From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49])
 by mx.groups.io with SMTP id smtpd.web11.14339.1605230445417033508
 for <devel@edk2.groups.io>;
 Thu, 12 Nov 2020 17:20:46 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@corthon-com.20150623.gappssmtp.com header.s=20150623 header.b=fPWWJJnA;
 spf=none, err=permanent DNS error (domain: corthon.com, ip: 209.85.218.49, mailfrom: bret@corthon.com)
Received: by mail-ej1-f49.google.com with SMTP id o9so10930965ejg.1
        for <devel@edk2.groups.io>; Thu, 12 Nov 2020 17:20:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=corthon-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=tFcYE6p0gf460u2xrG7Vc36DR88tmM/nFfbN1oCnXWg=;
        b=fPWWJJnAyo/kBhWGLdG8gUePehmd25HSfhqDF8Mh/8059lbAmSeN4omAyUncytx2Xv
         KOJ8XZK5bjkhPq1yAVk7k1zswh+8JraBt9WY/GrUN04IMqso41/DoqQiHSqq6l58tKmW
         veZYs84eKlDmRwLDCTFw4sE+Rm7QOpkLQQQvCzxQhOsiJPkjV9sgHhcfdOYrx1qdhZw5
         2jZeINZnoRCSNPrRGKUqoVRhHZlRk8NkXjzyEdACZHeuysWJIlIwwEv3tX06jQHTMNr3
         8MyRb3OV44dsmYeBrjYM9dEyr2fzHhfNMakmJaEF7FDJFNMSO8iWGhwt9A5KExMrZCvK
         UI2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=tFcYE6p0gf460u2xrG7Vc36DR88tmM/nFfbN1oCnXWg=;
        b=QcmL+ZYm0MDDbhCsbqpvjB9EAaC002k/eHRWdzgOkHKOgVmyCeJNqF2ERKxurJFwC9
         tZD246ZqCBIl3QRyJPhW8pj91JxmDv84X7EkfbL7EOdGzTaZNIeTrjzfZzrB2/0rcs3U
         FHnUjBNKPBZFVublhxbJlIgOFH8kKCYwJAz/IZbitmQODHR++0t9cXCFmr5WvgIepeDy
         EAop81WZo8EsdondSpXfYqqeMm59rI9jeti2gBWHcaJXlQzZa2Sq9mUlBfgFdOinIKvG
         M66cKVQjW0XS/mGEq2DagShQ6URdR+Nj8230e3e+rvl57uh8Hd3IxEXwi3hybHOxdDlw
         1FTQ==
X-Gm-Message-State: AOAM530ahCOQnGVIm4REPdCyNlKPCperm84z+cqwigUGs8WlN8R7m2+u
	Nr6ciUPQq/w1+UTlwOadcXaDH/WVlEw2AADdu2YPmw==
X-Google-Smtp-Source: ABdhPJxogRKzD7QDkwq97zYeKG/mfgnqCq8SNEP3IvnErYe0GaHFx0BAytHrsevPsYwUMVNrasJjEs+Hcrfl0RwBsOc=
X-Received: by 2002:a17:906:2297:: with SMTP id p23mr2065661eja.60.1605230443964;
 Thu, 12 Nov 2020 17:20:43 -0800 (PST)
MIME-Version: 1.0
References: <20201109064522.919-1-bret.barkelew@microsoft.com>
 <CA+ZiHMjVTYKYn4iwpf3mtzTVNa6qampkjOprrQJ5UskOXAJT+g@mail.gmail.com>
 <003b01d6b8ff$87dae810$9790b830$@byosoft.com.cn> <CA+ZiHMg1p4a=m0K8VvKODaBM8CKz6v-Dy+G1a83H2z+4CTuapg@mail.gmail.com>
In-Reply-To: <CA+ZiHMg1p4a=m0K8VvKODaBM8CKz6v-Dy+G1a83H2z+4CTuapg@mail.gmail.com>
From: "Bret Barkelew" <bret@corthon.com>
Date: Thu, 12 Nov 2020 17:20:32 -0800
Message-ID: <CA+ZiHMiC37zULg+ybKQPuLrwkd=bh3a-nNKk9C+prP+UZNuTUQ@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v9 00/13] Add the VariablePolicy feature
To: gaoliming <gaoliming@byosoft.com.cn>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>, Laszlo Ersek <lersek@redhat.com>, 
	Michael D Kinney <michael.d.kinney@intel.com>
Content-Type: multipart/alternative; boundary="00000000000065434505b3f2d6d4"

--00000000000065434505b3f2d6d4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Looks like I should have everything I need on this patch set. Can I assume
that someone will stage it to make it into 2011-stable?

On Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew <bret@corthon.com> wrote:

> Yes, I'm working on a more sustainable solution for the test cases and
> have opened this bug to track it.
> 3073 =E2=80=93 Provide test cases/apps for VarPol (tianocore.org)
> <https://bugzilla.tianocore.org/show_bug.cgi?id=3D3073>
>
> I just didn't want that to hold up the rest of the code that's already
> been signed off on.
>
> On Thu, Nov 12, 2020 at 6:25 AM gaoliming <gaoliming@byosoft.com.cn>
> wrote:
>
>> Bret:
>>
>>  V9 version change is mainly for MdeModule Variable driver. The change =
is
>> good to me. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>>
>>
>>
>>  Besides, I find V9 doesn=E2=80=99t include the patch
>> 0014-MdeModulePkg-Add-a-shell-based-functional-test-for-VariablePolicy.
>> Because this patch doesn=E2=80=99t pass ECC, will you plan to add it la=
ter?
>>
>>
>>
>> Thanks
>>
>> Liming
>>
>> *=E5=8F=91=E4=BB=B6=E4=BA=BA:* bounce+27952+67296+4905953+8761045@group=
s.io <
>> bounce+27952+67296+4905953+8761045@groups.io> *=E4=BB=A3=E8=A1=A8 *Bret=
 Barkelew
>> *=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:* 2020=E5=B9=B411=E6=9C=8812=E6=
=97=A5 2:44
>> *=E6=94=B6=E4=BB=B6=E4=BA=BA:* edk2-devel-groups-io <devel@edk2.groups.=
io>
>> *=E4=B8=BB=E9=A2=98:* Re: [edk2-devel] [PATCH v9 00/13] Add the Variabl=
ePolicy feature
>>
>>
>>
>> To clarify:
>>
>>
>>
>> The current solution to the MorLock EndOfDxe issue is to expressly call
>> LockVariablePolicy() in the same locations that mEndOfDxe is set (which=
 was
>> the mechanism that previously locked the VariableLock interface). This
>> solution maintains parity with the old design, which is keeping with th=
e
>> ethos of minimal changes and similar functionality to VariableLock. It =
does
>> not introduce any new dependencies.
>>
>>
>>
>> The only drawback to this approach is that it preserves the strict
>> ordering that was also previously required by MorLock, which I will att=
empt
>> to address in later updates.
>>
>>
>>
>> On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew <bret@corthon.com> wrote:
>>
>> The 14 patches in this series add the VariablePolicy feature to the cor=
e,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce cod=
e
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>>
>> Since the integration requires multiple changes, including adding
>> libraries,
>> a protocol, an SMI communication handler, and VariableServices
>> integration,
>> the patches are broken up by individual library additions and then a fi=
nal
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so tha=
t
>> attention can be called directly to them.
>>
>> Platform porting instructions are described in this wiki entry:
>>
>> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Pr=
otocol---Enhanced-Method-for-Managing-Variables#platform-porting
>>
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>>
>> Most recently, this subject was discussed in this thread:
>> https://edk2.groups.io/g/devel/message/53712
>> (the code branches shared in that discussion are now out of date, but t=
he
>> whitepapers and discussion are relevant).
