From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.100])
 by mx.groups.io with SMTP id smtpd.web10.1106.1593672095417085181
 for <devel@edk2.groups.io>;
 Wed, 01 Jul 2020 23:41:35 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@microsoft.com header.s=selector2 header.b=iJPlEETw;
 spf=pass (domain: microsoft.com, ip: 40.107.223.100, mailfrom: bret.barkelew@microsoft.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=klpXLnNidE3sbfW1CBt7XIyBwP4Cjr9FxffcMV0uNnWSKzDEZzn4f3tlFiBYeBwSJeZ+4pZOE6ZTlmQj8ye8ASsvm31xIEDR8B5v2cq4VQkPpsNwJ55kpsz+5aDYjBUA+tljq6FnsYB+UA32bQ6QuJDpILFMJP5vkZJFBbG0uuaMa7omTlnZkPs4mUyJpogV+v9Tm0FuflRiM2qLQwg/w69RADeeGIxXLp8qtoerrEO2UZuc9qLalo/QU7V2EJeP94/3l+NmjMxup3YzyI+yWocQAXorl/ALwoeqjyxtRsGG/OzRqIuzDrKmDoj+KM6GE1/Ddcg7PRxJM7VXjgYMIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=MCrowM5dRqWr93l4gUE0bX+z7poqGk9hPfvIXFz0WRA=;
 b=mT7HZqR9h7PoSNuBtqN4c98wab6r7Zjy/tB3Hx+eLIRINDRMLciHcoLsbUM24V3YoqMLhET2f1yNV4nfGzDmLVqh1k01yiB6X92jIj0D0BsWeeHq5ySaoqDw7JV2bsBulMuISd1mpwAF4GjnNkbfNaQU0plXRQtcpLgU/kI1vIL7ri/LfDf+3uZruJBAvUcRSUobHMl4o1SBxY/RWdI0aBlbd7sQSN4v/fHLr0RdMmhCizIUeFXU1tLboFRbAJwbXWu8TokRYvGZQeVMNx7J2cf8DJU1Z3p1DZ/aTiu1l9kFlMEKDbvR389XntZS+7MNXHa28Xp9zs/0mqnQtKbf6w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=microsoft.com; dmarc=pass action=none
 header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=MCrowM5dRqWr93l4gUE0bX+z7poqGk9hPfvIXFz0WRA=;
 b=iJPlEETwppLjqvURDj1Mvqoa0x3RmidRcp6HHYWCB6O4U7kwYy5HDndPbVOFD9/n3Ay5Z3KDr762TyuSJBmhNLx6wgctYBKS6NpePV1OFnCS0+f1KQM0e6tdo7YECS/x/+BLWvLDuf+F8LLb+xI1oblWCZMN8XuuKDseOBh3CYw=
Received: from CY4PR21MB0743.namprd21.prod.outlook.com (2603:10b6:903:b2::9)
 by CY4PR21MB0167.namprd21.prod.outlook.com (2603:10b6:903:b9::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.1; Thu, 2 Jul
 2020 06:41:32 +0000
Received: from CY4PR21MB0743.namprd21.prod.outlook.com
 ([fe80::f112:82fb:d4fd:f7dd]) by CY4PR21MB0743.namprd21.prod.outlook.com
 ([fe80::f112:82fb:d4fd:f7dd%12]) with mapi id 15.20.3174.012; Thu, 2 Jul 2020
 06:41:32 +0000
From: "Bret Barkelew" <bret.barkelew@microsoft.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "dandan.bi@intel.com"
	<dandan.bi@intel.com>, "bret@corthon.com" <bret@corthon.com>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Wu, Hao A" <hao.a.wu@intel.com>,
	liming.gao <liming.gao@intel.com>
Subject: Re: [edk2-devel] [PATCH v6 04/14] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
Thread-Topic: [edk2-devel] [PATCH v6 04/14] MdeModulePkg: Define the
 VarCheckPolicyLib and SMM interface
Thread-Index: AQHWUBZg+6s7xoBCz02pfXV+XF3VBKjz127z
Date: Thu, 2 Jul 2020 06:41:32 +0000
Message-ID: 
 <CY4PR21MB07434EF1E609BF461C4E6E49EF6D0@CY4PR21MB0743.namprd21.prod.outlook.com>
References: <20200623064104.1908-1-brbarkel@microsoft.com>
 <20200623064104.1908-5-brbarkel@microsoft.com>,<BN6PR11MB13938026ED5B07343BDA9479EA6D0@BN6PR11MB1393.namprd11.prod.outlook.com>
In-Reply-To: 
 <BN6PR11MB13938026ED5B07343BDA9479EA6D0@BN6PR11MB1393.namprd11.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: 
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-07-02T06:41:23.1247088Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none
 header.from=microsoft.com;
x-originating-ip: [174.21.80.75]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 247f23b8-8096-41e9-db17-08d81e52f56f
x-ms-traffictypediagnostic: CY4PR21MB0167:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: 
 <CY4PR21MB0167419AD152775E4DE13487EF6D0@CY4PR21MB0167.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 RGMZcnQYRbYXq1VYw4LB4mt/OZCCy+rOfcm6R6XL4zmpHwGesRTx/iuAG+shT2tN6rURQI74U8Gt3CfsDehQ+LQg+j2bZL1CrRj49wEumR4+funM5mqFc/QEe55XbEOx9ro+vZB+XKf6qc2s1drDV0+ninPwRiKhiMfOnTwv3nUqmlghlPrzW3qVqqEKqMM0yLcwFCamDE5lWcvPxMpDXK2BJi1KCyGptlHCFOcJgF901N2TNnwgjbo1lQ1bKO1GVRdZOJ6jfphAltH9/XBcF2pCziw316H4GuLzcWBzy8myLjn9OFoYYKK1snSPg3QFWtZoSRir6ThLReCZxjxsr9vl46biFIkWcY6ej+1PB+nTwcCg50HiO0LUOylJCYhxPdXcNxu6y7AsaTbkHPeRzA==
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR21MB0743.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(39860400002)(346002)(396003)(376002)(136003)(52536014)(478600001)(7696005)(8676002)(6506007)(53546011)(8936002)(54906003)(316002)(110136005)(5660300002)(19627235002)(66476007)(66446008)(66946007)(966005)(64756008)(10290500003)(2906002)(33656002)(66556008)(86362001)(76116006)(83380400001)(55016002)(9686003)(30864003)(166002)(71200400001)(186003)(4326008)(8990500004)(82950400001)(82960400001)(26005)(559001)(579004);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: 
 eRTT5A3C2yw5S7N+TJt5R4FikvbP2LwN0igi+uRqDPKUdGttHXojzytx+CHaLZt1EilgssbjMkQcrhokc7p4quBtLavUPh2tL9DgzYfyFn4O+paKTPm8UEDs1gN6M76PnPIp2jfIR3vMox9HKIH5xe5Gp82g3WxnSpzAvLyjDrYt+bwBwuTznKLukZqmZYOUuo1vDrZCX7LqKaI2HoTji2+vKpVeBkIkgmoW8dDgWihEQ5A4JCbHnw47fRCrQxZ6YwlqW2SPR0RdgQxPV4yFG33cLKwbsPSt/ru83JI/Xt6Kxs9DUELDkivop/3NsC+Ysd/6W4eoaXaujIWJZRv5kA35fx9in5eLyDn2mK4+fH4m2LIiytfdAJQgBU9l2eyzlxXXAJpEMNKWlJmhwO+3fFKjjdKF6AgEdRpzEJEKqqGmkPk0pEjtGv2ahMmHOeOO0eMsVBSStI05vTnu9Xl4ICjBTgOc8szJjdZ2FBf/Tik=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR21MB0743.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 247f23b8-8096-41e9-db17-08d81e52f56f
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2020 06:41:32.5275
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: H/8Po5B5xAArS9xoNyvdm02YppuiPPyNAgf86Kpkc3JajPIPY5dS/YEVez+Cwm0Cbm+7Nw7NWlgFB39QKKMNTQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0167
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_CY4PR21MB07434EF1E609BF461C4E6E49EF6D0CY4PR21MB0743namp_"

--_000_CY4PR21MB07434EF1E609BF461C4E6E49EF6D0CY4PR21MB0743namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

1.[Dandan]: This should be a NULL class library, not an instance of VarChec=
k Lib.

Agreed. Will update.

- Bret

From: Dandan Bi via groups.io<mailto:dandan.bi=3Dintel.com@groups.io>
Sent: Wednesday, July 1, 2020 7:13 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<ma=
ilto:bret@corthon.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Wu, Hao A<mailto:hao.a.wu@=
intel.com>; liming.gao<mailto:liming.gao@intel.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v6 04/14] MdeModulePkg: Define=
 the VarCheckPolicyLib and SMM interface

1 comment inline, please check.



Thanks,
Dandan
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret
> Barkelew
> Sent: Tuesday, June 23, 2020 2:41 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>=
;
> Gao, Liming <liming.gao@intel.com>
> Subject: [edk2-devel] [PATCH v6 04/14] MdeModulePkg: Define the
> VarCheckPolicyLib and SMM interface
>
> https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugz=
illa.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;data=3D02%7C01%7CBret.Bar=
kelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f141af=
91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;sdata=3Dyj3Z6JZariiNwPNLz=
p1Phb7bQHvtPYPA7U%2BjFkQMJ3k%3D&amp;reserved=3D0
>
> VariablePolicy is an updated interface to
> replace VarLock and VarCheckProtocol.
