From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.111])
 by mx.groups.io with SMTP id smtpd.web11.8619.1589383546085947234
 for <devel@edk2.groups.io>;
 Wed, 13 May 2020 08:25:46 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@microsoft.com header.s=selector2 header.b=ZSXS6VIl;
 spf=pass (domain: microsoft.com, ip: 40.107.244.111, mailfrom: bret.barkelew@microsoft.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ejVo/5L4eUbo32mfkrh+QsSh9/VIBvo0LurKUjTqWCjCJ1OzH2QrcsDds6JI0bH/kiVr1kZLTE3tCMGJ4VP7ZCMUIj0NVBJdr5MZiRfeV8zj6BRMthH43Kad959Bqtf/umFzdvVe9mrDEtITY2Q3LvBR8kywwrxOUK67DE5pPr4bX7aA365zCgAvfpSpWoaXZaeD7VHCGoNY13M2cKzR9m24QZsNLUJFBEh2DUY5dA4yyUhmf3iAQGKDPKvpBTHIvO5eXOq7J7Gv+67XLkZWWxMACkBZDR03hTYRNWolF5LUAuAiZ/3dnJCFvc3q4ZKklT8xSOuNzHe4U12NzHr0Lg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=7EhILGUgNzHn1mFn/hNlJfziE8z91nTQx+xYb5rF2RY=;
 b=M2SZ2UMI4PNxfpQO6/hzAcLNASaOqJFrElRw+j8SmJnGsxm82XRQdweQ1k4PDZJkBDYz6frqo+Kn6l1DdU+75R0fNyaG556njoPQRIz9yRsGzlZFU/F38XxdKpw9hwL0VlSlMrZ6CoZY2RvJT49kXYq3s6/at9PHsktHwFUXBtEbUe99aye2j2qVkAnJMUOnr48r5ZgbCtbaRsh5qlXjVr3Cw+/NHKYzT0+9PjzacsB3coKHoWboapr6wvD+7xzGCquqS2gbGx0B42eLLPQWDcuARRy4eQUcHYWwHMW21j7qHqedI3WP4RLuFcUMnaWElYTt7mRz2LRs31ZanbsbnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=microsoft.com; dmarc=pass action=none
 header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=7EhILGUgNzHn1mFn/hNlJfziE8z91nTQx+xYb5rF2RY=;
 b=ZSXS6VIlnJTqy50bG4jSOA5g8Z4SxH+j8PnJ15ao4RHcSd7WdJfyubcaIoFkP+9i3Fj0rUIa9I3fnmJLy4EztaqkodgCzi52gwO7X6hcjbWR96hys9k4ptnYtpNgFLZVQ3zw5byvRnUOWsqVAjWY0t43/Z3JIumNe5BkWAvExRg=
Received: from CY4PR21MB0743.namprd21.prod.outlook.com (2603:10b6:903:b2::9)
 by CY4PR21MB0821.namprd21.prod.outlook.com (2603:10b6:903:b8::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.4; Wed, 13 May
 2020 15:25:44 +0000
Received: from CY4PR21MB0743.namprd21.prod.outlook.com
 ([fe80::9918:8742:bbe7:84e8]) by CY4PR21MB0743.namprd21.prod.outlook.com
 ([fe80::9918:8742:bbe7:84e8%14]) with mapi id 15.20.3021.002; Wed, 13 May
 2020 15:25:44 +0000
From: "Bret Barkelew" <bret.barkelew@microsoft.com>
To: "Ma, Maurice" <maurice.ma@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Dong, Guo" <guo.dong@intel.com>, "You, Benjamin" <benjamin.you@intel.com>
Subject: Re: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the VariablePolicy feature
Thread-Topic: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the
 VariablePolicy feature
Thread-Index: AQHWKFPnp5FwvW9nLU6cZwHLfduP/qilexjigACnqgCAAAIOTw==
Date: Wed, 13 May 2020 15:25:43 +0000
Message-ID: 
 <CY4PR21MB0743B7D4506CD9A1DA41E836EFBF0@CY4PR21MB0743.namprd21.prod.outlook.com>
References: 
 <MWHPR07MB3440F5CB92F0D7DCF94AA14FE9BE0@MWHPR07MB3440.namprd07.prod.outlook.com>,<11a89bca-ea96-9ba0-2177-e995b98e6943@redhat.com>
 <CY4PR21MB0743A3D89C9BE5668345C254EFBF0@CY4PR21MB0743.namprd21.prod.outlook.com>,<DM6PR11MB2793A9AE0351BAE108FD7CDE89BF0@DM6PR11MB2793.namprd11.prod.outlook.com>
In-Reply-To: 
 <DM6PR11MB2793A9AE0351BAE108FD7CDE89BF0@DM6PR11MB2793.namprd11.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: 
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-05-13T05:18:02.4299761Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [71.212.135.200]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: cda33dc5-389a-4849-771b-08d7f751e76a
x-ms-traffictypediagnostic: CY4PR21MB0821:
x-microsoft-antispam-prvs: 
 <CY4PR21MB082194599BEE5AD3B3CBAB7CEFBF0@CY4PR21MB0821.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0402872DA1
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 Wxrd9hHq9SPRIu1oidxvQEAk4qJtirA/Vc35hEQi3Jrv+X0iJChcQH40vcrBRsREv1M1S8Ru7/2Q8imk+ckp+pgFdEKcrXrRJEi1V/Gi/nfYPt3z3n38UwGEqlr89hyOH63L2viCldbi5cJfe1oo9gNJSXR3GOZOMnskhfjolM/I8SHj3WM9joKhmUjSGHayGYQqdZSShBuqulQPAWIiOe1HdpjP1cNQHdlbED6KTAHnqK/geKdF8Ju4OL3WjRoX2bTBZqPxAOSsnIO2gLDy47jKZcYokau6vM6XDo770c2GUfOIeSdkJob9hjMkDWtBqA4Oe8LFMuCTuFcUAmx4Er2YwXAe7C1SUgmS1OLrRMdxMP7Xz25NpUTcL6e4PKdqFsqKYCI+KLXtn3B1Mr3KS2fYsGkhgAf8HzbMj2usnfDKSOSInzPtSYNsElyPTB1c6W6mMvODhB9vP3QD0F1PahsYbk4xbc/SkCaBDFQUta7taQ7G2+2u4SB/KU4vRQtthVGubBNnyjp2ysSjvN4mnP8462I0r6fwhCU5wV/nL9trZCjLfeP6489hGzlI8Vs4BwEPuv3Tncc7Zu00u0R1Wv9N1kDzOM23Dyn1vZG5ZGc=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR21MB0743.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(346002)(376002)(396003)(39860400002)(366004)(33430700001)(966005)(110136005)(76236002)(76116006)(8990500004)(4326008)(2906002)(316002)(30864003)(66946007)(66476007)(64756008)(166002)(33440700001)(55016002)(66556008)(66446008)(91956017)(8936002)(8676002)(478600001)(6506007)(26005)(82960400001)(186003)(10290500003)(9686003)(71200400001)(86362001)(54906003)(19627235002)(7696005)(52536014)(53546011)(82950400001)(5660300002)(33656002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: 
 2z77loX/RbG4/DAsAUZt/uSI2kkhyOCHs5zxXM9IfH3+mL3psSQocmEHuwWNBUMZuPP9n4D/VUfHBXpG6peWHHHhoCHk65UXb12Z5WYa74vLqlbAFEmuqIYf176CM87RrkYUOE9JbQ2+xH0hh3sgNd89q4BbzA2NxB/r11PsyJP285T3xNwzhatCw9IzCWIpoZGc2gIIVBUSHphf77E3PB8G+TjNGjYFw9dAfBaAAXrIrZqtyZr2IVryaDwzbkHnt1pW6LJuAB12Usvm4K0XAAvjANEB6v22pnp7SF3ya+uB58KVGpqKYDPVjhDdpP2uXyG6XPNP/9mQs4vn1n+ucQLIhluMegyI6I22ru3Sc8wWIDn2OcVfX9fmkdS1MANTP3k9QhoWWqFDgFPqZYbNApUzUa3UziUlWq+qnSxtq3MKGSCYySr6IFkndwth4y9Qrei4WvNT5DNUld9jVtXyv5FZDsIEbObZweadrD/cI4P3xooT784wrogTufhle6CK
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cda33dc5-389a-4849-771b-08d7f751e76a
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 May 2020 15:25:43.9891
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O4MUEb9uco/X4sETlHpVYZIwk6XWmkiHyaDd6sX8CsqSS17UCVpWM/HE3v7j7fVXHZptNoZbR94S0LPASMF/GQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0821
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_CY4PR21MB0743B7D4506CD9A1DA41E836EFBF0CY4PR21MB0743namp_"