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>>
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>>
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>>
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
>> DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>>
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>>
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
>> platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuff=
er
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume
>> variables
>>
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>>   (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and
>> gVariablePolicyProtocolGuid
>>   to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGui=
d
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platfo=
rms
>>   before changing variable driver
>>
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>>
>> Bret Barkelew (13):
>>   MdeModulePkg: Define the VariablePolicy protocol interface
>>   MdeModulePkg: Define the VariablePolicyLib
>>   MdeModulePkg: Define the VariablePolicyHelperLib
>>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>>   ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>>   UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>>   MdeModulePkg: Connect VariablePolicy business logic to
>>     VariableServices
>>   MdeModulePkg: Allow VariablePolicy state to delete protected variable=
s
>>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>>     variables
>>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>    | 346 ++++++++
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>    | 396 ++++++++++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>    |  46 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeD=
xe.c
>> |  85 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>    | 830 ++++++++++++++++++++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
>>    |  52 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
>>    |  60 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
>>   |  49 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
>>    |  60 ++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>    |  71 ++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>   | 573 ++++++++++++++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
>>    |   7 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
>>    |  14 +
>>  SecurityPkg/Library/AuthVariableLib/AuthService.c
>>   |  30 +-
>>  ArmVirtPkg/ArmVirt.dsc.inc
>>    |   4 +
>>  EmulatorPkg/EmulatorPkg.dsc
>>   |   3 +
>>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>   |  54 ++
>>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>>    | 164 ++++
>>  MdeModulePkg/Include/Library/VariablePolicyLib.h
>>    | 207 +++++
>>  MdeModulePkg/Include/Protocol/VariablePolicy.h
>>    | 157 ++++
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>    |  42 +
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>    |  12 +
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.i=
nf
>>  |  35 +
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.u=
ni
>>  |  12 +
>>  MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>    | 406 ++++++++++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>    |  48 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>    |  12 +
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>    |  51 ++
>>  MdeModulePkg/MdeModulePkg.ci.yaml
>>   |   4 +-
>>  MdeModulePkg/MdeModulePkg.dec
>>   |  26 +-
>>  MdeModulePkg/MdeModulePkg.dsc
>>   |   9 +
>>  MdeModulePkg/MdeModulePkg.uni
>>   |   7 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>>   |   5 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
>>    |   4 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>>    |  11 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
>>   |   4 +
>>  OvmfPkg/OvmfPkgIa32.dsc
>>   |   5 +
>>  OvmfPkg/OvmfPkgIa32X64.dsc
>>    |   5 +
>>  OvmfPkg/OvmfPkgX64.dsc
>>    |   5 +
>>  OvmfPkg/OvmfXen.dsc
>>   |   4 +
>>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>>   |   2 +