>
> This is an instance of a VarCheckLib that is backed by the
> VariablePolicyLib business logic. It also publishes the SMM
> calling interface for messages from the DXE protocol.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Bret Barkelew <brbarkel@microsoft.com>
> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
> ---
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c   | 320
> ++++++++++++++++++++
>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h                |  54 ++++
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf |  42 +++
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni |  12 +
>  MdeModulePkg/MdeModulePkg.dec                                |   4 +
>  MdeModulePkg/MdeModulePkg.dsc                                |   2 +
>  6 files changed, 434 insertions(+)
>
> diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> new file mode 100644
> index 000000000000..b64fc5f45332
> --- /dev/null
> +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> @@ -0,0 +1,320 @@
> +/** @file -- VarCheckPolicyLib.c
>
> +This is an instance of a VarCheck lib that leverages the business logic=
 behind
1.[Dandan]: This should be a NULL class library, not an instance of VarChe=
ck Lib.

>
> +the VariablePolicy code to make its decisions.
>
> +
>
> +Copyright (c) Microsoft Corporation.
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <Library/VarCheckLib.h>
>
> +#include <Library/BaseLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/SafeIntLib.h>
>
> +#include <Library/MmServicesTableLib.h>
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/MemoryAllocationLib.h>
>
> +
>
> +#include <Protocol/MmCommunication.h>
>
> +
>
> +#include <Protocol/VariablePolicy.h>
>
> +#include <Library/VariablePolicyLib.h>
>
> +
>
> +#include <Guid/VarCheckPolicyMmi.h>
>
> +
>
> +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>
> +// As a VarCheck library, we're linked into the VariableServices
>
> +// and may not be able to call them indirectly. To get around this,
>
> +// use the internal GetVariable function to query the variable store.
>
> +//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>
> +EFI_STATUS
>
> +EFIAPI
>
> +VariableServiceGetVariable (
>
> +  IN      CHAR16            *VariableName,
>
> +  IN      EFI_GUID          *VendorGuid,
>
> +  OUT     UINT32            *Attributes OPTIONAL,
>
> +  IN OUT  UINTN             *DataSize,
>
> +  OUT     VOID              *Data
>
> +  );
>
> +
>
> +
>
> +/**
>
> +  MM Communication Handler to recieve commands from the DXE protocol
> for
>
> +  Variable Policies. This communication channel is used to register new
> policies
>
> +  and poll and toggle the enforcement of variable policies.
>
> +
>
> +  @param[in]      DispatchHandle      All parameters standard to MM
> communications convention.
>
> +  @param[in]      RegisterContext     All parameters standard to MM
> communications convention.
>
> +  @param[in,out]  CommBuffer          All parameters standard to MM
> communications convention.
>
> +  @param[in,out]  CommBufferSize      All parameters standard to MM
> communications convention.
>
> +
>
> +  @retval     EFI_SUCCESS
>
> +  @retval     EFI_INVALID_PARAMETER   CommBuffer or CommBufferSize is
> null pointer.
>
> +  @retval     EFI_INVALID_PARAMETER   CommBuffer size is wrong.
>
> +  @retval     EFI_INVALID_PARAMETER   Revision or signature don't match=
.
>
> +
>
> +**/
>
> +STATIC
>
> +EFI_STATUS
>
> +EFIAPI
>
> +VarCheckPolicyLibMmiHandler (
>
> +  IN     EFI_HANDLE                   DispatchHandle,
>
> +  IN     CONST VOID                   *RegisterContext,
>
> +  IN OUT VOID                         *CommBuffer,
>
> +  IN OUT UINTN                        *CommBufferSize
>
> +  )
>
> +{
>
> +  EFI_STATUS                                Status;
>
> +  EFI_STATUS                                SubCommandStatus;
>
> +  VAR_CHECK_POLICY_COMM_HEADER              *PolicyCommmHeader;
>
> +  VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS   *IsEnabledParams;
>
> +  VAR_CHECK_POLICY_COMM_DUMP_PARAMS         *DumpParams;
>
> +  UINT8                                     *DumpInputBuffer;
>
> +  UINT8                                     *DumpOutputBuffer;
>
> +  UINTN                                     DumpTotalPages;
>
> +  VARIABLE_POLICY_ENTRY                     *PolicyEntry;
>
> +  UINTN                                     ExpectedSize;
>
> +  // Pagination Cache Variables
>
> +  static UINT8                              *PaginationCache =3D NULL;
>
> +  static UINTN                              PaginationCacheSize =3D 0;
>
> +  static UINT32                             CurrentPaginationCommand =
=3D 0;
>
> +
>
> +  Status =3D EFI_SUCCESS;
>
> +
>
> +  //
>
> +  // Validate some input parameters.
>
> +  //
>
> +  // If either of the pointers are NULL, we can't proceed.
>
> +  if (CommBuffer =3D=3D NULL || CommBufferSize =3D=3D NULL) {
>
> +    DEBUG(( DEBUG_INFO, "%a - Invalid comm buffer pointers!\n",
> __FUNCTION__ ));
>
> +    return EFI_INVALID_PARAMETER;
>
> +  }
>
> +  // If the size does not meet a minimum threshold, we cannot proceed.
>
> +  ExpectedSize =3D sizeof(VAR_CHECK_POLICY_COMM_HEADER);
>
> +  if (*CommBufferSize < ExpectedSize) {
>
> +    DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __FUNCTION__, *CommBufferSize, ExpectedSize ));
>
> +    return EFI_INVALID_PARAMETER;
>
> +  }
>
> +  // Check the revision and the signature of the comm header.
>
> +  PolicyCommmHeader =3D CommBuffer;
>
> +  if (PolicyCommmHeader->Signature !=3D VAR_CHECK_POLICY_COMM_SIG
> ||
>
> +      PolicyCommmHeader->Revision !=3D
> VAR_CHECK_POLICY_COMM_REVISION) {
>
> +    DEBUG(( DEBUG_INFO, "%a - Signature or revision are incorrect!\n",
> __FUNCTION__ ));
>
> +    // We have verified the buffer is not null and have enough size to =
hold
> Result field.
>
> +    PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
>
> +    return EFI_SUCCESS;
>
> +  }
>
> +
>
> +  // If we're in the middle of a paginated dump and any other command i=
s
> sent,
>
> +  // pagination cache must be cleared.
>
> +  if (PaginationCache !=3D NULL && PolicyCommmHeader->Command !=3D
> CurrentPaginationCommand) {
>
> +    FreePool (PaginationCache);
>
> +    PaginationCache =3D NULL;
>
> +    PaginationCacheSize =3D 0;
>
> +    CurrentPaginationCommand =3D 0;
>
> +  }
>
> +
>
> +  //
>
> +  // Now we can process the command as it was sent.
>
> +  //
>
> +  PolicyCommmHeader->Result =3D EFI_ABORTED;    // Set a default return=
 for
> incomplete commands.
>
> +  switch(PolicyCommmHeader->Command) {
>
> +    case VAR_CHECK_POLICY_COMMAND_DISABLE:
>
> +      PolicyCommmHeader->Result =3D DisableVariablePolicy();
>
> +      break;
>
> +
>
> +    case VAR_CHECK_POLICY_COMMAND_IS_ENABLED:
>
> +      // Make sure that we're dealing with a reasonable size.
>
> +      // This add should be safe because these are fixed sizes so far.
>
> +      ExpectedSize +=3D
> sizeof(VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS);
>
> +      if (*CommBufferSize < ExpectedSize) {
>
> +        DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __FUNCTION__, *CommBufferSize, ExpectedSize ));
>
> +        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
>
> +        break;
>
> +      }
>
> +
>
> +      // Now that we know we've got a valid size, we can fill in the re=
st of the
> data.
>
> +      IsEnabledParams =3D
> (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)((UINT8*)CommBuff
> er + sizeof(VAR_CHECK_POLICY_COMM_HEADER));
>
> +      IsEnabledParams->State =3D IsVariablePolicyEnabled();
>
> +      PolicyCommmHeader->Result =3D EFI_SUCCESS;
>
> +      break;
>
> +
>
> +    case VAR_CHECK_POLICY_COMMAND_REGISTER:
>
> +      // Make sure that we're dealing with a reasonable size.
>
> +      // This add should be safe because these are fixed sizes so far.
>
> +      ExpectedSize +=3D sizeof(VARIABLE_POLICY_ENTRY);
>
> +      if (*CommBufferSize < ExpectedSize) {
>
> +        DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __FUNCTION__, *CommBufferSize, ExpectedSize ));
>
> +        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
>
> +        break;
>
> +      }
>
> +
>
> +      // At the very least, we can assume that we're working with a val=
id policy
> entry.
>
> +      // Time to compare its internal size.
>
> +      PolicyEntry =3D (VARIABLE_POLICY_ENTRY*)((UINT8*)CommBuffer +
> sizeof(VAR_CHECK_POLICY_COMM_HEADER));
>
> +      if (PolicyEntry->Version !=3D VARIABLE_POLICY_ENTRY_REVISION ||
>
> +          PolicyEntry->Size < sizeof(VARIABLE_POLICY_ENTRY) ||
>
> +
> EFI_ERROR(SafeUintnAdd(sizeof(VAR_CHECK_POLICY_COMM_HEADER),
> PolicyEntry->Size, &ExpectedSize)) ||
>
> +          *CommBufferSize < ExpectedSize) {
>
> +        DEBUG(( DEBUG_INFO, "%a - Bad policy entry contents!\n",
> __FUNCTION__ ));
>
> +        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
>
> +        break;
>
> +      }
>
> +
>
> +      PolicyCommmHeader->Result =3D RegisterVariablePolicy( PolicyEntry=
 );
>
> +      break;
>
> +
>
> +    case VAR_CHECK_POLICY_COMMAND_DUMP:
>
> +      // Make sure that we're dealing with a reasonable size.
