From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171])
 by mx.groups.io with SMTP id smtpd.web10.2238.1606899477194778703
 for <devel@edk2.groups.io>;
 Wed, 02 Dec 2020 00:57:57 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=zIbNgdYi;
 spf=pass (domain: linaro.org, ip: 209.85.208.171, mailfrom: masahisa.kojima@linaro.org)
Received: by mail-lj1-f171.google.com with SMTP id f24so2295235ljk.13
        for <devel@edk2.groups.io>; Wed, 02 Dec 2020 00:57:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:from:date:message-id:subject:to:cc;
        bh=vbzvXVgwL301hM27tCfpqJ21bOt4oLTS1OH8L1sBn58=;
        b=zIbNgdYiTkIsayleuvwwXFBTdbErqBjNDwajAc7IvsGfVKfA0gDgZz2+kBmyoy5RZ+
         KNtqPa+J7F+MeKoH7FOjsLdbDyxn2yOcJB5Kc55wVkKf8+rmx+So5jpZYQ6cyJ8K/bHG
         JA21LoYEMFK48eMG+6kVTspACbWUMuETDYfAYlQiHq/VZDZsrJIILBSot7kI+xpLND8t
         8ALJtuDAebm/nwI2QHV22ryDvUfXg1VqPppZ5mN1Vsx74R0uiAXr0yePM6N01uawIAiG
         x8m83ZfTyuxzdgA4eyzG61NX5mDXa2Mzl18yJCY3Hy03+wLfs2XWtp78OuIS6m8vT0Vt
         Yxng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
        bh=vbzvXVgwL301hM27tCfpqJ21bOt4oLTS1OH8L1sBn58=;
        b=oAZ0RQNuQ/1csmdL0JBeO4pD0R5wH0lei8vF9TwvEeVTpJdBki9Yfd+l8gcNyQitOx
         Xa9d4wEgibhUHKK1/tK7Pxk6Hu49U6X0FqBlAjWQDNq02wK1Dw1XFk4xZbEc/LlVLEge
         RKume/RXm1atOkZWPWuU8otL/9O9N82pOakU8P3i8nW4H9xcH5olpTP3ddtE64QLzewW
         uUowvQb7oJvyY1PnY254KXiWONdlIsUsjhEARBZfa06GI2IQrgApEfkNA+iy1W654o0G
         OVUAW0x8CseQPuYmtIe7YHCkdgQ7HNSSjXVeVrM8KMa4o1G/y9DSEeIWzUJVMsvlp9Fq
         HSQw==
X-Gm-Message-State: AOAM530FVarpew2PpyOfqHdNWmY+UTyVLSXibqv/MRR+hOv7z+j5M9O1
	6wF/GUGaPghEh5Ks+n2WWdsKAKg5ri8kWXjrVomfrAYg4UmsXbji
X-Google-Smtp-Source: ABdhPJx8Rfc/x8s63piRK6SQtzpN8hS1uzdz2nr7RbhwoUhm3tmOZP6NU0RRwMivRvv7zpAWDtUtUKiawrpPRgNgtxg=
X-Received: by 2002:a2e:a0ca:: with SMTP id f10mr731052ljm.204.1606899474282;
 Wed, 02 Dec 2020 00:57:54 -0800 (PST)
MIME-Version: 1.0
From: "Masahisa Kojima" <masahisa.kojima@linaro.org>
Date: Wed, 2 Dec 2020 17:57:43 +0900
Message-ID: <CADQ0-X_+fUnWri-X9C5f8mDugUaQJ-2BwmTUh+hLakAUhYp6HQ@mail.gmail.com>
Subject: VariablePolicy support in StandaloneMM
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Bret.Barkelew@microsoft.com, jian.j.wang@intel.com, hao.a.wu@intel.com, 
	gaoliming@byosoft.com.cn, Ard Biesheuvel <ard.biesheuvel@arm.com>, 
	Sami Mujawar <sami.mujawar@arm.com>, jiewen.yao@intel.com
Content-Type: text/plain; charset="UTF-8"

Hello All,

VariablePolicy was introduced in November.
When Developerbox(aarch64 platform) boots with UEFI secure boot enabled,
the following error appears.
Note that this platform supports UEFI secure boot using the standalone
MM framework.

--- StandaloneMM log ---
VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not Ready

ASSERT_EFI_ERROR (Status = Not Ready)
ASSERT [VariableStandaloneMm]
/home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c(64):
!EFI_ERROR (Status)
MmEntryPoint Done
---

In my check, this is simply because
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePolicyLib()
is not called.

InitVariablePolicyLib() is called from the following two files.
---
  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c:  Status
= InitVariablePolicyLib( VariableServiceGetVariable );
  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c:  Status =
InitVariablePolicyLib (VariableServiceGetVariable);
---
VariableDxe.c is not for MM_STANDALONE, so I tried to use
"VarCheckPolicyLib" as VarCheckLib,
but "VarCheckPolicyLib" requires
DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and
DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here.

Could you please take a look at this error?

Thanks,
Masahisa