>>  UefiPayloadPkg/UefiPayloadPkgIa32.dsc
>>   |   4 +
>>  UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
>>    |   4 +
>>  43 files changed, 3845 insertions(+), 80 deletions(-)
>>  create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx=
e.c
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>  create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>  create mode 100644
>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLi=
b.h
>>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>>  create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>  create mode 100644
>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in=
f
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un=
i
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>  create mode 100644
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>>
>> --
>> 2.28.0.windows.1
>>
>>=20
>>
>

--00000000000065434505b3f2d6d4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Looks like I should have everything I need on this patch s=
et. Can I assume that someone will stage it to make it into 2011-stable?</d=
iv><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On =
Thu, Nov 12, 2020 at 8:45 AM Bret Barkelew &lt;<a href=3D"mailto:bret@corth=
on.com">bret@corthon.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail=
_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204=
,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr">Yes, I&#39;m work=
ing on a more sustainable solution for the test cases and have opened this =
bug to track it.<br><a href=3D"https://bugzilla.tianocore.org/show_bug.cgi?=
id=3D3073" target=3D"_blank">3073 =E2=80=93 Provide test cases/apps for Var=
Pol (tianocore.org)</a><br></div><div dir=3D"ltr"><br></div><div>I just did=
n&#39;t want that to hold up the rest of the code that&#39;s already been s=
igned off on.</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cl=
ass=3D"gmail_attr">On Thu, Nov 12, 2020 at 6:25 AM gaoliming &lt;<a href=3D=
"mailto:gaoliming@byosoft.com.cn" target=3D"_blank">gaoliming@byosoft.com.c=
n</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
><div lang=3D"ZH-CN"><div><p class=3D"MsoNormal"><span lang=3D"EN-US" style=
=
=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF">Bret:<u></u><u></u></=
span></p><p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.=
5pt;font-family:=E7=AD=89=E7=BA=BF"> =C2=A0V9 version change is mainly for =
MdeModule Variable driver. The change is good to me. Reviewed-by: Liming Ga=
o &lt;<a href=3D"mailto:gaoliming@byosoft.com.cn" target=3D"_blank">gaolimi=
ng@byosoft.com.cn</a>&gt;<u></u><u></u></span></p><p class=3D"MsoNormal"><s=
pan lang=3D"EN-US" style=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF=
"><u></u>=C2=A0<u></u></span></p><p class=3D"MsoNormal"><span lang=3D"EN-US=
" style=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF"> =C2=A0Besides,=
 I find V9 doesn=E2=80=99t include the patch 0014-MdeModulePkg-Add-a-shell-=
based-functional-test-for-VariablePolicy. Because this patch doesn=E2=80=99=
t pass ECC, will you plan to add it later? <u></u><u></u></span></p><p clas=
s=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.5pt;font-family:=
=
=E7=AD=89=E7=BA=BF"><u></u>=C2=A0<u></u></span></p><p class=3D"MsoNormal">=
<span lang=3D"EN-US" style=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=
=BF">Thanks<u></u><u></u></span></p><p class=3D"MsoNormal"><span lang=3D"E=
N-US" style=3D"font-size:10.5pt;font-family:=E7=AD=89=E7=BA=BF">Liming<u></=
u><u></u></span></p><div style=3D"border-top:none;border-right:none;border-=
bottom:none;border-left:1.5pt solid blue;padding:0cm 0cm 0cm 4pt"><div><div=
 style=3D"border-right:none;border-bottom:none;border-left:none;border-top:=
1pt solid rgb(225,225,225);padding:3pt 0cm 0cm"><p class=3D"MsoNormal"><b><=
span style=3D"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF">=E5=8F=91=E4=
=BB=B6=E4=BA=BA<span lang=3D"EN-US">:</span></span></b><span lang=3D"EN-US=
" style=3D"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF"> <a href=3D"mailt=