>
> +      // This add should be safe because these are fixed sizes so far.
>
> +      ExpectedSize +=3D sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS)
> + VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
>
> +      if (*CommBufferSize < ExpectedSize) {
>
> +        DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n",
> __FUNCTION__, *CommBufferSize, ExpectedSize ));
>
> +        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
>
> +        break;
>
> +      }
>
> +
>
> +      // Now that we know we've got a valid size, we can fill in the re=
st of the
> data.
>
> +      DumpParams =3D
> (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(PolicyCommmHeader + 1);
>
> +
>
> +      // If we're requesting the first page, initialize the cache and g=
et the sizes.
>
> +      if (DumpParams->PageRequested =3D=3D 0) {
>
> +        if (PaginationCache !=3D NULL) {
>
> +          FreePool (PaginationCache);
>
> +          PaginationCache =3D NULL;
>
> +        }
>
> +
>
> +        // Determine what the required size is going to be.
>
> +        DumpParams->TotalSize =3D 0;
>
> +        DumpParams->PageSize =3D 0;
>
> +        DumpParams->HasMore =3D FALSE;
>
> +        SubCommandStatus =3D DumpVariablePolicy (NULL, &DumpParams-
> >TotalSize);
>
> +        if (SubCommandStatus =3D=3D EFI_BUFFER_TOO_SMALL && DumpParams-
> >TotalSize > 0) {
>
> +          CurrentPaginationCommand =3D
> VAR_CHECK_POLICY_COMMAND_DUMP;
>
> +          PaginationCacheSize =3D DumpParams->TotalSize;
>
> +          PaginationCache =3D AllocatePool (PaginationCacheSize);
>
> +          if (PaginationCache =3D=3D NULL) {
>
> +            SubCommandStatus =3D EFI_OUT_OF_RESOURCES;
>
> +          }
>
> +        }
>
> +
>
> +        // If we've allocated our pagination cache, we're good to cache=
.
>
> +        if (PaginationCache !=3D NULL) {
>
> +          SubCommandStatus =3D DumpVariablePolicy (PaginationCache,
> &DumpParams->TotalSize);
>
> +        }
>
> +
>
> +        // Populate the remaining fields and we can boogie.
>
> +        if (!EFI_ERROR (SubCommandStatus) && PaginationCache !=3D NULL)=
 {
>
> +          DumpParams->HasMore =3D TRUE;
>
> +        }
>
> +      }
>
> +      else if (PaginationCache !=3D NULL) {
>
> +        DumpParams->TotalSize =3D (UINT32)PaginationCacheSize;
>
> +        DumpParams->PageSize =3D
> VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
>
> +        DumpOutputBuffer =3D (UINT8*)(DumpParams + 1);
>
> +
>
> +        // Make sure that we don't over-index the cache.
>
> +        DumpTotalPages =3D PaginationCacheSize / DumpParams->PageSize;
>
> +        if (PaginationCacheSize % DumpParams->PageSize) DumpTotalPages+=
+;
>
> +        if (DumpParams->PageRequested > DumpTotalPages) {
>
> +          SubCommandStatus =3D EFI_INVALID_PARAMETER;
>
> +        }
>
> +        else {
>
> +          // Figure out how far into the page cache we need to go for o=
ur next
> page.
>
> +          // We know the blind subtraction won't be bad because we alre=
ady
> checked for page 0.
>
> +          DumpInputBuffer =3D &PaginationCache[DumpParams->PageSize *
> (DumpParams->PageRequested - 1)];
>
> +          // If we're getting the last page, adjust the PageSize.
>
> +          if (DumpParams->PageRequested =3D=3D DumpTotalPages) {
>
> +            DumpParams->PageSize =3D PaginationCacheSize % DumpParams-
> >PageSize;
>
> +          }
>
> +          CopyMem (DumpOutputBuffer, DumpInputBuffer, DumpParams-
> >PageSize);
>
> +          // If we just got the last page, settle up the cache.
>
> +          if (DumpParams->PageRequested =3D=3D DumpTotalPages) {
>
> +            DumpParams->HasMore =3D FALSE;
>
> +            FreePool (PaginationCache);
>
> +            PaginationCache =3D NULL;
>
> +            PaginationCacheSize =3D 0;
>
> +            CurrentPaginationCommand =3D 0;
>
> +          }
>
> +          // Otherwise, we could do more here.
>
> +          else {
>
> +            DumpParams->HasMore =3D TRUE;
>
> +          }
>
> +
>
> +          // If we made it this far, we're basically good.
>
> +          SubCommandStatus =3D EFI_SUCCESS;
>
> +        }
>
> +      }
>
> +      // If we've requested any other page than 0 and the cache is empt=
y, we
> must have timed out.
>
> +      else {
>
> +        DumpParams->TotalSize =3D 0;
>
> +        DumpParams->PageSize =3D 0;
>
> +        DumpParams->HasMore =3D FALSE;
>
> +        SubCommandStatus =3D EFI_TIMEOUT;
>
> +      }
>
> +
>
> +      // There's currently no use for this, but it shouldn't be hard to=
 implement.
>
> +      PolicyCommmHeader->Result =3D SubCommandStatus;
>
> +      break;
>
> +
>
> +    case VAR_CHECK_POLICY_COMMAND_LOCK:
>
> +      PolicyCommmHeader->Result =3D LockVariablePolicy();
>
> +      break;
>
> +
>
> +    default:
>
> +      // Mark unknown requested command as EFI_UNSUPPORTED.
>
> +      DEBUG(( DEBUG_INFO, "%a - Invalid command requested! %d\n",
> __FUNCTION__, PolicyCommmHeader->Command ));
>
> +      PolicyCommmHeader->Result =3D EFI_UNSUPPORTED;
>
> +      break;
>
> +  }
>
> +
>
> +  DEBUG(( DEBUG_VERBOSE, "%a - Command %d returning %r.\n",
> __FUNCTION__,
>
> +          PolicyCommmHeader->Command, PolicyCommmHeader->Result ));
>
> +
>
> +  return Status;
>
> +}
>
> +
>
> +
>
> +/**
>
> +  Constructor function of VarCheckPolicyLib to register VarCheck handle=
r
> and
>
> +  SW MMI handlers.
>
> +
>
> +  @param[in] ImageHandle    The firmware allocated handle for the EFI
> image.
>
> +  @param[in] SystemTable    A pointer to the EFI System Table.
>
> +
>
> +  @retval EFI_SUCCESS       The constructor executed correctly.
>
> +
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +VarCheckPolicyLibConstructor (
>
> +  IN EFI_HANDLE             ImageHandle,
>
> +  IN EFI_SYSTEM_TABLE       *SystemTable
>
> +  )
>
> +{
>
> +  EFI_STATUS    Status;
>
> +  EFI_HANDLE    DiscardedHandle;
>
> +
>
> +  // Initialize the business logic with the internal GetVariable handle=
r.
>
> +  Status =3D InitVariablePolicyLib( VariableServiceGetVariable );
>
> +
>
> +  // Only proceed with init if the business logic could be initialized.
>
> +  if (!EFI_ERROR( Status )) {
>
> +    // Register the VarCheck handler for SetVariable filtering.
>
> +    // Forward the check to the business logic of the library.
>
> +    VarCheckLibRegisterSetVariableCheckHandler( ValidateSetVariable );
>
> +
>
> +    // Register the MMI handlers for receiving policy commands.
>
> +    DiscardedHandle =3D NULL;
>
> +    Status =3D gMmst->MmiHandlerRegister( VarCheckPolicyLibMmiHandler,
>
> +                                        &gVarCheckPolicyLibMmiHandlerGu=
id,
>
> +                                        &DiscardedHandle );
>
> +  }
>
> +  // Otherwise, there's not much we can do.
>
> +  else {
>
> +    DEBUG(( DEBUG_ERROR, "%a - Cannot Initialize VariablePolicyLib! %r\=
n",
> __FUNCTION__, Status ));
>
> +    ASSERT_EFI_ERROR( Status );
>
> +  }
>
> +
>
> +  return Status;
>
> +}
>
> diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> new file mode 100644
> index 000000000000..77bcc62f3ccf
> --- /dev/null
> +++ b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> @@ -0,0 +1,54 @@
> +/** @file -- VarCheckPolicyMmiCommon.h
>
> +This header contains communication definitions that are shared between
> DXE
>
> +and the MM component of VarCheckPolicy.
>
> +
>
> +Copyright (c) Microsoft Corporation.
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +**/
>
> +
>
> +#ifndef _VAR_CHECK_POLICY_MMI_COMMON_H_
>
> +#define _VAR_CHECK_POLICY_MMI_COMMON_H_
>
> +
>
> +#define   VAR_CHECK_POLICY_COMM_SIG       SIGNATURE_32('V', 'C', 'P', '=
C')
>
> +#define   VAR_CHECK_POLICY_COMM_REVISION  1
>
> +
>
> +#pragma pack(push, 1)
>
> +
>
> +typedef struct _VAR_CHECK_POLICY_COMM_HEADER {
>
> +  UINT32      Signature;
>
> +  UINT32      Revision;
>
> +  UINT32      Command;
>
> +  EFI_STATUS  Result;
>
> +} VAR_CHECK_POLICY_COMM_HEADER;
>
> +
>
> +typedef struct _VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS {
>
> +  BOOLEAN     State;
>
> +} VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS;
>
> +
>
> +typedef struct _VAR_CHECK_POLICY_COMM_DUMP_PARAMS {
>
> +  UINT32      PageRequested;
>
> +  UINT32      TotalSize;
>
> +  UINT32      PageSize;
>
> +  BOOLEAN     HasMore;
>
> +} VAR_CHECK_POLICY_COMM_DUMP_PARAMS;
>
> +
>
> +#pragma pack(pop)
>
> +
>
> +// Make sure that we will hold at least the headers.
