>> bounce+27952+67296+4905953+8761045@groups.io> *代表 *Bret Barkelew
>> *发送时间:* 2020年11月12日 2:44
>> *收件人:* edk2-devel-groups-io <devel@edk2.groups.io>
>> *主题:* Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
>>
>>
>>
>> To clarify:
>>
>>
>>
>> The current solution to the MorLock EndOfDxe issue is to expressly call
>> LockVariablePolicy() in the same locations that mEndOfDxe is set (which was
>> the mechanism that previously locked the VariableLock interface). This
>> solution maintains parity with the old design, which is keeping with the
>> ethos of minimal changes and similar functionality to VariableLock. It does
>> not introduce any new dependencies.
>>
>>
>>
>> The only drawback to this approach is that it preserves the strict
>> ordering that was also previously required by MorLock, which I will attempt
>> to address in later updates.
>>
>>
>>
>> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
>>
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>>
>> Since the integration requires multiple changes, including adding
>> libraries,
>> a protocol, an SMI communication handler, and VariableServices
>> integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>>
>> Platform porting instructions are described in this wiki entry:
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>>
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>>
>> Most recently, this subject was discussed in this thread:
>> https://edk2.groups.io/g/devel/message/53712
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>>
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>>
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>>
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
>> DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>>
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>>
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
>> platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
>> variables
>>
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>>   (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and
>> gVariablePolicyProtocolGuid
>>   to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>>   before changing variable driver
>>
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>>
>> Bret Barkelew (13):
>>   MdeModulePkg: Define the VariablePolicy protocol interface
>>   MdeModulePkg: Define the VariablePolicyLib
>>   MdeModulePkg: Define the VariablePolicyHelperLib
>>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>>   ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>>   UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>>   MdeModulePkg: Connect VariablePolicy business logic to
>>     VariableServices
>>   MdeModulePkg: Allow VariablePolicy state to delete protected variables
>>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>>     variables
>>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>    | 346 ++++++++
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>    | 396 ++++++++++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>    |  46 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>> |  85 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>    | 830 ++++++++++++++++++++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
>>    |  52 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
>>    |  60 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
>>   |  49 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
>>    |  60 ++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>    |  71 ++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>   | 573 ++++++++++++++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
>>    |   7 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
>>    |  14 +
>>  SecurityPkg/Library/AuthVariableLib/AuthService.c
>>   |  30 +-
>>  ArmVirtPkg/ArmVirt.dsc.inc
>>    |   4 +
>>  EmulatorPkg/EmulatorPkg.dsc
>>   |   3 +
>>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>   |  54 ++
>>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>>    | 164 ++++
>>  MdeModulePkg/Include/Library/VariablePolicyLib.h
>>    | 207 +++++
>>  MdeModulePkg/Include/Protocol/VariablePolicy.h
>>    | 157 ++++
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>    |  42 +
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>    |  12 +
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>>  |  35 +
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>>  |  12 +
>>  MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>    | 406 ++++++++++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>    |  48 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>    |  12 +
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>    |  51 ++
>>  MdeModulePkg/MdeModulePkg.ci.yaml
>>   |   4 +-
>>  MdeModulePkg/MdeModulePkg.dec
>>   |  26 +-
>>  MdeModulePkg/MdeModulePkg.dsc
>>   |   9 +
>>  MdeModulePkg/MdeModulePkg.uni
>>   |   7 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>>   |   5 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
>>    |   4 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>>    |  11 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
>>   |   4 +
>>  OvmfPkg/OvmfPkgIa32.dsc
>>   |   5 +
>>  OvmfPkg/OvmfPkgIa32X64.dsc
>>    |   5 +
>>  OvmfPkg/OvmfPkgX64.dsc
>>    |   5 +
>>  OvmfPkg/OvmfXen.dsc
>>   |   4 +
>>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>>   |   2 +
>>  UefiPayloadPkg/UefiPayloadPkgIa32.dsc
>>   |   4 +
>>  UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
>>    |   4 +
>>  43 files changed, 3845 insertions(+), 80 deletions(-)
>>  create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>  create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>  create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>>  create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>  create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>
>> --
>> 2.28.0.windows.1
>>
>> 
>>
>