o:bounce%2B27952%2B67296%2B4905953%2B8761045@groups.io" target=3D"_blank">b=
ounce+27952+67296+4905953+8761045@groups.io</a> &lt;<a href=3D"mailto:bounc=
e%2B27952%2B67296%2B4905953%2B8761045@groups.io" target=3D"_blank">bounce+2=
7952+67296+4905953+8761045@groups.io</a>&gt; </span><b><span style=3D"font-=
size:11pt;font-family:=E7=AD=89=E7=BA=BF">=E4=BB=A3=E8=A1=A8 </span></b><sp=
an lang=3D"EN-US" style=3D"font-size:11pt;font-family:=E7=AD=89=E7=BA=BF">B=
ret Barkelew<br></span><b><span style=3D"font-size:11pt;font-family:=E7=AD=
=89=E7=BA=BF">=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4<span lang=3D"EN-US">:</=
span></span></b><span lang=3D"EN-US" style=3D"font-size:11pt;font-family:=
=E7=AD=89=E7=BA=BF"> 2020</span><span style=3D"font-size:11pt;font-family:=
=
=E7=AD=89=E7=BA=BF">=E5=B9=B4<span lang=3D"EN-US">11</span>=E6=9C=88<span =
lang=3D"EN-US">12</span>=E6=97=A5<span lang=3D"EN-US"> 2:44<br></span><b>=
=E6=94=B6=E4=BB=B6=E4=BA=BA<span lang=3D"EN-US">:</span></b><span lang=3D"=
EN-US"> edk2-devel-groups-io &lt;<a href=3D"mailto:devel@edk2.groups.io" ta=
rget=3D"_blank">devel@edk2.groups.io</a>&gt;<br></span><b>=E4=B8=BB=E9=A2=
=98<span lang=3D"EN-US">:</span></b><span lang=3D"EN-US"> Re: [edk2-devel]=
 [PATCH v9 00/13] Add the VariablePolicy feature<u></u><u></u></span></span=
></p></div></div><p class=3D"MsoNormal"><span lang=3D"EN-US"><u></u>=C2=A0<=
u></u></span></p><div><div><p class=3D"MsoNormal"><span lang=3D"EN-US">To c=
larify:<u></u><u></u></span></p></div><div><p class=3D"MsoNormal"><span lan=
g=3D"EN-US"><u></u>=C2=A0<u></u></span></p></div><div><p class=3D"MsoNormal=
"><span lang=3D"EN-US">The current solution to the MorLock EndOfDxe issue i=
s to expressly call LockVariablePolicy() in the same locations that mEndOfD=
xe is set (which was the mechanism that previously locked the VariableLock =
interface). This solution maintains parity with the old design, which is ke=
eping with the ethos of minimal changes and similar functionality to Variab=
leLock. It does not introduce any new dependencies.<u></u><u></u></span></p=
></div><div><p class=3D"MsoNormal"><span lang=3D"EN-US"><u></u>=C2=A0<u></u=
></span></p></div><div><p class=3D"MsoNormal"><span lang=3D"EN-US">The only=
 drawback to this approach is that it preserves the strict ordering that wa=
s also previously required by MorLock, which I will attempt to address in l=
ater updates.<u></u><u></u></span></p></div><p class=3D"MsoNormal"><span la=
ng=3D"EN-US"><u></u>=C2=A0<u></u></span></p><div><div><p class=3D"MsoNormal=
"><span lang=3D"EN-US">On Sun, Nov 8, 2020 at 10:45 PM Bret Barkelew &lt;<a=
 href=3D"mailto:bret@corthon.com" target=3D"_blank">bret@corthon.com</a>&gt=
; wrote:<u></u><u></u></span></p></div><blockquote style=3D"border-top:none=
;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204=
);padding:0cm 0cm 0cm 6pt;margin-left:4.8pt;margin-right:0cm"><p class=3D"M=
soNormal" style=3D"margin-bottom:12pt"><span lang=3D"EN-US">The 14 patches =
in this series add the VariablePolicy feature to the core,<br>deprecate Edk=
2VarLock (while adding a compatibility layer to reduce code<br>churn), and =
integrate the VariablePolicy libraries and protocols into<br>Variable Servi=
ces.<br><br>Since the integration requires multiple changes, including addi=
ng libraries,<br>a protocol, an SMI communication handler, and VariableServ=
ices integration,<br>the patches are broken up by individual library additi=
ons and then a final<br>integration. Security-sensitive changes like bypass=
ing Authenticated<br>Variable enforcement are also broken out into individu=
al patches so that<br>attention can be called directly to them.<br><br>Plat=
form porting instructions are described in this wiki entry:<br><a href=3D"h=
ttps://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protoco=
l---Enhanced-Method-for-Managing-Variables#platform-porting" target=3D"_bla=
nk">https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Pr=
otocol---Enhanced-Method-for-Managing-Variables#platform-porting</a><br><br=