>
> +#define   VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE
> MAX((OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof
> (VAR_CHECK_POLICY_COMM_HEADER) + EFI_PAGES_TO_SIZE(1)),
> EFI_PAGES_TO_SIZE(4))
>
> +#define   VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE
> (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \
>
> +                                                    (OFFSET_OF(EFI_MM_C=
OMMUNICATE_HEADER,
> Data) + \
>
> +                                                      sizeof(VAR_CHECK_=
POLICY_COMM_HEADER) + \
>
> +
> sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS)))
>
> +STATIC_ASSERT (
>
> +  VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE <
> VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE,
>
> +  "an integer underflow may have occurred calculating
> VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE"
>
> +  );
>
> +
>
> +#define   VAR_CHECK_POLICY_COMMAND_DISABLE      0x0001
>
> +#define   VAR_CHECK_POLICY_COMMAND_IS_ENABLED   0x0002
>
> +#define   VAR_CHECK_POLICY_COMMAND_REGISTER     0x0003
>
> +#define   VAR_CHECK_POLICY_COMMAND_DUMP         0x0004
>
> +#define   VAR_CHECK_POLICY_COMMAND_LOCK         0x0005
>
> +
>
> +#endif // _VAR_CHECK_POLICY_MMI_COMMON_H_
>
> diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.in=
f
> b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> new file mode 100644
> index 000000000000..077bcc8990ca
> --- /dev/null
> +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> @@ -0,0 +1,42 @@
> +## @file VarCheckPolicyLib.inf
>
> +# This is an instance of a VarCheck lib that leverages the business log=
ic
> behind
>
> +# the VariablePolicy code to make its decisions.
>
> +#
>
> +# Copyright (c) Microsoft Corporation.
>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +##
>
> +
>
> +[Defines]
>
> +  INF_VERSION                    =3D 0x00010005
>
> +  BASE_NAME                      =3D VarCheckPolicyLib
>
> +  FILE_GUID                      =3D 9C28A48F-C884-4B1F-8B95-DEF1254480=
23
>
> +  MODULE_TYPE                    =3D DXE_RUNTIME_DRIVER
>
> +  VERSION_STRING                 =3D 1.0
>
> +  LIBRARY_CLASS                  =3D NULL|DXE_RUNTIME_DRIVER
> DXE_SMM_DRIVER
>
> +  CONSTRUCTOR                    =3D VarCheckPolicyLibConstructor
>
> +
>
> +
>
> +[Sources]
>
> +  VarCheckPolicyLib.c
>
> +
>
> +
>
> +[Packages]
>
> +  MdePkg/MdePkg.dec
>
> +  MdeModulePkg/MdeModulePkg.dec
>
> +
>
> +
>
> +[LibraryClasses]
>
> +  BaseLib
>
> +  DebugLib
>
> +  BaseMemoryLib
>
> +  DxeServicesLib
>
> +  MemoryAllocationLib
>
> +  VarCheckLib
>
> +  VariablePolicyLib
>
> +  VariablePolicyHelperLib
>
> +  SafeIntLib
>
> +  MmServicesTableLib
>
> +
>
> +
>
> +[Guids]
>
> +  gVarCheckPolicyLibMmiHandlerGuid        ## CONSUME ## Used to registe=
r
> for MM Communication events.
>
> diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.un=
i
> b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> new file mode 100644
> index 000000000000..eedeeed15d31
> --- /dev/null
> +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> @@ -0,0 +1,12 @@
> +// /** @file
>
> +// VarCheckPolicyLib.uni
>
> +//
>
> +// Copyright (c) Microsoft Corporation.
>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +//
>
> +// **/
>
> +
>
> +
>
> +#string STR_MODULE_ABSTRACT             #language en-US "NULL library
> implementation that conforms to the VarCheck interface to allow
> VariablePolicy engine to enforce policies"
>
> +
>
> +#string STR_MODULE_DESCRIPTION          #language en-US "NULL library
> implementation that conforms to the VarCheck interface to allow
> VariablePolicy engine to enforce policies"
>
> diff --git a/MdeModulePkg/MdeModulePkg.dec
> b/MdeModulePkg/MdeModulePkg.dec
> index b21cd78c8787..9a3c9fe642d3 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -385,6 +385,10 @@ [Guids]
>    ## Include/Guid/EndofS3Resume.h
>
>    gEdkiiEndOfS3ResumeGuid =3D { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67=
, 0xe4,
> 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }
>
>
>
> +  ## Used (similar to Variable Services) to communicate policies to the
> enforcement engine.
>
> +  # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}
>
> +  gVarCheckPolicyLibMmiHandlerGuid =3D { 0xda1b0d11, 0xd1a7, 0x46c4,
> { 0x9d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}
>
> +
>
>    ## Include/Guid/S3SmmInitDone.h
>
>    gEdkiiS3SmmInitDoneGuid =3D { 0x8f9d4825, 0x797d, 0x48fc, { 0x84, 0x7=
1,
> 0x84, 0x50, 0x25, 0x79, 0x2e, 0xf6 } }
>
>
>
> diff --git a/MdeModulePkg/MdeModulePkg.dsc
> b/MdeModulePkg/MdeModulePkg.dsc
> index 37795b9e4f58..f0a75a3b337b 100644
> --- a/MdeModulePkg/MdeModulePkg.dsc
> +++ b/MdeModulePkg/MdeModulePkg.dsc
> @@ -313,6 +313,7 @@ [Components]
>    MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
>
>    MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>
>    MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.in=
f
>
> +  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>
>    MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
>
>    MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
>
>    MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
>
> @@ -458,6 +459,7 @@ [Components.IA32, Components.X64]
>    MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
>
>    MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
>
>      <LibraryClasses>
>
> +      NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>
>        NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
>
>        NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
>
>        NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
>
> --
> 2.26.2.windows.1.8.g01c50adf56.20200515075929
>
>
> -=3D-=3D-=3D-=3D-=3D-=3D
> Groups.io Links: You receive all messages sent to this group.
>
> View/Reply Online (#61590): https://nam06.safelinks.protection.outlook.c=
om/?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F61590&amp;da=
ta=3D02%7C01%7CBret.Barkelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d=
8238%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;sd=
ata=3DXkVKxTN1iXFWsCvsgFYmCWO2JZrIUu1NqKikSIEiBS8%3D&amp;reserved=3D0
> Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=3Dh=
ttps%3A%2F%2Fgroups.io%2Fmt%2F75057699%2F1768738&amp;data=3D02%7C01%7CBret.=
Barkelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f14=
1af91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;sdata=3DrnMmHC3VAKP3h0=
X461RptcvVE79kmZdOV3j7N66gHkQ%3D&amp;reserved=3D0
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps=
%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=3D02%7C01%7CBret.Barke=
lew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f141af91=
ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;sdata=3D1VhBeVczCZ4xGGrq2aQ=
FW4r1EtI7jebdgOX0EtFTTKc%3D&amp;reserved=3D0  [dandan.bi@intel.com]
> -=3D-=3D-=3D-=3D-=3D-=3D





--_000_CY4PR21MB07434EF1E609BF461C4E6E49EF6D0CY4PR21MB0743namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=
fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii=
">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:DengXian;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@DengXian";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">1.[Dandan]: This should be a NULL class library, no=
t an instance of VarCheck Lib.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"color:red">Agreed. Will update.</spa=
n><span style=3D"color:red"><o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">- Bret</p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<div style=3D"mso-element:para-border-div;border:none;border-top:solid #E1=
E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class=3D"MsoNormal" style=3D"border:none;padding:0in"><b>From: </b><a h=
ref=3D"mailto:dandan.bi=3Dintel.com@groups.io">Dandan Bi via groups.io</a><=
br>
<b>Sent: </b>Wednesday, July 1, 2020 7:13 PM<br>
<b>To: </b><a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a=
>; <a href=3D"mailto:bret@corthon.com">
bret@corthon.com</a><br>
<b>Cc: </b><a href=3D"mailto:jian.j.wang@intel.com">Wang, Jian J</a>; <a h=
ref=3D"mailto:hao.a.wu@intel.com">
Wu, Hao A</a>; <a href=3D"mailto:liming.gao@intel.com">liming.gao</a><br>
<b>Subject: </b>[EXTERNAL] Re: [edk2-devel] [PATCH v6 04/14] MdeModulePkg:=
 Define the VarCheckPolicyLib and SMM interface</p>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">1 comment inline, pl=
ease check.<br>
<br>
<br>
<br>
Thanks,<br>
Dandan<br>
&gt; -----Original Message-----<br>
&gt; From: devel@edk2.groups.io &lt;devel@edk2.groups.io&gt; On Behalf Of =
Bret<br>
&gt; Barkelew<br>
&gt; Sent: Tuesday, June 23, 2020 2:41 PM<br>
&gt; To: devel@edk2.groups.io<br>
&gt; Cc: Wang, Jian J &lt;jian.j.wang@intel.com&gt;; Wu, Hao A &lt;hao.a.w=
u@intel.com&gt;;<br>
&gt; Gao, Liming &lt;liming.gao@intel.com&gt;<br>
&gt; Subject: [edk2-devel] [PATCH v6 04/14] MdeModulePkg: Define the<br>
&gt; VarCheckPolicyLib and SMM interface<br>
&gt; <br>
&gt; <a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttp=
s%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;amp;data=3D=
02%7C01%7CBret.Barkelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%=
7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;amp;sda=
ta=3Dyj3Z6JZariiNwPNLzp1Phb7bQHvtPYPA7U%2BjFkQMJ3k%3D&amp;amp;reserved=3D0"=
>
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzil=
la.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;amp;data=3D02%7C01%7CBret.B=
arkelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f141=
af91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;amp;sdata=3Dyj3Z6JZarii=
NwPNLzp1Phb7bQHvtPYPA7U%2BjFkQMJ3k%3D&amp;amp;reserved=3D0</a><br>
&gt; <br>
&gt; VariablePolicy is an updated interface to<br>
&gt; replace VarLock and VarCheckProtocol.<br>
&gt; <br>
&gt; This is an instance of a VarCheckLib that is backed by the<br>