--_000_CY4PR21MB0743B7D4506CD9A1DA41E836EFBF0CY4PR21MB0743namp_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Sure. Thanks.

- Bret

________________________________
From: Ma, Maurice <maurice.ma@intel.com>
Sent: Wednesday, May 13, 2020 8:18:08 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>; Bret Barkelew <Bret.Barke=
lew@microsoft.com>
Cc: Dong, Guo <guo.dong@intel.com>; You, Benjamin <benjamin.you@intel.com>
Subject: RE: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the Variable=
Policy feature


Hi, Bret



For UefiPayloadPkg, could you please provide a patch for it ?



Thanks

Maurice



From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret Barkel=
ew via groups.io
Sent: Tuesday, May 12, 2020 22:19
To: devel@edk2.groups.io; lersek@redhat.com; michael.kubacki@outlook.com
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.=
com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;=
 Gao, Liming <liming.gao@intel.com>; Justen, Jordan L <jordan.l.justen@inte=
l.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>; Andrew Fish <afish@apple.c=
om>; Ni, Ray <ray.ni@intel.com>; Anthony Perard <anthony.perard@citrix.com>=
; Julien Grall <julien@xen.org>; Ma, Maurice <maurice.ma@intel.com>; Dong, =
Guo <guo.dong@intel.com>; You, Benjamin <benjamin.you@intel.com>
Subject: Re: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the Variable=
Policy feature



=93Not sure about the UefiPayloadPkg platforms; please ask their maintaine=
rs.=94



UefiPayloadPkg maintainers: what say you? ??