>Discussion of the feature can be found in multiple places throughout<br>th=
e last year on the RFC channel, staging branches, and in devel.<br><br>Most=
 recently, this subject was discussed in this thread:<br><a href=3D"https:/=
/edk2.groups.io/g/devel/message/53712" target=3D"_blank">https://edk2.group=
s.io/g/devel/message/53712</a><br>(the code branches shared in that discuss=
ion are now out of date, but the<br>whitepapers and discussion are relevant=
).<br><br>Cc: Jiewen Yao &lt;<a href=3D"mailto:jiewen.yao@intel.com" target=
=
=3D"_blank">jiewen.yao@intel.com</a>&gt;<br>Cc: Dandan Bi &lt;<a href=3D"m=
ailto:dandan.bi@intel.com" target=3D"_blank">dandan.bi@intel.com</a>&gt;<br=
>Cc: Chao Zhang &lt;<a href=3D"mailto:chao.b.zhang@intel.com" target=3D"_bl=
ank">chao.b.zhang@intel.com</a>&gt;<br>Cc: Jian J Wang &lt;<a href=3D"mailt=
o:jian.j.wang@intel.com" target=3D"_blank">jian.j.wang@intel.com</a>&gt;<br=
>Cc: Hao A Wu &lt;<a href=3D"mailto:hao.a.wu@intel.com" target=3D"_blank">h=
ao.a.wu@intel.com</a>&gt;<br>Cc: Liming Gao &lt;<a href=3D"mailto:liming.ga=
o@intel.com" target=3D"_blank">liming.gao@intel.com</a>&gt;<br>Cc: Jordan J=
usten &lt;<a href=3D"mailto:jordan.l.justen@intel.com" target=3D"_blank">jo=
rdan.l.justen@intel.com</a>&gt;<br>Cc: Laszlo Ersek &lt;<a href=3D"mailto:l=
ersek@redhat.com" target=3D"_blank">lersek@redhat.com</a>&gt;<br>Cc: Ard Bi=
esheuvel &lt;<a href=3D"mailto:ard.biesheuvel@arm.com" target=3D"_blank">ar=
d.biesheuvel@arm.com</a>&gt;<br>Cc: Andrew Fish &lt;<a href=3D"mailto:afish=
@apple.com" target=3D"_blank">afish@apple.com</a>&gt;<br>Cc: Ray Ni &lt;<a =
href=3D"mailto:ray.ni@intel.com" target=3D"_blank">ray.ni@intel.com</a>&gt;=
<br>Cc: Bret Barkelew &lt;<a href=3D"mailto:brbarkel@microsoft.com" target=
=3D"_blank">brbarkel@microsoft.com</a>&gt;<br>Signed-off-by: Bret Barkelew=
 &lt;<a href=3D"mailto:brbarkel@microsoft.com" target=3D"_blank">brbarkel@m=
icrosoft.com</a>&gt;<br><br>v9 changes:<br>* Rebase<br>* Address the event =
ordering issues around MorLock at EndOfDxe<br>* Drop problematic tests<br>*=
 Address ECC issues<br><br>v8 changes:<br>* Rebase<br>* Small tweaks from f=
inal PRs<br>* Drank a lot<br>* Enrolled several members and a steward in Ca=
tFacts<br><br>v7 changes:<br>* Address comments from Dandan about security =
of the MM handler<br>* Add readme<br>* Fix bug around hex characters in BOO=
T####, etc<br>* Add additional testing for hex characters<br>* Add addition=
al testing for authenticated variables<br><br>v6 changes:<br>* Fix an issue=
 with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePol=
icyLib()<br>* Fix GCC building in shell-based functional test<br>* Rebase o=
n latest origin/master<br><br>v5 changes:<br>* Fix the CONST mismatch in Va=
riablePolicy.h and VariablePolicySmmDxe.c<br>* Fix EFIAPI mismatches in the=
 functional unittest<br>* Rebase on latest origin/master<br><br>v4 changes:=
<br>* Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from pla=
tforms<br>* Rebase on master<br>* Migrate to new MmCommunicate2 protocol<br=
>* Fix an oversight in the default return value for InitMmCommonCommBuffer<=
br>* Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume varia=
bles<br><br>V3 changes:<br>* Address all non-unittest issues with ECC<br>* =
Make additional style changes<br>* Include section name in hunk headers in =
&quot;ini-style&quot; files<br>* Remove requirement for the EdkiiPiSmmCommu=
nicationsRegionTable driver<br>=C2=A0 (now allocates its own buffer)<br>* C=
hange names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid<b=
r>=C2=A0 to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocol=
Guid<br>* Fix GCC warning about initializing externs<br>* Add UNI strings f=
or new PCD<br>* Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg<br>=
* Reorder patches according to Liming&#39;s feedback about adding to platfo=
rms<br>=C2=A0 before changing variable driver<br><br>V2 changes:<br>* Fixed=
 implementation for RuntimeDxe<br>* Add PCD to block DisableVariablePolicy<=