&gt; VariablePolicyLib business logic. It also publishes the SMM<br>
&gt; calling interface for messages from the DXE protocol.<br>
&gt; <br>
&gt; Cc: Jian J Wang &lt;jian.j.wang@intel.com&gt;<br>
&gt; Cc: Hao A Wu &lt;hao.a.wu@intel.com&gt;<br>
&gt; Cc: Liming Gao &lt;liming.gao@intel.com&gt;<br>
&gt; Cc: Bret Barkelew &lt;brbarkel@microsoft.com&gt;<br>
&gt; Signed-off-by: Bret Barkelew &lt;brbarkel@microsoft.com&gt;<br>
&gt; ---<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c&nbsp=
;&nbsp; | 320<br>
&gt; &#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43=
;&#43;&#43;&#43;&#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&=
nbsp; 54 &#43;&#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf |&=
nbsp; 42 &#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni |&=
nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.dec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; |&nbsp;&nbsp; 4 &#43;<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; |&nbsp;&nbsp; 2 &#43;<br>
&gt;&nbsp; 6 files changed, 434 insertions(&#43;)<br>
&gt; <br>
&gt; diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib=
.c<br>
&gt; b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c<br>
&gt; new file mode 100644<br>
&gt; index 000000000000..b64fc5f45332<br>
&gt; --- /dev/null<br>
&gt; &#43;&#43;&#43; b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPoli=
cyLib.c<br>
&gt; @@ -0,0 &#43;1,320 @@<br>
&gt; &#43;/** @file -- VarCheckPolicyLib.c<br>
&gt; <br>
&gt; &#43;This is an instance of a VarCheck lib that leverages the busines=
s logic behind<br>
1.[Dandan]: This should be a NULL class library, not an instance of VarChe=
ck Lib.<br>
<br>
&gt; <br>
&gt; &#43;the VariablePolicy code to make its decisions.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;Copyright (c) Microsoft Corporation.<br>
&gt; <br>
&gt; &#43;SPDX-License-Identifier: BSD-2-Clause-Patent<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;**/<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/VarCheckLib.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/BaseLib.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/DebugLib.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/SafeIntLib.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/MmServicesTableLib.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/BaseMemoryLib.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/MemoryAllocationLib.h&gt;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#include &lt;Protocol/MmCommunication.h&gt;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#include &lt;Protocol/VariablePolicy.h&gt;<br>
&gt; <br>
&gt; &#43;#include &lt;Library/VariablePolicyLib.h&gt;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#include &lt;Guid/VarCheckPolicyMmi.h&gt;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D<br>
&gt; <br>
&gt; &#43;// As a VarCheck library, we're linked into the VariableServices=
<br>
&gt; <br>
&gt; &#43;// and may not be able to call them indirectly. To get around th=
is,<br>
&gt; <br>
&gt; &#43;// use the internal GetVariable function to query the variable s=
tore.<br>
&gt; <br>
&gt; &#43;//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D<br>
&gt; <br>
&gt; &#43;EFI_STATUS<br>
&gt; <br>
&gt; &#43;EFIAPI<br>
&gt; <br>
&gt; &#43;VariableServiceGetVariable (<br>
&gt; <br>
&gt; &#43;&nbsp; IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CHAR16&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *VariableName,<br>
&gt; <br>
&gt; &#43;&nbsp; IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EFI_GUID&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *VendorGuid,<br>
&gt; <br>
&gt; &#43;&nbsp; OUT&nbsp;&nbsp;&nbsp;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *Attributes OPTIONAL,<br>
&gt; <br>
&gt; &#43;&nbsp; IN OUT&nbsp; UINTN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *DataSize,<br>
&gt; <br>
&gt; &#43;&nbsp; OUT&nbsp;&nbsp;&nbsp;&nbsp; VOID&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *Data<br>
&gt; <br>
&gt; &#43;&nbsp; );<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;/**<br>
&gt; <br>
&gt; &#43;&nbsp; MM Communication Handler to recieve commands from the DXE=
 protocol<br>
&gt; for<br>
&gt; <br>
&gt; &#43;&nbsp; Variable Policies. This communication channel is used to =
register new<br>
&gt; policies<br>
&gt; <br>
&gt; &#43;&nbsp; and poll and toggle the enforcement of variable policies.=
<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; @param[in]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DispatchHandle&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp; All parameters standard to MM<br>
&gt; communications convention.<br>
&gt; <br>
&gt; &#43;&nbsp; @param[in]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; RegisterContext&=
nbsp;&nbsp;&nbsp;&nbsp; All parameters standard to MM<br>
&gt; communications convention.<br>
&gt; <br>
&gt; &#43;&nbsp; @param[in,out]&nbsp; CommBuffer&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp; All parameters standard to MM<br>
&gt; communications convention.<br>
&gt; <br>
&gt; &#43;&nbsp; @param[in,out]&nbsp; CommBufferSize&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp; All parameters standard to MM<br>
&gt; communications convention.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; @retval&nbsp;&nbsp;&nbsp;&nbsp; EFI_SUCCESS<br>
&gt; <br>
&gt; &#43;&nbsp; @retval&nbsp;&nbsp;&nbsp;&nbsp; EFI_INVALID_PARAMETER&nbs=
p;&nbsp; CommBuffer or CommBufferSize is<br>
&gt; null pointer.<br>
&gt; <br>
&gt; &#43;&nbsp; @retval&nbsp;&nbsp;&nbsp;&nbsp; EFI_INVALID_PARAMETER&nbs=
p;&nbsp; CommBuffer size is wrong.<br>
&gt; <br>
&gt; &#43;&nbsp; @retval&nbsp;&nbsp;&nbsp;&nbsp; EFI_INVALID_PARAMETER&nbs=
p;&nbsp; Revision or signature don't match.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;**/<br>
&gt; <br>
&gt; &#43;STATIC<br>
&gt; <br>
&gt; &#43;EFI_STATUS<br>
&gt; <br>
&gt; &#43;EFIAPI<br>
&gt; <br>
&gt; &#43;VarCheckPolicyLibMmiHandler (<br>
&gt; <br>
&gt; &#43;&nbsp; IN&nbsp;&nbsp;&nbsp;&nbsp; EFI_HANDLE&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; DispatchHandle,<br>
&gt; <br>
&gt; &#43;&nbsp; IN&nbsp;&nbsp;&nbsp;&nbsp; CONST VOID&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; *RegisterContext,<br>
&gt; <br>
&gt; &#43;&nbsp; IN OUT VOID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp; *CommBuffer,<br>
&gt; <br>
&gt; &#43;&nbsp; IN OUT UINTN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp; *CommBufferSize<br>
&gt; <br>
&gt; &#43;&nbsp; )<br>
&gt; <br>
&gt; &#43;{<br>
&gt; <br>
&gt; &#43;&nbsp; EFI_STATUS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Status;<br=
>
&gt; <br>
&gt; &#43;&nbsp; EFI_STATUS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SubCommand=
Status;<br>
&gt; <br>
&gt; &#43;&nbsp; VAR_CHECK_POLICY_COMM_HEADER&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *PolicyCommmHeader;<br>
&gt; <br>
&gt; &#43;&nbsp; VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS&nbsp;&nbsp; *IsEn=
abledParams;<br>
&gt; <br>
&gt; &#43;&nbsp; VAR_CHECK_POLICY_COMM_DUMP_PARAMS&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp; *DumpParams;<br>
&gt; <br>
&gt; &#43;&nbsp; UINT8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; *DumpInputBuffer;<br>
&gt; <br>
&gt; &#43;&nbsp; UINT8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; *DumpOutputBuffer;<br>
&gt; <br>
&gt; &#43;&nbsp; UINTN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; DumpTotalPages;<br>
&gt; <br>
&gt; &#43;&nbsp; VARIABLE_POLICY_ENTRY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; *PolicyEntry;<br>
&gt; <br>
&gt; &#43;&nbsp; UINTN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp; ExpectedSize;<br>
&gt; <br>
&gt; &#43;&nbsp; // Pagination Cache Variables<br>
&gt; <br>
&gt; &#43;&nbsp; static UINT8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *PaginationCache =3D=
 NULL;<br>
&gt; <br>
&gt; &#43;&nbsp; static UINTN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PaginationCacheSize =
=
=3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp; static UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CurrentPaginationCommand =
=
=3D 0;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; Status =3D EFI_SUCCESS;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; //<br>
&gt; <br>
&gt; &#43;&nbsp; // Validate some input parameters.<br>
&gt; <br>
&gt; &#43;&nbsp; //<br>
&gt; <br>
&gt; &#43;&nbsp; // If either of the pointers are NULL, we can't proceed.<=
br>
&gt; <br>
&gt; &#43;&nbsp; if (CommBuffer =3D=3D NULL || CommBufferSize =3D=3D NULL)=
 {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &quot;%a - Invalid comm b=
uffer pointers!\n&quot;,<br>
&gt; __FUNCTION__ ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; return EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp; // If the size does not meet a minimum threshold, we cann=
ot proceed.<br>
&gt; <br>
&gt; &#43;&nbsp; ExpectedSize =3D sizeof(VAR_CHECK_POLICY_COMM_HEADER);<br=
>
&gt; <br>
&gt; &#43;&nbsp; if (*CommBufferSize &lt; ExpectedSize) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &quot;%a - Bad comm buffe=
r size! %d &lt; %d\n&quot;,<br>
&gt; __FUNCTION__, *CommBufferSize, ExpectedSize ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; return EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp; // Check the revision and the signature of the comm heade=
r.<br>
&gt; <br>
&gt; &#43;&nbsp; PolicyCommmHeader =3D CommBuffer;<br>
&gt; <br>
&gt; &#43;&nbsp; if (PolicyCommmHeader-&gt;Signature !=3D VAR_CHECK_POLICY=
_COMM_SIG<br>
&gt; ||<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Revision !=
=3D<br>
&gt; VAR_CHECK_POLICY_COMM_REVISION) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &quot;%a - Signature or r=
evision are incorrect!\n&quot;,<br>