- Bret



________________________________

From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups=
.io<mailto:devel@edk2.groups.io>> on behalf of Laszlo Ersek via groups.io <=
lersek=3Dredhat.com@groups.io<mailto:lersek=3Dredhat.com@groups.io>>
Sent: Tuesday, May 12, 2020 4:52:52 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.i=
o<mailto:devel@edk2.groups.io>>; michael.kubacki@outlook.com<mailto:michael=
.kubacki@outlook.com> <michael.kubacki@outlook.com<mailto:michael.kubacki@o=
utlook.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Chao =
Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>; Jian J Wang =
<jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Hao A Wu <hao.a.wu@i=
ntel.com<mailto:hao.a.wu@intel.com>>; liming.gao <liming.gao@intel.com<mail=
to:liming.gao@intel.com>>; Jordan Justen <jordan.l.justen@intel.com<mailto:=
jordan.l.justen@intel.com>>; Ard Biesheuvel <ard.biesheuvel@arm.com<mailto:=
ard.biesheuvel@arm.com>>; Andrew Fish <afish@apple.com<mailto:afish@apple.c=
om>>; Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; Anthony Perard <=
anthony.perard@citrix.com<mailto:anthony.perard@citrix.com>>; Julien Grall =
<julien@xen.org<mailto:julien@xen.org>>; Maurice Ma <maurice.ma@intel.com<m=
ailto:maurice.ma@intel.com>>; Guo Dong <guo.dong@intel.com<mailto:guo.dong@=
intel.com>>; Benjamin You <benjamin.you@intel.com<mailto:benjamin.you@intel=
.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the VariablePoli=
cy feature



On 05/12/20 08:46, Michael Kubacki wrote:
> From: Michael Kubacki <michael.kubacki@microsoft.com<mailto:michael.kuba=
cki@microsoft.com>>
>
> REF:https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F=
bugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;data=3D02%7C01%7Cbret=
.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f1=
41af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;sdata=3DGlpxfE6%2FzZR=
01KXRvOoaXQTQEG%2F3TNuaZxJ6C1fl6LI%3D&amp;reserved=3D0
>
> The 12 patches in this series add the VariablePolicy feature to the core=
,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding librar=
ies,
> a protocol, an SMI communication handler, and VariableServices integrati=
on,
> the patches are broken up by individual library additions and then a fin=
al
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
> https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgith=
ub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol--=
-Enhanced-Method-for-Managing-Variables%23platform-porting&amp;data=3D02%7C=
01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f=
988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;sdata=3Do%2F=
raXnHgx4RMreIkSFSONm8He0CzM7ZTXoV8loOrxe0%3D&amp;reserved=3D0<https://nam06=
.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Ftianoco=
re%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method=
-for-Managing-Variables%23platform-porting&data=3D02%7C01%7Cbret.barkelew%4=
0microsoft.com%7Ca163d58b5f994a077c6708d7f750ebc2%7C72f988bf86f141af91ab2d7=
cd011db47%7C1%7C0%7C637249799249542967&sdata=3DC0rFRlAdXA9V1C2ItbnXUqP4T4%2=
BDA1z2EHS%2BFXmDot0%3D&reserved=3D0>

(1) This wiki article is helpful, thanks.

I have one remark: there's a heading saying "VarCheckPolicyLib NULL
Instance":

https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub=
.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---E=
nhanced-Method-for-Managing-Variables%23varcheckpolicylib-null-instance&amp=
;data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f=
66b0927%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp=
;sdata=3D4qTYEB6%2F3uJnLZ9MjRHODQGaaPq6zZEp7bFlCXEP7gI%3D&amp;reserved=3D0<=
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.=
com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---En=
hanced-Method-for-Managing-Variables%23varcheckpolicylib-null-instance&data=
=
=3D02%7C01%7Cbret.barkelew%40microsoft.com%7Ca163d58b5f994a077c6708d7f750e=
bc2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637249799249552957&sdata=
=3DQmLmlnrWR4FBWrA7Kz%2BlQXph%2FvLpQxIPxi5uZPoES%2Bo%3D&reserved=3D0>

I think what's meant is "NULL class", not "NULL instance".

(2) The following platform DSC files in edk2 include the non-SMM
variable driver
("MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf"),
but they are not modified by this patch series:

ArmVirtPkg/ArmVirtQemu.dsc
ArmVirtPkg/ArmVirtQemuKernel.dsc
ArmVirtPkg/ArmVirtXen.dsc
OvmfPkg/OvmfXen.dsc
UefiPayloadPkg/UefiPayloadPkgIa32.dsc
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc

I'm asking that you please (a) include a patch for ArmVirtPkg, (b)
update the OvmfPkg patch to cover "OvmfXen.dsc" too.

Not sure about the UefiPayloadPkg platforms; please ask their maintainers.

(I've CC'd the OvmfXen and UefiPayloadPkg maintainers/reviewers.)

Thanks,
Laszlo

>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2=
.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;data=3D02%7C01%7Cbret.barkelew=
%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f141af91ab2=
d7cd011db47%7C1%7C0%7C637248811886938531&amp;sdata=3D%2FFmQMtE%2Ffrl6UxNdY9=
4mvckwrXVUJySJ%2BWFSSQp8nCk%3D&amp;reserved=3D0<https://nam06.safelinks.pro=
tection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessa=
ge%2F53712&data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7Ca163d58b5f994a0=
77c6708d7f750ebc2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637249799249=
552957&sdata=3DzivivsvT91knKsCrZRctVI%2BwlR%2FEaH6sTZkpSp1iM8E%3D&reserved=
=3D0>
> (the code branches shared in that discussion are now out of date, but th=
e
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
> Cc: Liming Gao <liming.gao@intel.com<mailto:liming.gao@intel.com>>
> Cc: Jordan Justen <jordan.l.justen@intel.com<mailto:jordan.l.justen@inte=
l.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com<mailto:ard.biesheuvel@arm.com=
>>
> Cc: Andrew Fish <afish@apple.com<mailto:afish@apple.com>>
> Cc: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com<mailto:mic=
hael.kubacki@microsoft.com>>
>
> Changes since v1:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (12):
>   MdeModulePkg: Define the VariablePolicy protocol interface
>   MdeModulePkg: Define the VariablePolicyLib
>   MdeModulePkg: Define the VariablePolicyHelperLib
>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>   MdeModulePkg: Connect VariablePolicy business logic to
>     VariableServices
>   MdeModulePkg: Allow VariablePolicy state to delete protected variables
>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>     variables
>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>   MdeModulePkg: Add a shell-based functional test for VariablePolicy
>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c             =
                  |  318 +++
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c =
                  |  396 ++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c   =
                  |   46 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx=
e.c               |   85 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c             =
                  |  806 +++++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariableP=
olicyUnitTest.c   | 2285 ++++++++++++++++++++
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFun=
cTestApp.c        | 1942 +++++++++++++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c             =
                  |   52 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c             =
                  |   60 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c                  =
                  |   49 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c               =
                  |   53 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c  =
                  |   71 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c      =
                  |  653 ++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c     =
                  |   14 +
>  SecurityPkg/Library/AuthVariableLib/AuthService.c                      =
                  |   22 +-
>  EmulatorPkg/EmulatorPkg.dsc                                            =
                  |    6 +
>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h                          =
                  |   54 +
>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h                 =
                  |  164 ++
>  MdeModulePkg/Include/Library/VariablePolicyLib.h                       =
                  |  207 ++
>  MdeModulePkg/Include/Protocol/VariablePolicy.h                         =
                  |  157 ++
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf           =
                  |   44 +
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni           =
                  |   12 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in=
f                 |   36 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un=
i                 |   12 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf           =
                  |   44 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni           =
                  |   12 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf =
                  |   52 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariableP=
olicyUnitTest.inf |   41 +
>  MdeModulePkg/MdeModulePkg.ci.yaml                                      =
                  |    4 +-
>  MdeModulePkg/MdeModulePkg.dec                                          =
                  |   26 +-
>  MdeModulePkg/MdeModulePkg.dsc                                          =
                  |   15 +
>  MdeModulePkg/Test/MdeModulePkgHostTest.dsc                             =
                  |   11 +
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md        =
                  |   55 +
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFun=
cTestApp.inf      |   42 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf      =
                  |    5 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf             =
                  |    4 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf   =
                  |   12 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf    =
                  |    4 +
>  OvmfPkg/OvmfPkgIa32.dsc                                                =
                  |    8 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                                             =
                  |    8 +
>  OvmfPkg/OvmfPkgX64.dsc                                                 =
                  |    8 +
>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf                =
                  |    2 +
>  42 files changed, 7819 insertions(+), 78 deletions(-)
>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolic=
yLib.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/Variabl=
ePolicyHelperLib.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yExtraInitNull.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yExtraInitRuntimeDxe.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLib.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yUnitTest/VariablePolicyUnitTest.c
>  create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestAp=
p/VariablePolicyFuncTestApp.c
>  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableL=
ockRequstToLock.c
>  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableP=
olicySmmDxe.c
>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib=
.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolic=
yLib.inf
>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolic=
yLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/Variabl=
ePolicyHelperLib.inf
>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/Variabl=
ePolicyHelperLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLib.inf
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLibRuntimeDxe.inf
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yUnitTest/VariablePolicyUnitTest.inf
>  create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestAp=
p/Readme.md
>  create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestAp=
p/VariablePolicyFuncTestApp.inf
>






--_000_CY4PR21MB0743B7D4506CD9A1DA41E836EFBF0CY4PR21MB0743namp_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=
fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-=
1252">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:DengXian;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@DengXian";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Sure. Thanks.</p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">- Bret</p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" s=
tyle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> Ma, Maurice &lt;maur=
ice.ma@intel.com&gt;<br>
<b>Sent:</b> Wednesday, May 13, 2020 8:18:08 AM<br>
<b>To:</b> devel@edk2.groups.io &lt;devel@edk2.groups.io&gt;; Bret Barkele=
w &lt;Bret.Barkelew@microsoft.com&gt;<br>
<b>Cc:</b> Dong, Guo &lt;guo.dong@intel.com&gt;; You, Benjamin &lt;benjami=
n.you@intel.com&gt;<br>
<b>Subject:</b> RE: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the V=
ariablePolicy feature</font>
<div>&nbsp;</div>
</div>
<style>
<!--
@font-face
	{font-family:SimSun}
@font-face
	{font-family:"Cambria Math"}
@font-face
	{font-family:Calibri}
@font-face
	{font-family:"Segoe UI Emoji"}
@font-face
	{}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif}
a:link, span.x_MsoHyperlink
	{color:blue;
	text-decoration:underline}
a:visited, span.x_MsoHyperlinkFollowed
	{color:#954F72;
	text-decoration:underline}
p.x_msonormal0, li.x_msonormal0, div.x_msonormal0
	{margin-right:0in;
	margin-left:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif}
span.x_EmailStyle20
	{font-family:"Calibri",sans-serif;
	color:windowtext}
.x_MsoChpDefault
	{font-size:10.0pt}
@page WordSection1
	{margin:1.0in 1.0in 1.0in 1.0in}
div.x_WordSection1
	{}
-->
</style>
<div lang=3D"EN-US" link=3D"blue" vlink=3D"#954F72">
<div class=3D"x_WordSection1">
<p class=3D"x_MsoNormal">Hi, Bret</p>
<p class=3D"x_MsoNormal">&nbsp;</p>
<p class=3D"x_MsoNormal">For UefiPayloadPkg, could you please provide a pa=
tch for it ?</p>
<p class=3D"x_MsoNormal">&nbsp;</p>
<p class=3D"x_MsoNormal">Thanks</p>
<p class=3D"x_MsoNormal">Maurice</p>
<p class=3D"x_MsoNormal">&nbsp;</p>
<div>
<div style=3D"border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0=
in 0in 0in">
<p class=3D"x_MsoNormal"><b>From:</b> devel@edk2.groups.io &lt;devel@edk2.=
groups.io&gt; <b>
On Behalf Of </b>Bret Barkelew via groups.io<br>
<b>Sent:</b> Tuesday, May 12, 2020 22:19<br>
<b>To:</b> devel@edk2.groups.io; lersek@redhat.com; michael.kubacki@outloo=
k.com<br>
<b>Cc:</b> Yao, Jiewen &lt;jiewen.yao@intel.com&gt;; Zhang, Chao B &lt;cha=
o.b.zhang@intel.com&gt;; Wang, Jian J &lt;jian.j.wang@intel.com&gt;; Wu, Ha=
o A &lt;hao.a.wu@intel.com&gt;; Gao, Liming &lt;liming.gao@intel.com&gt;; J=
usten, Jordan L &lt;jordan.l.justen@intel.com&gt;; Ard Biesheuvel &lt;ard.b=
iesheuvel@arm.com&gt;;
 Andrew Fish &lt;afish@apple.com&gt;; Ni, Ray &lt;ray.ni@intel.com&gt;; An=
thony Perard &lt;anthony.perard@citrix.com&gt;; Julien Grall &lt;julien@xen=
.org&gt;; Ma, Maurice &lt;maurice.ma@intel.com&gt;; Dong, Guo &lt;guo.dong@=
intel.com&gt;; You, Benjamin &lt;benjamin.you@intel.com&gt;<br>
<b>Subject:</b> Re: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the V=
ariablePolicy feature</p>
</div>
</div>
<p class=3D"x_MsoNormal">&nbsp;</p>
<p class=3D"x_MsoNormal">=93Not sure about the UefiPayloadPkg platforms; p=
lease ask their maintainers.=94</p>
<p class=3D"x_MsoNormal">&nbsp;</p>
<p class=3D"x_MsoNormal">UefiPayloadPkg maintainers: what say you? <span s=
tyle=3D"font-family:&quot;Segoe UI Emoji&quot;,sans-serif">
&#128521;</span></p>
<p class=3D"x_MsoNormal">&nbsp;</p>
<p class=3D"x_MsoNormal">- Bret</p>
<p class=3D"x_MsoNormal">&nbsp;</p>
<div class=3D"x_MsoNormal" align=3D"center" style=3D"text-align:center">
<hr size=3D"2" width=3D"98%" align=3D"center">
</div>
<div id=3D"x_divRplyFwdMsg">
<p class=3D"x_MsoNormal"><b><span style=3D"color:black">From:</span></b><s=
pan style=3D"color:black">
<a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a> &lt;<a hr=
ef=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a>&gt; on behalf o=
f Laszlo Ersek via groups.io &lt;<a href=3D"mailto:lersek=3Dredhat.com@grou=
ps.io">lersek=3Dredhat.com@groups.io</a>&gt;<br>
<b>Sent:</b> Tuesday, May 12, 2020 4:52:52 AM<br>
<b>To:</b> <a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a=
> &lt;<a href=3D"mailto:devel@edk2.groups.io">devel@edk2.groups.io</a>&gt;;
<a href=3D"mailto:michael.kubacki@outlook.com">michael.kubacki@outlook.com=
</a> &lt;<a href=3D"mailto:michael.kubacki@outlook.com">michael.kubacki@out=
look.com</a>&gt;<br>
<b>Cc:</b> Yao, Jiewen &lt;<a href=3D"mailto:jiewen.yao@intel.com">jiewen.=
yao@intel.com</a>&gt;; Chao Zhang &lt;<a href=3D"mailto:chao.b.zhang@intel.=
com">chao.b.zhang@intel.com</a>&gt;; Jian J Wang &lt;<a href=3D"mailto:jian=
.j.wang@intel.com">jian.j.wang@intel.com</a>&gt;; Hao A Wu
 &lt;<a href=3D"mailto:hao.a.wu@intel.com">hao.a.wu@intel.com</a>&gt;; lim=
ing.gao &lt;<a href=3D"mailto:liming.gao@intel.com">liming.gao@intel.com</a=
>&gt;; Jordan Justen &lt;<a href=3D"mailto:jordan.l.justen@intel.com">jorda=
n.l.justen@intel.com</a>&gt;; Ard Biesheuvel &lt;<a href=3D"mailto:ard.bies=
heuvel@arm.com">ard.biesheuvel@arm.com</a>&gt;;
 Andrew Fish &lt;<a href=3D"mailto:afish@apple.com">afish@apple.com</a>&gt=
;; Ni, Ray &lt;<a href=3D"mailto:ray.ni@intel.com">ray.ni@intel.com</a>&gt;=
; Anthony Perard &lt;<a href=3D"mailto:anthony.perard@citrix.com">anthony.p=
erard@citrix.com</a>&gt;; Julien Grall &lt;<a href=3D"mailto:julien@xen.org=
">julien@xen.org</a>&gt;;
 Maurice Ma &lt;<a href=3D"mailto:maurice.ma@intel.com">maurice.ma@intel.c=
om</a>&gt;; Guo Dong &lt;<a href=3D"mailto:guo.dong@intel.com">guo.dong@int=
el.com</a>&gt;; Benjamin You &lt;<a href=3D"mailto:benjamin.you@intel.com">=
benjamin.you@intel.com</a>&gt;<br>
<b>Subject:</b> [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the Varia=
blePolicy feature</span>
</p>
<div>
<p class=3D"x_MsoNormal">&nbsp;</p>
</div>
</div>
<div>
<div>
<p class=3D"x_MsoNormal" style=3D"margin-bottom:12.0pt">On 05/12/20 08:46,=
 Michael Kubacki wrote:<br>
&gt; From: Michael Kubacki &lt;<a href=3D"mailto:michael.kubacki@microsoft=
.com">michael.kubacki@microsoft.com</a>&gt;<br>
&gt; <br>
&gt; REF:https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;amp;data=3D02%7C01=
%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f98=
8bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;amp;sdata=3DGl=
pxfE6%2FzZR01KXRvOoaXQTQEG%2F3TNuaZxJ6C1fl6LI%3D&amp;amp;reserved=3D0<br>
&gt; <br>
&gt; The 12 patches in this series add the VariablePolicy feature to the c=
ore,<br>
&gt; deprecate Edk2VarLock (while adding a compatibility layer to reduce c=
ode<br>
&gt; churn), and integrate the VariablePolicy libraries and protocols into=
<br>
&gt; Variable Services.<br>
&gt; <br>
&gt; Since the integration requires multiple changes, including adding lib=
raries,<br>
&gt; a protocol, an SMI communication handler, and VariableServices integr=
ation,<br>
&gt; the patches are broken up by individual library additions and then a =
final<br>
&gt; integration. Security-sensitive changes like bypassing Authenticated<=
br>
&gt; Variable enforcement are also broken out into individual patches so t=
hat<br>
&gt; attention can be called directly to them.<br>
&gt; <br>
&gt; Platform porting instructions are described in this wiki entry:<br>
&gt; <a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttp=
s%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePol=
icy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&am=
p;data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7Ca163d58b5f994a077c6708d7=
f750ebc2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637249799249542967&am=
p;sdata=3DC0rFRlAdXA9V1C2ItbnXUqP4T4%2BDA1z2EHS%2BFXmDot0%3D&amp;reserved=
=3D0" originalsrc=3D"https://github.com/tianocore/tianocore.github.io/wiki=
/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-=
porting" shash=3D"Rb8jzvly5958NhuGCE9OcANHN3SKH5esifJSVRcCCuzYYlMbdCN1tV8XW=
rRxRqvwer8GDdAokkYHgw9/fY35Dnb2hdc&#43;9136IfsdM4zX8k9fM&#43;57COJk/dOwjhIo=
AG4MOPRcnLvQ12yB/Ow2ph7E8QNLCFtSl08p3OemZElZeGI=3D">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub=
.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---E=
nhanced-Method-for-Managing-Variables%23platform-porting&amp;amp;data=3D02%=
7C01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C7=
2f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;amp;sdata=
=3Do%2FraXnHgx4RMreIkSFSONm8He0CzM7ZTXoV8loOrxe0%3D&amp;amp;reserved=3D0</=
a><br>
<br>
(1) This wiki article is helpful, thanks.<br>
<br>
I have one remark: there's a heading saying &quot;VarCheckPolicyLib NULL<b=
r>
Instance&quot;:<br>
<br>
<a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%=
2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-P=
rotocol---Enhanced-Method-for-Managing-Variables%23varcheckpolicylib-null-i=
nstance&amp;data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7Ca163d58b5f994a=
077c6708d7f750ebc2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63724979924=
9552957&amp;sdata=3DQmLmlnrWR4FBWrA7Kz%2BlQXph%2FvLpQxIPxi5uZPoES%2Bo%3D&am=
p;reserved=3D0" originalsrc=3D"https://github.com/tianocore/tianocore.githu=
b.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#=
varcheckpolicylib-null-instance" shash=3D"Q9qiqURCqHXIovj4pVIa64vPZAPqmBXvl=
0i4gTn/5E9JoM9ST1YltAAZKjQLJjQygZC/qalGJxfA/8WgEzXNFiLO7jtJNnlJgsUC86dPP1br=
/Vo0XW0HmItaEzHB7JpcpIiIbEEZGEbToRZZJGEr25sqIBAhzOE9eLCAtIUqZSU=3D">https:/=
/nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Ft=
ianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-=
Method-for-Managing-Variables%23varcheckpolicylib-null-instance&amp;amp;dat=
a=3D02%7C01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0=
927%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;amp=
;sdata=3D4qTYEB6%2F3uJnLZ9MjRHODQGaaPq6zZEp7bFlCXEP7gI%3D&amp;amp;reserved=
=3D0</a><br>
<br>
I think what's meant is &quot;NULL class&quot;, not &quot;NULL instance&qu=
ot;.<br>
<br>
(2) The following platform DSC files in edk2 include the non-SMM<br>
variable driver<br>
(&quot;MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf&q=
uot;),<br>
but they are not modified by this patch series:<br>
<br>
ArmVirtPkg/ArmVirtQemu.dsc<br>
ArmVirtPkg/ArmVirtQemuKernel.dsc<br>
ArmVirtPkg/ArmVirtXen.dsc<br>
OvmfPkg/OvmfXen.dsc<br>
UefiPayloadPkg/UefiPayloadPkgIa32.dsc<br>
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc<br>
<br>
I'm asking that you please (a) include a patch for ArmVirtPkg, (b)<br>
update the OvmfPkg patch to cover &quot;OvmfXen.dsc&quot; too.<br>
<br>
Not sure about the UefiPayloadPkg platforms; please ask their maintainers.=
<br>
<br>
(I've CC'd the OvmfXen and UefiPayloadPkg maintainers/reviewers.)<br>
<br>
Thanks,<br>
Laszlo<br>
<br>
&gt; <br>
&gt; Discussion of the feature can be found in multiple places throughout<=
br>
&gt; the last year on the RFC channel, staging branches, and in devel.<br>
&gt; <br>
&gt; Most recently, this subject was discussed in this thread:<br>
&gt; <a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttp=
s%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;data=3D02%7C01%7=
Cbret.barkelew%40microsoft.com%7Ca163d58b5f994a077c6708d7f750ebc2%7C72f988b=
f86f141af91ab2d7cd011db47%7C1%7C0%7C637249799249552957&amp;sdata=3DzivivsvT=
91knKsCrZRctVI%2BwlR%2FEaH6sTZkpSp1iM8E%3D&amp;reserved=3D0" originalsrc=3D=
"https://edk2.groups.io/g/devel/message/53712" shash=3D"e2WPnFl/6Iksr35kvzK=
iR&#43;ironIKkupZlc5VtwLRF4vRHXnafJq5tAIRHPcOr0NQQJVUjk6wYBzHSCR/grhJAKWn/K=
EJr8azynen0sNtPE8abyNUrmGvLea8Jc/GVRGJQtlbWCaaBeXax5qxufxrAH6odEYDvMO&#43;Q=
ipKB3&#43;LIos=3D">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.g=
roups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;amp;data=3D02%7C01%7Cbret.barkel=
ew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f141af91a=
b2d7cd011db47%7C1%7C0%7C637248811886938531&amp;amp;sdata=3D%2FFmQMtE%2Ffrl6=
UxNdY94mvckwrXVUJySJ%2BWFSSQp8nCk%3D&amp;amp;reserved=3D0</a><br>
&gt; (the code branches shared in that discussion are now out of date, but=
 the<br>
&gt; whitepapers and discussion are relevant).<br>
&gt; <br>
&gt; Cc: Jiewen Yao &lt;<a href=3D"mailto:jiewen.yao@intel.com">jiewen.yao=
@intel.com</a>&gt;<br>
&gt; Cc: Chao Zhang &lt;<a href=3D"mailto:chao.b.zhang@intel.com">chao.b.z=
hang@intel.com</a>&gt;<br>
&gt; Cc: Jian J Wang &lt;<a href=3D"mailto:jian.j.wang@intel.com">jian.j.w=
ang@intel.com</a>&gt;<br>
&gt; Cc: Hao A Wu &lt;<a href=3D"mailto:hao.a.wu@intel.com">hao.a.wu@intel=
.com</a>&gt;<br>
&gt; Cc: Liming Gao &lt;<a href=3D"mailto:liming.gao@intel.com">liming.gao=
@intel.com</a>&gt;<br>
&gt; Cc: Jordan Justen &lt;<a href=3D"mailto:jordan.l.justen@intel.com">jo=
rdan.l.justen@intel.com</a>&gt;<br>
&gt; Cc: Laszlo Ersek &lt;<a href=3D"mailto:lersek@redhat.com">lersek@redh=
at.com</a>&gt;<br>
&gt; Cc: Ard Biesheuvel &lt;<a href=3D"mailto:ard.biesheuvel@arm.com">ard.=
biesheuvel@arm.com</a>&gt;<br>
&gt; Cc: Andrew Fish &lt;<a href=3D"mailto:afish@apple.com">afish@apple.co=
m</a>&gt;<br>
&gt; Cc: Ray Ni &lt;<a href=3D"mailto:ray.ni@intel.com">ray.ni@intel.com</=
a>&gt;<br>
&gt; Signed-off-by: Michael Kubacki &lt;<a href=3D"mailto:michael.kubacki@=
microsoft.com">michael.kubacki@microsoft.com</a>&gt;<br>
&gt; <br>
&gt; Changes since v1:<br>
&gt; * Fixed implementation for RuntimeDxe<br>
&gt; * Add PCD to block DisableVariablePolicy<br>
&gt; * Fix the DumpVariablePolicy pagination in SMM<br>
&gt; <br>
&gt; Bret Barkelew (12):<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VariablePolicy protocol interfac=
e<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VariablePolicyLib<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VariablePolicyHelperLib<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VarCheckPolicyLib and SMM interf=
ace<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Connect VariablePolicy business logic to<br=
>
&gt;&nbsp;&nbsp;&nbsp;&nbsp; VariableServices<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Allow VariablePolicy state to delete protec=
ted variables<br>
&gt;&nbsp;&nbsp; SecurityPkg: Allow VariablePolicy state to delete authent=
icated<br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp; variables<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Change TCG MOR variables to use VariablePol=
icy<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Drop VarLock from RuntimeDxe variable drive=
r<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Add a shell-based functional test for Varia=
blePolicy<br>
&gt;&nbsp;&nbsp; OvmfPkg: Add VariablePolicy engine to OvmfPkg platform<br=
>
&gt;&nbsp;&nbsp; EmulatorPkg: Add VariablePolicy engine to EmulatorPkg pla=
tform<br>
&gt; <br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 318 &#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelp=
erLib.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 396 &#43;&#43;&#43;&#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitN=
ull.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 46 &#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitR=
untimeDxe.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 85 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 806 &#43;&#43;&#43;&#43;&#43;&#43;&#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/V=
ariablePolicyUnitTest.c&nbsp;&nbsp; | 2285 &#43;&#43;&#43;&#43;&#43;&#43;&#=
43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariableP=
olicyFuncTestApp.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | 1942 &#43;&#=
43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#=
43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 52 &#43;-<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 60 &#43;-<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 49 &#43;-<=
br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 53 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstTo=
Lock.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 71 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe=
.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 6=
53 &#43;&#43;&#43;&#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx=
e.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; =
14 &#43;<br>
&gt;&nbsp; SecurityPkg/Library/AuthVariableLib/AuthService.c&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nb=
sp;&nbsp; 22 &#43;-<br>
&gt;&nbsp; EmulatorPkg/EmulatorPkg.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 6 &#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 54 &#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Library/VariablePolicyHelperLib.h&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 164 &#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Library/VariablePolicyLib.h&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 |&nbsp; 207 &#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Protocol/VariablePolicy.h&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; |&nbsp; 157 &#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 44 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelp=
erLib.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 36 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelp=
erLib.uni&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 44 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntime=
Dxe.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 52 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/V=
ariablePolicyUnitTest.inf |&nbsp;&nbsp; 41 &#43;<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.ci.yaml&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 |&nbsp;&nbsp;&nbsp; 4 &#43;-<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.dec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 26 &#43;-<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 15 &#43;<br>
&gt;&nbsp; MdeModulePkg/Test/MdeModulePkgHostTest.dsc&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 11 &#43;<br>
&gt;&nbsp; MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 |&nbsp;&nbsp; 55 &#43;<br>
&gt;&nbsp; MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariableP=
olicyFuncTestApp.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 42 &#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.i=
nf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&n=
bsp;&nbsp; 5 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 4 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx=
e.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm=
.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;=
 4 &#43;<br>
&gt;&nbsp; OvmfPkg/OvmfPkgIa32.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 8 &#=
43;<br>
&gt;&nbsp; OvmfPkg/OvmfPkgIa32X64.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 8 &#43;<br>
&gt;&nbsp; OvmfPkg/OvmfPkgX64.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;=
 8 &#43;<br>
&gt;&nbsp; SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 2 &#43;<br>
&gt;&nbsp; 42 files changed, 7819 insertions(&#43;), 78 deletions(-)<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCh=
eckPolicyLib.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib=
/VariablePolicyHelperLib.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyExtraInitNull.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyExtraInitRuntimeDxe.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLib.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyUnitTest/VariablePolicyUnitTest.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFu=
ncTestApp/VariablePolicyFuncTestApp.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/V=
ariableLockRequstToLock.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/V=
ariablePolicySmmDxe.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.=
h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Library/VariablePolicyH=
elperLib.h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Library/VariablePolicyL=
ib.h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy=
.h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCh=
eckPolicyLib.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCh=
eckPolicyLib.uni<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib=
/VariablePolicyHelperLib.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib=
/VariablePolicyHelperLib.uni<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLib.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLib.uni<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLibRuntimeDxe.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyUnitTest/VariablePolicyUnitTest.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFu=
ncTestApp/Readme.md<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFu=
ncTestApp/VariablePolicyFuncTestApp.inf<br>
&gt; <br>
<br>
<br>
<br>
</p>
</div>
</div>
<div>
<p class=3D"x_MsoNormal"></p>
</div>
</div>
</div>
</body>
</html>

--_000_CY4PR21MB0743B7D4506CD9A1DA41E836EFBF0CY4PR21MB0743namp_--