br>* Fix the DumpVariablePolicy pagination in SMM<br><br>Bret Barkelew (13)=
:<br>=C2=A0 MdeModulePkg: Define the VariablePolicy protocol interface<br>=
=C2=A0 MdeModulePkg: Define the VariablePolicyLib<br>=C2=A0 MdeModulePkg: =
Define the VariablePolicyHelperLib<br>=C2=A0 MdeModulePkg: Define the VarCh=
eckPolicyLib and SMM interface<br>=C2=A0 OvmfPkg: Add VariablePolicy engine=
 to OvmfPkg platform<br>=C2=A0 EmulatorPkg: Add VariablePolicy engine to Em=
ulatorPkg platform<br>=C2=A0 ArmVirtPkg: Add VariablePolicy engine to ArmVi=
rtPkg platform<br>=C2=A0 UefiPayloadPkg: Add VariablePolicy engine to UefiP=
ayloadPkg platform<br>=C2=A0 MdeModulePkg: Connect VariablePolicy business =
logic to<br>=C2=A0 =C2=A0 VariableServices<br>=C2=A0 MdeModulePkg: Allow Va=
riablePolicy state to delete protected variables<br>=C2=A0 SecurityPkg: All=
ow VariablePolicy state to delete authenticated<br>=C2=A0 =C2=A0 variables<=
br>=C2=A0 MdeModulePkg: Change TCG MOR variables to use VariablePolicy<br>=
=C2=A0 MdeModulePkg: Drop VarLock from RuntimeDxe variable driver<br><br>=
=C2=A0MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c=C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 346 ++++++++<br>=C2=
=A0MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c=
=C2=A0 =C2=A0 =C2=A0| 396 ++++++++++<br>=C2=A0MdeModulePkg/Library/Variabl=
ePolicyLib/VariablePolicyExtraInitNull.c=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =
46 ++<br>=C2=A0MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraIn=
itRuntimeDxe.c |=C2=A0 85 ++<br>=C2=A0MdeModulePkg/Library/VariablePolicyLi=
b/VariablePolicyLib.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0| 830 ++++++++++++++++++++<br>=C2=A0MdeModulePkg/Universal/Varia=
ble/RuntimeDxe/TcgMorLockDxe.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0|=C2=A0 52 +-<br>=C2=A0MdeModulePkg/Universal/Variable/Ru=
ntimeDxe/TcgMorLockSmm.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0|=C2=A0 60 +-<br>=C2=A0MdeModulePkg/Universal/Variable/Runtim=
eDxe/VarCheck.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 |=C2=A0 49 +-<br>=C2=A0MdeModulePkg/Universal/Variable/R=
untimeDxe/VariableDxe.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0|=C2=A0 60 ++<br>=C2=A0MdeModulePkg/Universal/Variable/Ru=
ntimeDxe/VariableLockRequestToLock.c=C2=A0 =C2=A0 =C2=A0|=C2=A0 71 ++<br>=
=C2=A0MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c=C2=
=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 573 ++++++++++++++<br>=C2=A0MdeModulePkg=
/Universal/Variable/RuntimeDxe/VariableSmm.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A07 +<br>=C2=A0MdeModule=
Pkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0|=C2=A0 14 +<br>=C2=A0SecurityPkg/Library/AuthVariableLib=
/AuthService.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 30 +-<br>=C2=A0ArmVirtPkg/ArmVirt.=
dsc.inc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A04 +<br>=C2=A0EmulatorPkg/E=
mulatorPkg.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A03 +<br>=C2=A0MdeModulePkg=
/Include/Guid/VarCheckPolicyMmi.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 54 =
++<br>=C2=A0MdeModulePkg/Include/Library/VariablePolicyHelperLib.h=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 164=
 ++++<br>=C2=A0MdeModulePkg/Include/Library/VariablePolicyLib.h=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0| 207 +++++<br>=C2=A0MdeModulePkg/Include/Protocol/VariablePo=
licy.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 157 ++++<br>=C2=A0MdeModulePkg/Library=
/VarCheckPolicyLib/VarCheckPolicyLib.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0|=C2=A0 42 +<br>=C2=A0MdeModulePkg/Library/VarCheckPol=
icyLib/VarCheckPolicyLib.uni=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0|=C2=A0 12 +<br>=C2=A0MdeModulePkg/Library/VariablePolicyHelperL=
ib/VariablePolicyHelperLib.inf=C2=A0 =C2=A0|=C2=A0 35 +<br>=C2=A0MdeModuleP=
kg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni=C2=A0 =C2=A0=
|=C2=A0 12 +<br>=C2=A0MdeModulePkg/Library/VariablePolicyLib/ReadMe.md=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0| 406 ++++++++++<br>=C2=A0MdeModulePkg/Library/Variabl=
ePolicyLib/VariablePolicyLib.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0|=C2=A0 48 ++<br>=C2=A0MdeModulePkg/Library/VariablePolicyLib=
/VariablePolicyLib.uni=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0|=C2=A0 12 +<br>=C2=A0MdeModulePkg/Library/VariablePolicyLib/VariablePo=
licyLibRuntimeDxe.inf=C2=A0 =C2=A0 =C2=A0|=C2=A0 51 ++<br>=C2=A0MdeModulePk=
g/MdeModulePkg.ci.yaml=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A04 +-<br>=C2=A0MdeModulePkg/MdeModulePkg=
.dec=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 |=C2=A0 26 +-<br>=C2=A0MdeModulePkg/MdeModulePkg.dsc=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 |=C2=A0 =C2=A09 +<br>=C2=A0MdeModulePkg/MdeModulePkg.uni=C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 |=C2=A0 =C2=A07 +<br>=C2=A0MdeModulePkg/Universal/Variable/RuntimeD=
xe/VariableRuntimeDxe.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A05=
 +<br>=C2=A0MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A04=
 +<br>=C2=A0MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx=
e.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 11 +<br>=C2=A0MdeModulePkg/Universa=
l/Variable/RuntimeDxe/VariableStandaloneMm.inf=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=
=
=C2=A0 =C2=A04 +<br>=C2=A0OvmfPkg/OvmfPkgIa32.dsc=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 |=C2=A0 =C2=A05 +<br>=C2=A0OvmfPkg/OvmfPkgIa32X64.dsc=C2=A0 =C2=
=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A05 +<br>=C2=A0OvmfPkg/OvmfPkgX64.dsc=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A05 +<br>=C2=A0OvmfPkg/OvmfX=
en.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A04 +<br>=
=
=C2=A0SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf=C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A02 +<=
br>=C2=A0UefiPayloadPkg/UefiPayloadPkgIa32.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A04 +<br>=C2=A0UefiPayloadPkg/=
UefiPayloadPkgIa32X64.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0|=C2=A0 =C2=A04 +<br>=C2=A043 files changed, 3845 insertions(+), 80 del=
etions(-)<br>=C2=A0create mode 100644 MdeModulePkg/Library/VarCheckPolicyLi=
b/VarCheckPolicyLib.c<br>=C2=A0create mode 100644 MdeModulePkg/Library/Vari=
ablePolicyHelperLib/VariablePolicyHelperLib.c<br>=C2=A0create mode 100644 M=
deModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c<br>=C2=
=A0create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yExtraInitRuntimeDxe.c<br>=C2=A0create mode 100644 MdeModulePkg/Library/Var=
iablePolicyLib/VariablePolicyLib.c<br>=C2=A0create mode 100644 MdeModulePkg=
/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c<br>=C2=A0create =
mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe=
.c<br>=C2=A0create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.=
h<br>=C2=A0create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHe=
lperLib.h<br>=C2=A0create mode 100644 MdeModulePkg/Include/Library/Variable=
PolicyLib.h<br>=C2=A0create mode 100644 MdeModulePkg/Include/Protocol/Varia=
blePolicy.h<br>=C2=A0create mode 100644 MdeModulePkg/Library/VarCheckPolicy=
Lib/VarCheckPolicyLib.inf<br>=C2=A0create mode 100644 MdeModulePkg/Library/=
VarCheckPolicyLib/VarCheckPolicyLib.uni<br>=C2=A0create mode 100644 MdeModu=
lePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf<br>=C2=A0=
create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePol=
icyHelperLib.uni<br>=C2=A0create mode 100644 MdeModulePkg/Library/VariableP=
olicyLib/ReadMe.md<br>=C2=A0create mode 100644 MdeModulePkg/Library/Variabl=
ePolicyLib/VariablePolicyLib.inf<br>=C2=A0create mode 100644 MdeModulePkg/L=
ibrary/VariablePolicyLib/VariablePolicyLib.uni<br>=C2=A0create mode 100644 =
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf<br><=
br>-- <br>2.28.0.windows.1<u></u><u></u></span></p></blockquote></div></div=
><div><p class=3D"MsoNormal"></u><u></u></span></p></div></div></div></div>=
</blockquote></div>
</blockquote></div>

--00000000000065434505b3f2d6d4--