From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: gaoliming <gaoliming@byosoft.com.cn>,
'Ard Biesheuvel' <ard.biesheuvel@arm.com>,
'Masahisa Kojima' <masahisa.kojima@linaro.org>,
'edk2-devel-groups-io' <devel@edk2.groups.io>
Cc: "Bret.Barkelew@microsoft.com" <Bret.Barkelew@microsoft.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
'Sami Mujawar' <sami.mujawar@arm.com>,
'Laszlo Ersek' <lersek@redhat.com>
Subject: Re: VariablePolicy support in StandaloneMM
Date: Wed, 2 Dec 2020 12:06:12 +0000 [thread overview]
Message-ID: <CY4PR11MB12883D369B5738233164FCFC8CF30@CY4PR11MB1288.namprd11.prod.outlook.com> (raw)
In-Reply-To: <001f01d6c88f$5e394b60$1aabe220$@byosoft.com.cn>
There are two issues:
1) Current VarCheckPolicyLib.inf does have DxeServicesLib, although the VarCheckPolicyLib.c does not include DxeServicesLib.h.
2) The current lib construction is traditional MM style.
EFI_STATUS
EFIAPI
VarCheckPolicyLibConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
===============================
I agree with Liming that we need StandaloneMM instance.
We can do below:
0) Remove DxeServicesLib from INF.
1) Redefine
EFI_STATUS
EFIAPI
VarCheckPolicyLibConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{}
to
EFI_STATUS
EFIAPI
VarCheckPolicyLibCommonConstructor (
VOID
)
{}
2) Create a VarCheckPolicyLibTraditional.c, with below
EFI_STATUS
EFIAPI
VarCheckPolicyLibConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
return VarCheckPolicyLibCommonConstructor();
}
3) Create VarCheckPolicyLibStandaloneMm.inf and VarCheckPolicyLibStandaloneMm.c under MdeModulePkg\Library\VarCheckPolicyLib (same dir)
With below
EFI_STATUS
EFIAPI
VarCheckPolicyLibStandaloneConstructor (
IN EFI_HANDLE ImageHandle,
IN EFI_MM_SYSTEM_TABLE *MmSystemTable
)
{
return VarCheckPolicyLibCommonConstructor();
}
Maybe there is some other clean up needed.
===============================
At same time, we may need think about how to avoid the similar issue.
1) Maybe we should enable StandaloneMmPkg for CI build ?
2) I am a little surprised, why this is a runtime error instead of a build error ?
Thank you
Yao Jiewen
> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Wednesday, December 2, 2020 5:42 PM
> To: 'Ard Biesheuvel' <ard.biesheuvel@arm.com>; 'Masahisa Kojima'
> <masahisa.kojima@linaro.org>; 'edk2-devel-groups-io'
> <devel@edk2.groups.io>
> Cc: Bret.Barkelew@microsoft.com; Wang, Jian J <jian.j.wang@intel.com>;
> Wu, Hao A <hao.a.wu@intel.com>; 'Sami Mujawar'
> <sami.mujawar@arm.com>; Yao, Jiewen <jiewen.yao@intel.com>; 'Laszlo
> Ersek' <lersek@redhat.com>
> Subject: 回复: VariablePolicy support in StandaloneMM
>
> I just quick check. VarCheckPolicyLib doesn't consume DxeServicesLib. But,
> VarCheckPolicyLib library doesn't StandaloneMM type.
>
> So, I think StandaloneMM version VarCheckPolicyLib is required.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: Ard Biesheuvel <ard.biesheuvel@arm.com>
> > 发送时间: 2020年12月2日 17:02
> > 收件人: Masahisa Kojima <masahisa.kojima@linaro.org>;
> > edk2-devel-groups-io <devel@edk2.groups.io>
> > 抄送: Bret.Barkelew@microsoft.com; jian.j.wang@intel.com;
> > hao.a.wu@intel.com; gaoliming@byosoft.com.cn; Sami Mujawar
> > <sami.mujawar@arm.com>; jiewen.yao@intel.com; Laszlo Ersek
> > <lersek@redhat.com>
> > 主题: Re: VariablePolicy support in StandaloneMM
> >
> > (+ Laszlo)
> >
> > On 12/2/20 9:57 AM, Masahisa Kojima wrote:
> > > Hello All,
> > >
> > > VariablePolicy was introduced in November.
> > > When Developerbox(aarch64 platform) boots with UEFI secure boot
> > enabled,
> > > the following error appears.
> > > Note that this platform supports UEFI secure boot using the standalone
> > > MM framework.
> > >
> > > --- StandaloneMM log ---
> > > VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not
> Ready
> > >
> > > ASSERT_EFI_ERROR (Status = Not Ready)
> > > ASSERT [VariableStandaloneMm]
> > >
> >
> /home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeD
> x
> > e/VariableLockRequestToLock.c(64):
> > > !EFI_ERROR (Status)
> > > MmEntryPoint Done
> > > ---
> > >
> > > In my check, this is simply because
> > >
> >
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePol
> i
> > cyLib()
> > > is not called.
> > >
> > > InitVariablePolicyLib() is called from the following two files.
> > > ---
> > > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c:
> > Status
> > > = InitVariablePolicyLib( VariableServiceGetVariable );
> > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c: Status
> > =
> > > InitVariablePolicyLib (VariableServiceGetVariable);
> > > ---
> > > VariableDxe.c is not for MM_STANDALONE, so I tried to use
> > > "VarCheckPolicyLib" as VarCheckLib,
> > > but "VarCheckPolicyLib" requires
> > > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and
> > > DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here.
> > >
> > > Could you please take a look at this error?
> > >
> >
> > Thanks for the report.
> >
> > Bret, could you please suggest a fix here?
>
next prev parent reply other threads:[~2020-12-02 12:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 8:57 VariablePolicy support in StandaloneMM Masahisa Kojima
2020-12-02 9:02 ` Ard Biesheuvel
2020-12-02 9:41 ` 回复: " gaoliming
2020-12-02 12:06 ` Yao, Jiewen [this message]
2020-12-03 9:14 ` Laszlo Ersek
2020-12-03 21:58 ` [edk2-devel] " Kun Qin
2020-12-14 6:14 ` Masahisa Kojima
2020-12-14 22:20 ` Kun Qin
2020-12-16 11:53 ` Masahisa Kojima
2020-12-16 17:52 ` Kun Qin
2020-12-17 1:10 ` 回复: " gaoliming
2020-12-17 1:56 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR11MB12883D369B5738233164FCFC8CF30@CY4PR11MB1288.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox