From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.98]) by mx.groups.io with SMTP id smtpd.web09.3288.1580803667309233170 for ; Tue, 04 Feb 2020 00:07:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=hoPA/V+F; spf=pass (domain: microsoft.com, ip: 40.107.244.98, mailfrom: bret.barkelew@microsoft.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=of2mNZbDg6/9blGo/MwhjCwjJ7EoH99EyG22i8LocpB6kxLEj2Pa+IUiMyZoDNsLqnwaz449ESb4eS/P7f1qBONisXBKTW59BXiDxqOphiqX1Q637DmpIMOZRmm8it+/685X3debS7ZVmm+GAvpdanrjjHeHEP+BEvSpqetBuQHcl+H8cZPpV348fw0NPIBG4qqmM7v3TF7gCDOQFkIQyXQAfMHNT3DfI/fS08W4x08hLxL8ojTy0rLCeIOKt9sgyrrylVtl1+3u5cuYa0P+cV0LbQTHrYW/s04bIjuKPJLv4wJ4MhfP7cy4yZHEvE8Fq9hkKkAGkAHQqqteep25CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OgS/8SXw2GOelQYcYVZoO3YVvKZmItCWAb85rmuH83k=; b=TvF99PhR/jYDnQAcuGnV/JPwhTtI4fyqRFSYT4wirtoK1OQsY2uXIH4ux218K6lW+Q0SIhY+cj+77P0YKFiuyyEZ+IDPv3rOtBqv0yo2Hu33vQQtwb5Su86h3FddL0HTWyOLz2P3DmSUldT6/OxXAgg1ITUyZjYTOS6jeuon7RKabxcmb21l7rtMc63z249kakVZ9XqOpxhxn6TMO9aDV7dhEd6RZdxsJE6Fl38bUxUm9HEk5bjYqhAEI8T462TX3qDeniQxoIPTlQVbYrBxKMZTA6fwGGsmCLxeZMxn+W0RJDgxFn9y5R6Uy/z/WbDWTMqRCmEHrp5w/hkEz82yjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OgS/8SXw2GOelQYcYVZoO3YVvKZmItCWAb85rmuH83k=; b=hoPA/V+FiGDMRrlzjbJqDCkoMISRMQKR0d7KhlCrqdEkhi65LBgoKCW4jFcG05nhjUA5Kiqmi2lPqNlLpL5NfQfShmcnddatTUXTa2XoxrqC90hmN8huJjEpfVj+yhAUv88wNNOSkzwRC642CtmewriyWVs9gUJCEpNuyYrwxX0= Received: from CY4PR21MB0743.namprd21.prod.outlook.com (10.173.189.9) by CY4PR21MB0856.namprd21.prod.outlook.com (10.173.192.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.6; Tue, 4 Feb 2020 08:07:37 +0000 Received: from CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::b13b:1c6b:befc:583c]) by CY4PR21MB0743.namprd21.prod.outlook.com ([fe80::b13b:1c6b:befc:583c%8]) with mapi id 15.20.2707.020; Tue, 4 Feb 2020 08:07:37 +0000 From: "Bret Barkelew" To: "devel@edk2.groups.io" , "rfc@edk2.groups.io" Subject: Re: [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative Thread-Topic: [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative Thread-Index: AQHV1ji67UKQxsv360e3bB8BQsJIDqgKtuRe Date: Tue, 4 Feb 2020 08:07:36 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-01-29T00:12:00.9680333Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bret.Barkelew@microsoft.com; x-originating-ip: [174.21.64.62] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 0ed3a68e-c369-4f14-1731-08d7a9494c1d x-ms-traffictypediagnostic: CY4PR21MB0856: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 03030B9493 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(4636009)(346002)(376002)(396003)(136003)(39860400002)(366004)(189003)(199004)(186003)(26005)(66446008)(66556008)(8936002)(66476007)(64756008)(53546011)(6506007)(2906002)(316002)(966005)(52536014)(7696005)(33656002)(110136005)(450100002)(478600001)(55016002)(8990500004)(10290500003)(76116006)(8676002)(86362001)(66946007)(81156014)(5660300002)(81166006)(9686003)(71200400001);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR21MB0856;H:CY4PR21MB0743.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Px1MNpNHwfKs+RdGv5NMMqna3tdCF76Br731jJXV6Ts6yJDBzTQdeFu1j2dO4b4htlesEfpGmdgi3YNWCAAzY6PyZ12OvRrxE1Z9jtPRDwmV9Bx85Tam+enNRsRmJqyXLaIbJrk/wDAIA30KGQyjnqyDSPQ2A6lCDxOAFwYY9Va3dYuzan+iJThjj9J+Sd7qIHHtQY3gJ90KjODvi1l5BX5XKyNvPIgfy+TI289+/P0ZTIWtYkQjvyOd6/cU9/LOexKNaxUu+wUPfW3lIllNBGRlBwSrrwn99akdfWJHf1I9dr8HbkE73UruVDlchy+Z4F7mh3fm3rP2Ig4VT1DNIMwxngKCoun7AQZaEF2EXZatu9E/MGaLaFJauPfbVmIJB0+dkpOhHhYJ6boL4wqC9mnWPimFxMJhBjFagG0ZUR9ELFVs99vHw+9Un0IJhuNQpQafMTecodmxSnVjHpDoW2QI/bHUYc61ssBB/xGimaroKaqKNEcC9baVfnTtsCQaAMff+mO20HIc4spNOh5IPg== x-ms-exchange-antispam-messagedata: HjF53fq1nC+NGMBVuuQ8pczhvWRFnj7qLlAx8lB8/FpxjbRLV4mHoW/buX1LRXMAZcqDHj/dBdE0duQZt7X3LbFUA1fqHsscZmnNLa9dCzC6RBjZbuxu+tr7Mqltxo07Kb6vW33McMn46GrtWsviLw== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0ed3a68e-c369-4f14-1731-08d7a9494c1d X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Feb 2020 08:07:36.9876 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ek2JdJPFToc5NqKNJzRvHsA5Oupp/K7d2006EypepVUxH/FNjAZDw++0WnVMk/rjMeYqegjtMFyVaIZ4eoptmQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0856 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0743AEB168EFF09EF1D22B72EF030CY4PR21MB0743namp_" --_000_CY4PR21MB0743AEB168EFF09EF1D22B72EF030CY4PR21MB0743namp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Expanding the audience beyond the RFC list=85. If no one has additional input, I=92ll try to start formatting these as pat= ches later this week. Thanks! - Bret From: Bret Barkelew Sent: Tuesday, January 28, 2020 5:36 PM To: rfc@edk2.groups.io Subject: [RFC] VariablePolicy - Protocol, Libraries, and Implementation for= VariableLock Alternative All, VariablePolicy is our proposal for an expanded =93VarLock-like=94 interface= to constrain and govern platform variables. I brought this up back in May to get initial comments on the interface and = implications of the interface and the approach. We implemented it in Mu ove= r the summer and it is not our defacto variable solution. It plugs in easil= y to the existing variable infrastructure, but does want to control some of= the things that are currently managed by VarLock. There are also some tweaks that would be needed if this were desired to be = 100% optional code, but that=92s no different than the current VarLock impl= ementation which has implementation code directly tied to some of the commo= n variable code. I=92ve structured this RFC in two pieces: * The Core piece represents the minimum changes needed to implement Var= iable Policy and integrate it into Variable Services. It contains core driv= er code, central libraries and headers, and DXE driver for the protocol int= erface. * The Extras piece contains recommended code for a full-feature impleme= ntation including a replacement for the VarLock protocol that enables exist= ing code to continue functioning as-is. It also contains unit and integrati= on tests. And as a bonus, it has a Rust implementation of the core business= logic for Variable Policy. The code can be found in the following two branches: https://github.com/corthon/edk2/tree/personal/brbarkel/var_policy_rfc_core https://github.com/corthon/edk2/tree/personal/brbarkel/var_policy_rfc_extra A convenient way to see all the changes in one place is to look at a compar= ison: https://github.com/corthon/edk2/compare/master...corthon:personal/brbarkel/= var_policy_rfc_core https://github.com/corthon/edk2/compare/personal/brbarkel/var_policy_rfc_co= re...corthon:personal/brbarkel/var_policy_rfc_extra There=92s additional documentation in the PPT and DOC files in the core bra= nch: https://github.com/corthon/edk2/blob/personal/brbarkel/var_policy_rfc_core/= RFC%20VariablePolicy%20Proposal%20Presentation.pptx https://github.com/cort= hon/edk2/blob/personal/brbarkel/var_policy_rfc_core/RFC%20VariablePolicy%20= Whitepaper.docx (You=92d need to download those to view.) My ultimate intention for this is to submit it as a series of patches for a= cceptance into EDK2 as a replacement for VarLock. For now, I=92m just looki= ng for initial feedback on any broad changes that might be needed to get th= is into shape for more detailed code review on the devel list. Thanks! - Bret --_000_CY4PR21MB0743AEB168EFF09EF1D22B72EF030CY4PR21MB0743namp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Expanding the audience beyond the RFC list=85.

If no one has additional input, I=92ll try to start = formatting these as patches later this week. Thanks!

 

- Bret

 

From: Bret Barkelew
Sent: Tuesday, January 28, 2020 5:36 PM
To: rfc@edk2.groups.io
Subject: [RFC] VariablePolicy - Protocol, Libraries, and Implementat= ion for VariableLock Alternative

 

All,

 

VariablePolicy is our proposal for an expanded =93Va= rLock-like=94 interface to constrain and govern platform variables.

I brought this up back in May to get initial comment= s on the interface and implications of the interface and the approach. We i= mplemented it in Mu over the summer and it is not our defacto variable solu= tion. It plugs in easily to the existing variable infrastructure, but does want to control some of the things that = are currently managed by VarLock.

 

There are also some tweaks that would be needed if t= his were desired to be 100% optional code, but that=92s no different than t= he current VarLock implementation which has implementation code directly ti= ed to some of the common variable code.

 

I=92ve structured this RFC in two pieces:=

  • The Core piece represents the minimum changes needed to implement Var= iable Policy and integrate it into Variable Services. It contains core driv= er code, central libraries and headers, and DXE driver for the protocol interface.
  • The Extras= piece contains recommended code for a full-feature implementation includin= g a replacement for the VarLock protocol that enables existing code to cont= inue functioning as-is. It also contains unit and integration tests. And as a bonus, it has a Rust= implementation of the core business logic for Variable Policy.<= /li>

 

The code can be found in the following two branches:=

https://github.com/corthon/edk2/tree/per= sonal/brbarkel/var_policy_rfc_core

https://github.com/corthon/edk2/tree/pe= rsonal/brbarkel/var_policy_rfc_extra

 

A convenient way to see all the changes in one place= is to look at a comparison:

https://github.com/c= orthon/edk2/compare/master...corthon:personal/brbarkel/var_policy_rfc_core<= /a>

https://github.com/corthon/edk2/compare/personal/brbarkel/var_p= olicy_rfc_core...corthon:personal/brbarkel/var_policy_rfc_extra

 

There=92s additional documentation in the PPT and DO= C files in the core branch:

https://github.com/corthon/edk2/blob/personal/brbarkel/var_poli= cy_rfc_core/RFC%20VariablePolicy%20Proposal%20Presentation.pptx https://github.com/corthon/edk2/blob/personal/brbarkel/var_policy_rfc_core/= RFC%20VariablePolicy%20Whitepaper.docx

(You=92d need to download those to view.)=

 

My ultimate intention for this is to submit it as a = series of patches for acceptance into EDK2 as a replacement for VarLock. Fo= r now, I=92m just looking for initial feedback on any broad changes that mi= ght be needed to get this into shape for more detailed code review on the devel list.

 

Thanks!

 

- Bret

 

 

--_000_CY4PR21MB0743AEB168EFF09EF1D22B72EF030CY4PR21MB0743namp_--