&gt; __FUNCTION__ ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; // We have verified the buffer is not null an=
d have enough size to hold<br>
&gt; Result field.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D EFI_INVALID_=
PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; return EFI_SUCCESS;<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; // If we're in the middle of a paginated dump and any oth=
er command is<br>
&gt; sent,<br>
&gt; <br>
&gt; &#43;&nbsp; // pagination cache must be cleared.<br>
&gt; <br>
&gt; &#43;&nbsp; if (PaginationCache !=3D NULL &amp;&amp; PolicyCommmHeade=
r-&gt;Command !=3D<br>
&gt; CurrentPaginationCommand) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; FreePool (PaginationCache);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; PaginationCache =3D NULL;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; PaginationCacheSize =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; CurrentPaginationCommand =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; //<br>
&gt; <br>
&gt; &#43;&nbsp; // Now we can process the command as it was sent.<br>
&gt; <br>
&gt; &#43;&nbsp; //<br>
&gt; <br>
&gt; &#43;&nbsp; PolicyCommmHeader-&gt;Result =3D EFI_ABORTED;&nbsp;&nbsp;=
&nbsp; // Set a default return for<br>
&gt; incomplete commands.<br>
&gt; <br>
&gt; &#43;&nbsp; switch(PolicyCommmHeader-&gt;Command) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; case VAR_CHECK_POLICY_COMMAND_DISABLE:<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D =
DisableVariablePolicy();<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; case VAR_CHECK_POLICY_COMMAND_IS_ENABLED:<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Make sure that we're dealing w=
ith a reasonable size.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // This add should be safe becaus=
e these are fixed sizes so far.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ExpectedSize &#43;=3D<br>
&gt; sizeof(VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (*CommBufferSize &lt; Expected=
Size) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &=
quot;%a - Bad comm buffer size! %d &lt; %d\n&quot;,<br>
&gt; __FUNCTION__, *CommBufferSize, ExpectedSize ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt=
;Result =3D EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Now that we know we've got a v=
alid size, we can fill in the rest of the<br>
&gt; data.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IsEnabledParams =3D<br>
&gt; (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)((UINT8*)CommBuff<br>
&gt; er &#43; sizeof(VAR_CHECK_POLICY_COMM_HEADER));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; IsEnabledParams-&gt;State =3D IsV=
ariablePolicyEnabled();<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D =
EFI_SUCCESS;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; case VAR_CHECK_POLICY_COMMAND_REGISTER:<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Make sure that we're dealing w=
ith a reasonable size.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // This add should be safe becaus=
e these are fixed sizes so far.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ExpectedSize &#43;=3D sizeof(VARI=
ABLE_POLICY_ENTRY);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (*CommBufferSize &lt; Expected=
Size) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &=
quot;%a - Bad comm buffer size! %d &lt; %d\n&quot;,<br>
&gt; __FUNCTION__, *CommBufferSize, ExpectedSize ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt=
;Result =3D EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // At the very least, we can assu=
me that we're working with a valid policy<br>
&gt; entry.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Time to compare its internal s=
ize.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyEntry =3D (VARIABLE_POLICY_=
ENTRY*)((UINT8*)CommBuffer &#43;<br>
&gt; sizeof(VAR_CHECK_POLICY_COMM_HEADER));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (PolicyEntry-&gt;Version !=3D =
VARIABLE_POLICY_ENTRY_REVISION ||<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyEnt=
ry-&gt;Size &lt; sizeof(VARIABLE_POLICY_ENTRY) ||<br>
&gt; <br>
&gt; &#43;<br>
&gt; EFI_ERROR(SafeUintnAdd(sizeof(VAR_CHECK_POLICY_COMM_HEADER),<br>
&gt; PolicyEntry-&gt;Size, &amp;ExpectedSize)) ||<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *CommBuff=
erSize &lt; ExpectedSize) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &=
quot;%a - Bad policy entry contents!\n&quot;,<br>
&gt; __FUNCTION__ ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt=
;Result =3D EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D =
RegisterVariablePolicy( PolicyEntry );<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; case VAR_CHECK_POLICY_COMMAND_DUMP:<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Make sure that we're dealing w=
ith a reasonable size.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // This add should be safe becaus=
e these are fixed sizes so far.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ExpectedSize &#43;=3D sizeof(VAR_=
CHECK_POLICY_COMM_DUMP_PARAMS)<br>
&gt; &#43; VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (*CommBufferSize &lt; Expected=
Size) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &=
quot;%a - Bad comm buffer size! %d &lt; %d\n&quot;,<br>
&gt; __FUNCTION__, *CommBufferSize, ExpectedSize ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt=
;Result =3D EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Now that we know we've got a v=
alid size, we can fill in the rest of the<br>
&gt; data.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams =3D<br>
&gt; (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(PolicyCommmHeader &#43; 1);<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // If we're requesting the first =
page, initialize the cache and get the sizes.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (DumpParams-&gt;PageRequested =
=
=3D=3D 0) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (PaginationCache !=
=
=3D NULL) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FreePool =
(PaginationCache);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Paginatio=
nCache =3D NULL;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Determine what the=
 required size is going to be.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;TotalS=
ize =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;PageSi=
ze =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;HasMor=
e =3D FALSE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SubCommandStatus =3D =
DumpVariablePolicy (NULL, &amp;DumpParams-<br>
&gt; &gt;TotalSize);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (SubCommandStatus =
=
=3D=3D EFI_BUFFER_TOO_SMALL &amp;&amp; DumpParams-<br>
&gt; &gt;TotalSize &gt; 0) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CurrentPa=
ginationCommand =3D<br>
&gt; VAR_CHECK_POLICY_COMMAND_DUMP;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Paginatio=
nCacheSize =3D DumpParams-&gt;TotalSize;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Paginatio=
nCache =3D AllocatePool (PaginationCacheSize);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (Pagin=
ationCache =3D=3D NULL) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; SubCommandStatus =3D EFI_OUT_OF_RESOURCES;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // If we've allocated=
 our pagination cache, we're good to cache.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (PaginationCache !=
=
=3D NULL) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SubComman=
dStatus =3D DumpVariablePolicy (PaginationCache,<br>
&gt; &amp;DumpParams-&gt;TotalSize);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Populate the remai=
ning fields and we can boogie.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (!EFI_ERROR (SubCo=
mmandStatus) &amp;&amp; PaginationCache !=3D NULL) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParam=
s-&gt;HasMore =3D TRUE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else if (PaginationCache !=3D NUL=
L) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;TotalS=
ize =3D (UINT32)PaginationCacheSize;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;PageSi=
ze =3D<br>
&gt; VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpOutputBuffer =3D =
(UINT8*)(DumpParams &#43; 1);<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Make sure that we =
don't over-index the cache.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpTotalPages =3D Pa=
ginationCacheSize / DumpParams-&gt;PageSize;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (PaginationCacheSi=
ze % DumpParams-&gt;PageSize) DumpTotalPages&#43;&#43;;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (DumpParams-&gt;Pa=
geRequested &gt; DumpTotalPages) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SubComman=
dStatus =3D EFI_INVALID_PARAMETER;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Figure=
 out how far into the page cache we need to go for our next<br>
&gt; page.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // We kno=
w the blind subtraction won't be bad because we already<br>
&gt; checked for page 0.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpInput=
Buffer =3D &amp;PaginationCache[DumpParams-&gt;PageSize *<br>
&gt; (DumpParams-&gt;PageRequested - 1)];<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // If we'=
re getting the last page, adjust the PageSize.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (DumpP=
arams-&gt;PageRequested =3D=3D DumpTotalPages) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; DumpParams-&gt;PageSize =3D PaginationCacheSize % DumpParams-<br>
&gt; &gt;PageSize;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CopyMem (=
DumpOutputBuffer, DumpInputBuffer, DumpParams-<br>
&gt; &gt;PageSize);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // If we =
just got the last page, settle up the cache.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (DumpP=
arams-&gt;PageRequested =3D=3D DumpTotalPages) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; DumpParams-&gt;HasMore =3D FALSE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; FreePool (PaginationCache);<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; PaginationCache =3D NULL;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; PaginationCacheSize =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; CurrentPaginationCommand =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Otherw=
ise, we could do more here.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else {<br=
>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p; DumpParams-&gt;HasMore =3D TRUE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // If we =
made it this far, we're basically good.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SubComman=
dStatus =3D EFI_SUCCESS;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // If we've requested any other p=
age than 0 and the cache is empty, we<br>
&gt; must have timed out.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;TotalS=
ize =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;PageSi=
ze =3D 0;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DumpParams-&gt;HasMor=
e =3D FALSE;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SubCommandStatus =3D =
EFI_TIMEOUT;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // There's currently no use for t=
his, but it shouldn't be hard to implement.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D =
SubCommandStatus;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; case VAR_CHECK_POLICY_COMMAND_LOCK:<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D =
LockVariablePolicy();<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; default:<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Mark unknown requested command=
 as EFI_UNSUPPORTED.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_INFO, &quot;%a - In=
valid command requested! %d\n&quot;,<br>
&gt; __FUNCTION__, PolicyCommmHeader-&gt;Command ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCommmHeader-&gt;Result =3D =
EFI_UNSUPPORTED;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; break;<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; DEBUG(( DEBUG_VERBOSE, &quot;%a - Command %d returning %r=
.\n&quot;,<br>
&gt; __FUNCTION__,<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PolicyCom=
mmHeader-&gt;Command, PolicyCommmHeader-&gt;Result ));<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; return Status;<br>
&gt; <br>
&gt; &#43;}<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;/**<br>
&gt; <br>
&gt; &#43;&nbsp; Constructor function of VarCheckPolicyLib to register Var=
Check handler<br>
&gt; and<br>
&gt; <br>
&gt; &#43;&nbsp; SW MMI handlers.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; @param[in] ImageHandle&nbsp;&nbsp;&nbsp; The firmware all=
ocated handle for the EFI<br>
&gt; image.<br>
&gt; <br>
&gt; &#43;&nbsp; @param[in] SystemTable&nbsp;&nbsp;&nbsp; A pointer to the=
 EFI System Table.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; @retval EFI_SUCCESS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; T=
he constructor executed correctly.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;**/<br>
&gt; <br>
&gt; &#43;EFI_STATUS<br>
&gt; <br>
&gt; &#43;EFIAPI<br>
&gt; <br>
&gt; &#43;VarCheckPolicyLibConstructor (<br>
&gt; <br>
&gt; &#43;&nbsp; IN EFI_HANDLE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp; ImageHandle,<br>
&gt; <br>
&gt; &#43;&nbsp; IN EFI_SYSTEM_TABLE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *=
SystemTable<br>
&gt; <br>
&gt; &#43;&nbsp; )<br>
&gt; <br>
&gt; &#43;{<br>
&gt; <br>
&gt; &#43;&nbsp; EFI_STATUS&nbsp;&nbsp;&nbsp; Status;<br>
&gt; <br>
&gt; &#43;&nbsp; EFI_HANDLE&nbsp;&nbsp;&nbsp; DiscardedHandle;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; // Initialize the business logic with the internal GetVar=
iable handler.<br>
&gt; <br>
&gt; &#43;&nbsp; Status =3D InitVariablePolicyLib( VariableServiceGetVaria=
ble );<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; // Only proceed with init if the business logic could be =
initialized.<br>
&gt; <br>
&gt; &#43;&nbsp; if (!EFI_ERROR( Status )) {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; // Register the VarCheck handler for SetVaria=
ble filtering.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; // Forward the check to the business logic of=
 the library.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; VarCheckLibRegisterSetVariableCheckHandler( V=
alidateSetVariable );<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; // Register the MMI handlers for receiving po=
licy commands.<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; DiscardedHandle =3D NULL;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; Status =3D gMmst-&gt;MmiHandlerRegister( VarC=
heckPolicyLibMmiHandler,<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; &amp;gVarCheckPolicyLibMmiHandlerGuid,<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; &amp;DiscardedHandle );<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;&nbsp; // Otherwise, there's not much we can do.<br>
&gt; <br>
&gt; &#43;&nbsp; else {<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; DEBUG(( DEBUG_ERROR, &quot;%a - Cannot Initia=
lize VariablePolicyLib! %r\n&quot;,<br>
&gt; __FUNCTION__, Status ));<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp; ASSERT_EFI_ERROR( Status );<br>
&gt; <br>
&gt; &#43;&nbsp; }<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;&nbsp; return Status;<br>
&gt; <br>
&gt; &#43;}<br>
&gt; <br>
&gt; diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h<br>
&gt; b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h<br>
&gt; new file mode 100644<br>
&gt; index 000000000000..77bcc62f3ccf<br>
&gt; --- /dev/null<br>
&gt; &#43;&#43;&#43; b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h<br>
&gt; @@ -0,0 &#43;1,54 @@<br>
&gt; &#43;/** @file -- VarCheckPolicyMmiCommon.h<br>
&gt; <br>
&gt; &#43;This header contains communication definitions that are shared b=
etween<br>
&gt; DXE<br>
&gt; <br>
&gt; &#43;and the MM component of VarCheckPolicy.<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;Copyright (c) Microsoft Corporation.<br>
&gt; <br>
&gt; &#43;SPDX-License-Identifier: BSD-2-Clause-Patent<br>
&gt; <br>
&gt; &#43;**/<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#ifndef _VAR_CHECK_POLICY_MMI_COMMON_H_<br>
&gt; <br>
&gt; &#43;#define _VAR_CHECK_POLICY_MMI_COMMON_H_<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMM_SIG&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; SIGNATURE_32('V', 'C', 'P', 'C')<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMM_REVISION&nbsp; 1<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#pragma pack(push, 1)<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;typedef struct _VAR_CHECK_POLICY_COMM_HEADER {<br>
&gt; <br>
&gt; &#43;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Signature;<br>
&gt; <br>
&gt; &#43;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Revision;<br>
&gt; <br>
&gt; &#43;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Command;<br>
&gt; <br>
&gt; &#43;&nbsp; EFI_STATUS&nbsp; Result;<br>
&gt; <br>
&gt; &#43;} VAR_CHECK_POLICY_COMM_HEADER;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;typedef struct _VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS {<br>
&gt; <br>
&gt; &#43;&nbsp; BOOLEAN&nbsp;&nbsp;&nbsp;&nbsp; State;<br>
&gt; <br>
&gt; &#43;} VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;typedef struct _VAR_CHECK_POLICY_COMM_DUMP_PARAMS {<br>
&gt; <br>
&gt; &#43;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PageRequested;<br>
&gt; <br>
&gt; &#43;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TotalSize;<br>
&gt; <br>
&gt; &#43;&nbsp; UINT32&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; PageSize;<br>
&gt; <br>
&gt; &#43;&nbsp; BOOLEAN&nbsp;&nbsp;&nbsp;&nbsp; HasMore;<br>
&gt; <br>
&gt; &#43;} VAR_CHECK_POLICY_COMM_DUMP_PARAMS;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#pragma pack(pop)<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;// Make sure that we will hold at least the headers.<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE<br>
&gt; MAX((OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) &#43; sizeof<br>
&gt; (VAR_CHECK_POLICY_COMM_HEADER) &#43; EFI_PAGES_TO_SIZE(1)),<br>
&gt; EFI_PAGES_TO_SIZE(4))<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE<br>
&gt; (VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE - \<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; (OFFSET_OF(EFI_MM_COMMUNICATE_HEADER,<br>
&gt; Data) &#43; \<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sizeof(VAR_CHECK_POLICY_COMM_HEADER) &#43; \<=
br>
&gt; <br>
&gt; &#43;<br>
&gt; sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS)))<br>
&gt; <br>
&gt; &#43;STATIC_ASSERT (<br>
&gt; <br>
&gt; &#43;&nbsp; VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE &lt;<br>
&gt; VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE,<br>
&gt; <br>
&gt; &#43;&nbsp; &quot;an integer underflow may have occurred calculating<=
br>
&gt; VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE&quot;<br>
&gt; <br>
&gt; &#43;&nbsp; );<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMMAND_DISABLE&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp; 0x0001<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMMAND_IS_ENABLED&nbsp;&nb=
sp; 0x0002<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMMAND_REGISTER&nbsp;&nbsp=
;&nbsp;&nbsp; 0x0003<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMMAND_DUMP&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x0004<br>
&gt; <br>
&gt; &#43;#define&nbsp;&nbsp; VAR_CHECK_POLICY_COMMAND_LOCK&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x0005<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#endif // _VAR_CHECK_POLICY_MMI_COMMON_H_<br>
&gt; <br>
&gt; diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib=
.inf<br>
&gt; b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf<br>
&gt; new file mode 100644<br>
&gt; index 000000000000..077bcc8990ca<br>
&gt; --- /dev/null<br>
&gt; &#43;&#43;&#43; b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPoli=
cyLib.inf<br>
&gt; @@ -0,0 &#43;1,42 @@<br>
&gt; &#43;## @file VarCheckPolicyLib.inf<br>
&gt; <br>
&gt; &#43;# This is an instance of a VarCheck lib that leverages the busin=
ess logic<br>
&gt; behind<br>
&gt; <br>
&gt; &#43;# the VariablePolicy code to make its decisions.<br>
&gt; <br>
&gt; &#43;#<br>
&gt; <br>
&gt; &#43;# Copyright (c) Microsoft Corporation.<br>
&gt; <br>
&gt; &#43;# SPDX-License-Identifier: BSD-2-Clause-Patent<br>
&gt; <br>
&gt; &#43;##<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;[Defines]<br>
&gt; <br>
&gt; &#43;&nbsp; INF_VERSION&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D 0x=
00010005<br>
&gt; <br>
&gt; &#43;&nbsp; BASE_NAME&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; =3D VarCheckPolicyLib<br>
&gt; <br>
&gt; &#43;&nbsp; FILE_GUID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp; =3D 9C28A48F-C884-4B1F-8B95-DEF125448023<br>
&gt; <br>
&gt; &#43;&nbsp; MODULE_TYPE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D DX=
E_RUNTIME_DRIVER<br>
&gt; <br>
&gt; &#43;&nbsp; VERSION_STRING&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D 1.0<br>
&gt; <br>
&gt; &#43;&nbsp; LIBRARY_CLASS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D NULL|DXE_RUN=
TIME_DRIVER<br>
&gt; DXE_SMM_DRIVER<br>
&gt; <br>
&gt; &#43;&nbsp; CONSTRUCTOR&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =3D Va=
rCheckPolicyLibConstructor<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;[Sources]<br>
&gt; <br>
&gt; &#43;&nbsp; VarCheckPolicyLib.c<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;[Packages]<br>
&gt; <br>
&gt; &#43;&nbsp; MdePkg/MdePkg.dec<br>
&gt; <br>
&gt; &#43;&nbsp; MdeModulePkg/MdeModulePkg.dec<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;[LibraryClasses]<br>
&gt; <br>
&gt; &#43;&nbsp; BaseLib<br>
&gt; <br>
&gt; &#43;&nbsp; DebugLib<br>
&gt; <br>
&gt; &#43;&nbsp; BaseMemoryLib<br>
&gt; <br>
&gt; &#43;&nbsp; DxeServicesLib<br>
&gt; <br>
&gt; &#43;&nbsp; MemoryAllocationLib<br>
&gt; <br>
&gt; &#43;&nbsp; VarCheckLib<br>
&gt; <br>
&gt; &#43;&nbsp; VariablePolicyLib<br>
&gt; <br>
&gt; &#43;&nbsp; VariablePolicyHelperLib<br>
&gt; <br>
&gt; &#43;&nbsp; SafeIntLib<br>
&gt; <br>
&gt; &#43;&nbsp; MmServicesTableLib<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;[Guids]<br>
&gt; <br>
&gt; &#43;&nbsp; gVarCheckPolicyLibMmiHandlerGuid&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; ## CONSUME ## Used to register<br>
&gt; for MM Communication events.<br>
&gt; <br>
&gt; diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib=
.uni<br>
&gt; b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni<br>
&gt; new file mode 100644<br>
&gt; index 000000000000..eedeeed15d31<br>
&gt; --- /dev/null<br>
&gt; &#43;&#43;&#43; b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPoli=
cyLib.uni<br>
&gt; @@ -0,0 &#43;1,12 @@<br>
&gt; &#43;// /** @file<br>
&gt; <br>
&gt; &#43;// VarCheckPolicyLib.uni<br>
&gt; <br>
&gt; &#43;//<br>
&gt; <br>
&gt; &#43;// Copyright (c) Microsoft Corporation.<br>
&gt; <br>
&gt; &#43;// SPDX-License-Identifier: BSD-2-Clause-Patent<br>
&gt; <br>
&gt; &#43;//<br>
&gt; <br>
&gt; &#43;// **/<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#string STR_MODULE_ABSTRACT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #language en-US &quot;NULL library<br>
&gt; implementation that conforms to the VarCheck interface to allow<br>
&gt; VariablePolicy engine to enforce policies&quot;<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt; &#43;#string STR_MODULE_DESCRIPTION&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; #language en-US &quot;NULL library<br>
&gt; implementation that conforms to the VarCheck interface to allow<br>
&gt; VariablePolicy engine to enforce policies&quot;<br>
&gt; <br>
&gt; diff --git a/MdeModulePkg/MdeModulePkg.dec<br>
&gt; b/MdeModulePkg/MdeModulePkg.dec<br>
&gt; index b21cd78c8787..9a3c9fe642d3 100644<br>
&gt; --- a/MdeModulePkg/MdeModulePkg.dec<br>
&gt; &#43;&#43;&#43; b/MdeModulePkg/MdeModulePkg.dec<br>
&gt; @@ -385,6 &#43;385,10 @@ [Guids]<br>
&gt;&nbsp;&nbsp;&nbsp; ## Include/Guid/EndofS3Resume.h<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; gEdkiiEndOfS3ResumeGuid =3D { 0x96f5296d, 0x05f7, 0=
x4f3c, {0x84, 0x67, 0xe4,<br>
&gt; 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }<br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; &#43;&nbsp; ## Used (similar to Variable Services) to communicate pol=
icies to the<br>
&gt; enforcement engine.<br>
&gt; <br>
&gt; &#43;&nbsp; # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}<br>
&gt; <br>
&gt; &#43;&nbsp; gVarCheckPolicyLibMmiHandlerGuid =3D { 0xda1b0d11, 0xd1a7=
, 0x46c4,<br>
&gt; { 0x9d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}<br>
&gt; <br>
&gt; &#43;<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; ## Include/Guid/S3SmmInitDone.h<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; gEdkiiS3SmmInitDoneGuid =3D { 0x8f9d4825, 0x797d, 0=
x48fc, { 0x84, 0x71,<br>
&gt; 0x84, 0x50, 0x25, 0x79, 0x2e, 0xf6 } }<br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; diff --git a/MdeModulePkg/MdeModulePkg.dsc<br>
&gt; b/MdeModulePkg/MdeModulePkg.dsc<br>
&gt; index 37795b9e4f58..f0a75a3b337b 100644<br>
&gt; --- a/MdeModulePkg/MdeModulePkg.dsc<br>
&gt; &#43;&#43;&#43; b/MdeModulePkg/MdeModulePkg.dsc<br>
&gt; @@ -313,6 &#43;313,7 @@ [Components]<br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Library/AuthVariableLibNull/AuthVariab=
leLibNull.inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePoli=
cyLib.inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePoli=
cyLibRuntimeDxe.inf<br>
&gt; <br>
&gt; &#43;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.=
inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf<br=
>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.=
inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.=
inf<br>
&gt; <br>
&gt; @@ -458,6 &#43;459,7 @@ [Components.IA32, Components.X64]<br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/Variable=
Smm.inf {<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;LibraryClasses&gt;<br>
&gt; <br>
&gt; &#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NULL|MdeModulePkg/Library/VarChec=
kPolicyLib/VarCheckPolicyLib.inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NULL|MdeModulePkg/Library/V=
arCheckUefiLib/VarCheckUefiLib.inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NULL|MdeModulePkg/Library/V=
arCheckHiiLib/VarCheckHiiLib.inf<br>
&gt; <br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NULL|MdeModulePkg/Library/V=
arCheckPcdLib/VarCheckPcdLib.inf<br>
&gt; <br>
&gt; --<br>
&gt; 2.26.2.windows.1.8.g01c50adf56.20200515075929<br>
&gt; <br>
&gt; <br>
&gt; -=3D-=3D-=3D-=3D-=3D-=3D<br>
&gt; Groups.io Links: You receive all messages sent to this group.<br>
&gt; <br>
&gt; View/Reply Online (#61590): <a href=3D"https://nam06.safelinks.protec=
tion.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%=
2F61590&amp;amp;data=3D02%7C01%7CBret.Barkelew%40microsoft.com%7Cc2c1537a2d=
7f41247b0308d81e2d8238%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6372925=
28098010318&amp;amp;sdata=3DXkVKxTN1iXFWsCvsgFYmCWO2JZrIUu1NqKikSIEiBS8%3D&=
amp;amp;reserved=3D0">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.g=
roups.io%2Fg%2Fdevel%2Fmessage%2F61590&amp;amp;data=3D02%7C01%7CBret.Barkel=
ew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f141af91a=
b2d7cd011db47%7C1%7C0%7C637292528098010318&amp;amp;sdata=3DXkVKxTN1iXFWsCvs=
gFYmCWO2JZrIUu1NqKikSIEiBS8%3D&amp;amp;reserved=3D0</a><br>
&gt; Mute This Topic: <a href=3D"https://nam06.safelinks.protection.outloo=
k.com/?url=3Dhttps%3A%2F%2Fgroups.io%2Fmt%2F75057699%2F1768738&amp;amp;data=
=
=3D02%7C01%7CBret.Barkelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8=
238%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;amp=
;sdata=3DrnMmHC3VAKP3h0X461RptcvVE79kmZdOV3j7N66gHkQ%3D&amp;amp;reserved=3D=
0">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgroups=
.io%2Fmt%2F75057699%2F1768738&amp;amp;data=3D02%7C01%7CBret.Barkelew%40micr=
osoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f141af91ab2d7cd011=
db47%7C1%7C0%7C637292528098010318&amp;amp;sdata=3DrnMmHC3VAKP3h0X461RptcvVE=
79kmZdOV3j7N66gHkQ%3D&amp;amp;reserved=3D0</a><br>
&gt; Group Owner: devel&#43;owner@edk2.groups.io<br>
&gt; Unsubscribe: <a href=3D"https://nam06.safelinks.protection.outlook.co=
m/?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;amp;data=3D02=
%7C01%7CBret.Barkelew%40microsoft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C=
72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637292528098010318&amp;amp;sdata=
=
=3D1VhBeVczCZ4xGGrq2aQFW4r1EtI7jebdgOX0EtFTTKc%3D&amp;amp;reserved=3D0">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.g=
roups.io%2Fg%2Fdevel%2Funsub&amp;amp;data=3D02%7C01%7CBret.Barkelew%40micro=
soft.com%7Cc2c1537a2d7f41247b0308d81e2d8238%7C72f988bf86f141af91ab2d7cd011d=
b47%7C1%7C0%7C637292528098010318&amp;amp;sdata=3D1VhBeVczCZ4xGGrq2aQFW4r1Et=
I7jebdgOX0EtFTTKc%3D&amp;amp;reserved=3D0</a>&nbsp;
 [dandan.bi@intel.com]<br>
&gt; -=3D-=3D-=3D-=3D-=3D-=3D<br>
<br>
<br>
<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_CY4PR21MB07434EF1E609BF461C4E6E49EF6D0CY4PR21MB0743namp_--