From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.30079.1632743903659586489 for ; Mon, 27 Sep 2021 04:58:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=dYfMxvfA; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: dandan.bi@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10119"; a="288121939" X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="288121939" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Sep 2021 04:58:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="518538914" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga008.fm.intel.com with ESMTP; 27 Sep 2021 04:58:21 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 27 Sep 2021 04:58:21 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 27 Sep 2021 04:58:21 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 27 Sep 2021 04:58:21 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.103) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 27 Sep 2021 04:58:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O2qxRAqbfRWdGMBsQSmSeet59zS+cooYHovUjA4DyINDdmG5DnNy9Bos57UngH1CnM/9D+Z8QqWeEGZyk34c/M5iWz8R1Zdz3Z4XITJh6zzwk4mgIIEr+xW6+g1ErYhdEKTy54UfJAjIvpJ+ec0IrgTzIL5wvIa5EVDpzZY/b02Cjf+oFbATYsuTt39vIgRu2+ZFpgwZc88JHbMmEu3CpWzCJNHCIJKW9HhhJLCtSxOZ4ZJ7vGbU5SUae425SKk4RfFjFWcuhvoPKnDrnRvw0OWUdwIsfWP8+eM8HEnlXpObL5x9MfNiHH6Q3zriqsLyV17toEaLquNaM8Qflbr0Ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=rvm6CWe2GAehjlj1bk9rYoZfinhvb6G+GT/aXucp+PE=; b=ag+AIZDATBK6uf150f243EV3RuOSc4+QQwLrqtsKDSt9fLdKe3t9Szp5aSFimw74oTZCapHMC/b1IDPn8o/27k5Uo8FexPq2XRjjt47zczZAGss3INBRykKpj3WK9wcWAdoc/W+HcGnx66cr/ZVQ1FLG5+Lb6Ts1bYyx4MN57FnNdWDIiX48yelVZv5BRZpCMgRFRjxkok1INhqkkO4+nuPUH24AR8/K4wG7DIgLKcfCp3WTGL+chlTDp7Xi/IYcoyro+eKbBSTcHbkTKbof6mTa+H7WBQmsS4Ux7OVypbpKcBG9ck4U7jwfrkaauFJZEB8/Tkxh8H9L8U/CvKyShg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rvm6CWe2GAehjlj1bk9rYoZfinhvb6G+GT/aXucp+PE=; b=dYfMxvfAIoKX/qPK/5NIXZw5Ye+gI2qHO3+nWneE2lSxeAViZ8P+juZrFreePBpP9at9BSdDbYQgdZSJV6wLFxR7mavnCf213JCHzBSr2BXN/xGwpJwIwBHDqcLKgvXvgbkif9vK+sLwBJpo2czB1bKwu4cYWx6eC4lpuKH85r0= Received: from DM4PR11MB5453.namprd11.prod.outlook.com (2603:10b6:5:398::15) by DM5PR1101MB2122.namprd11.prod.outlook.com (2603:10b6:4:54::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Mon, 27 Sep 2021 11:58:19 +0000 Received: from DM4PR11MB5453.namprd11.prod.outlook.com ([fe80::ed4c:25e0:281e:da52]) by DM4PR11MB5453.namprd11.prod.outlook.com ([fe80::ed4c:25e0:281e:da52%2]) with mapi id 15.20.4544.021; Mon, 27 Sep 2021 11:58:19 +0000 From: "Dandan Bi" To: "Shi, Hao" , "devel@edk2.groups.io" CC: Liming Gao Subject: Re: [PATCH] UserAuthFeaturePkg/UserAuthenticationDxeSmm: The SMI to handle the user authentication should be unregister before booting to OS Thread-Topic: [PATCH] UserAuthFeaturePkg/UserAuthenticationDxeSmm: The SMI to handle the user authentication should be unregister before booting to OS Thread-Index: AQHXsC/FhU7tBtWnGESRA5zzC792D6u3x4pQ Date: Mon, 27 Sep 2021 11:58:19 +0000 Message-ID: References: <20210923040138.1960-1-hao.shi@intel.com> In-Reply-To: <20210923040138.1960-1-hao.shi@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2fc6ab45-e874-4a6a-083c-08d981ae194a x-ms-traffictypediagnostic: DM5PR1101MB2122: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JuKEuZ6XWOxNlSNI0GIPxIr+0OYOO+CNYNa0ZYmzK5sFGRE9q7l+nAjMXOzlfjGRtA5QU++V15X7vSuOV2/BtrXoInwzxLFgJwD6RozQ+qUqOOe4bkZol8vhJrFhPh/0GJ7ktXm+pIWzkcUk5Cjk/siVjnnfrPWLSsnkBuv8L7sKTuPUklurQTMZb0s2G2PMwd5rIdE3M7cOvl94ShTwcWjcxBy1HCa/tX2zxRp4Q2WVtB6WGsJPzx5L8L2DrdGuAg92P1z3RCngaVJ+caCFUHn+pbCgYEGimQtonyDZJ/ErXzHhykVzUdt3dFixMeUFHzD/w2gQC0hcnCjzaFk5AY2u8qBqBAR/3McseFWIj4q+MUiFvluRywktsLo1zj0k1wDNHoS/IPcUieoPc3CIY2Yrz/6uV3E06zOLka03JA6DyIbWjMULD+MhcwP37BKHs8YOr4VMO/6nmAdnTbi2dOPC0Z1//rMZA/RlQMoHUeK/Phn2Pl3iHEaNR1wsuesyDynedv4e82NUGZTckqAq89RGDPWH5KYYzJbesY+J/mLoiHiZ+Ruwh3rFWAJWcUmeHw3k8sn4sP2UQeP1DSg1kulY6zDrxF9B37JCBLgd4A/T6+EoYOAw/4Ndtp59Cu7/AKGXm+iReK7zgfa4wYUx33VPpkdZHQnnDhI+5fWmCRht6q9ypKFPoflNUs+ZJn85AZ4GmBoT+jfbHG2AktrMm49xYtKRe058ERVCAYoX5w9cJO0djKzCxdgLJS2qFBbCHDhDaFq293gwGcKjbj1dvDNVE8A+wwngUG5mz7NF0yU= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR11MB5453.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(33656002)(2906002)(66946007)(55016002)(4326008)(52536014)(76116006)(71200400001)(38070700005)(5660300002)(83380400001)(9686003)(66476007)(66556008)(64756008)(66446008)(8936002)(6506007)(53546011)(122000001)(86362001)(7696005)(316002)(508600001)(110136005)(8676002)(38100700002)(26005)(186003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?/s3nBmdsTcWjdTFVhFWjEZCuRH0KV1KU1ACMdyOEU6Q1mVfteNV/r0wSwNhf?= =?us-ascii?Q?UikNioX/Oa15yRu1kq1yWWy2/rl7V9WQM4Ke6qVAVWN6sEu6zbWgRFG2603X?= =?us-ascii?Q?KxGZzhiqZgRHivVGvCbzj5SuzkPYbR7zZJICswCI2NZp4EizN1niIkzxNM9X?= =?us-ascii?Q?UpOTBkNkneL6RuFMEi0q7EqGZ8yn3KiX2YHrPqNUJFbDA88w1tFdWYqEtyXp?= =?us-ascii?Q?HGW6M8zc3FulyzBlzPgXM+3RwkTl8wQYxh+h4THdpikuosPogIedbdHQqi+M?= =?us-ascii?Q?hpCgOq9mpNi6zkvZvNKChFNlJ1KzNQir/EqCfyMNdkaEP1GJgEGei2lOKgFk?= =?us-ascii?Q?5g8iCj2Z9EWCG8yEJUQ2ozptGo0N5CwU5m+dLcg3ErZNg5L2XL2ZRAKegZle?= =?us-ascii?Q?fC/ES6vAojyRaYAL9IV3NmpeF2ulUk38zFalszWgs4vk/qKMiiCcqF58feTX?= =?us-ascii?Q?oqadBbO0hChZartmLe1ntwB2Yjh3UT3dB3mHX90cw1d+jTMbtQCEXN39v6XP?= =?us-ascii?Q?expbcOV0LmhqhkN7w/LihSLTqNBcRDjSLcXyvda1lBCcaiVlilA1fj0iueRv?= =?us-ascii?Q?4ccL64k0DlFwXz7VYBiDxjnSs7bQP3Gb9S25Kpr2AeQiKVZtH5vE0ZKwjnAR?= =?us-ascii?Q?r6dBIjrccOEahcfHm7YCOHw6UL0jvIumNf5l/RwP5wYvVmsxJTp/onZeRf5V?= =?us-ascii?Q?/8g5Jjew+TIz1B3qJhGOskdU65rcumRhnIe6zNhL53fwcGerRyzJO3wme1uz?= =?us-ascii?Q?TKvW2g/0SpdsfkF1Xt0kYO6X06iOvKxRM0LHuTS7OX5RekFI2mj1BJD7MJdc?= =?us-ascii?Q?UwFzo8kbtyATDk+dQEamrg5mQnPLTP47t2Rqc2UvPY55D81uwHQ6CiGVVgaJ?= =?us-ascii?Q?DaR8qQwbYFiu8bGPi1EwYdxwGmzhdBrmKrnaX1JWtXo87OuBik+ROwFN/+qj?= =?us-ascii?Q?vvjCPG4M/9YbIftSbl/eFueGUKovA0O2uPX1dKIcqOIhPQlvWRLZtFedx+3+?= =?us-ascii?Q?RSrOF0rkbcpfQ5kyWOXFjhqcsbnNwnLxYSWa99+9Nfkow6CGFwh6NXJo4QAU?= =?us-ascii?Q?047t/cblPfNY20Rpgnx9Nha2mmRbsBJ+x55ZxWrlkDeRqUpyLIHsMdsZZiFl?= =?us-ascii?Q?fxIVuJYaEbaSoCEdiJIvRs+Y6wVcXgoyOTU8SsoOMZtdeTCugGc6VnxHqyTu?= =?us-ascii?Q?SWYhxlc5sjlXwUTfWiVaMz1H/RJTgQU9JWRyWN5t6C3bo0YjyCvuS8jdP6LV?= =?us-ascii?Q?IbF+vAFizbA0wKg/Sh/SxzwdxhHJYBV2MhzYqHG/o1xaHflIqmgq67N1Ru3E?= =?us-ascii?Q?BKc2Kv5YrVRHAytJv7MtaSv8?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5453.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2fc6ab45-e874-4a6a-083c-08d981ae194a X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Sep 2021 11:58:19.7573 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: H5rRpX9EV/JDg3VuK6/7+7qcRwRZXJ0M8IRdW5D07Hcn4kgMZtGLHDyL9QceKAplJWPuuXIcezFFUQ6fPnbtXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2122 Return-Path: dandan.bi@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Hao, Some minor comments below. Please check inline. Thanks, Dandan > -----Original Message----- > From: Shi, Hao > Sent: Thursday, September 23, 2021 12:02 PM > To: devel@edk2.groups.io > Cc: Shi, Hao ; Bi, Dandan > Subject: [PATCH] UserAuthFeaturePkg/UserAuthenticationDxeSmm: The > SMI to handle the user authentication should be unregister before booting > to OS >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D3648 >=20 > Register SmmExitBootServices and SmmLegacyBoot callback function to > unregister this handler. >=20 > Signed-off-by: Hao Shi >=20 > --- > .../UserAuthenticationSmm.c | 34 +++++++++++++++++++ > .../UserAuthenticationSmm.inf | 2 ++ > 2 files changed, 36 insertions(+) >=20 > diff --git > a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDx > eSmm/UserAuthenticationSmm.c > b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDx > eSmm/UserAuthenticationSmm.c > index 07e834eb..30f889dd 100644 > --- > a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDx > eSmm/UserAuthenticationSmm.c > +++ > b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication > +++ DxeSmm/UserAuthenticationSmm.c > @@ -13,6 +13,7 @@ UINTN mAdminPasswordTryCount = =3D 0; >=20 > BOOLEAN mNeedReVerify =3D TRUE; > BOOLEAN mPasswordVerified =3D FALSE; > +EFI_HANDLE mSmmHandle =3D NULL; >=20 > /** > Verify if the password is correct. > @@ -612,6 +613,30 @@ EXIT: > return EFI_SUCCESS; > } >=20 > +/** > + Performs Exit Boot Services UserAuthentication actions > + > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. > + > + @retval EFI_SUCCESS Notification runs successfully. > +**/ > +EFI_STATUS > +EFIAPI > +UaExitBootServices ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > + ) > +{ > + DEBUG ((DEBUG_INFO, "Unregister User Authentication Smi\n")); > + > + gSmst->SmiHandlerUnRegister(mSmmHandle); > + > + return EFI_SUCCESS; > +} > + > /** > Main entry for this driver. >=20 > @@ -633,6 +658,7 @@ PasswordSmmInit ( > EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; > CHAR16 > PasswordHistoryName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof( > CHAR16) + 5]; > UINTN Index; > + EFI_EVENT ExitBootServicesEvent; Please take care the alignment between new added code and old ones. >=20 > ASSERT (PASSWORD_HASH_SIZE =3D=3D SHA256_DIGEST_SIZE); > ASSERT (PASSWORD_HISTORY_CHECK_COUNT < 0xFFFF); @@ -663,6 > +689,14 @@ PasswordSmmInit ( > if (EFI_ERROR (Status)) { > return Status; > } > + mSmmHandle =3D SmmHandle; Could we only use one global variable for register and unregister? Then can= remove this statement. > + // > + // Register for SmmExitBootServices and SmmLegacyBoot notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify > + (&gEdkiiSmmExitBootServicesProtocolGuid, UaExitBootServices, > + &ExitBootServicesEvent); ASSERT_EFI_ERROR (Status); Status =3D > + gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtocolGuid, > + UaExitBootServices, &ExitBootServicesEvent); ASSERT_EFI_ERROR > + (Status); Could we not use &ExitBootServicesEvent for these two RegisterProtocolNotif= y? One generic name for both or two specific names for each? >=20 > if (IsPasswordCleared()) { > DEBUG ((DEBUG_INFO, "IsPasswordCleared\n")); diff --git > a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDx > eSmm/UserAuthenticationSmm.inf > b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDx > eSmm/UserAuthenticationSmm.inf > index 0b33b194..d73a2fe2 100644 > --- > a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDx > eSmm/UserAuthenticationSmm.inf > +++ > b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication > +++ DxeSmm/UserAuthenticationSmm.inf > @@ -48,6 +48,8 @@ > [Protocols] > gEdkiiVariableLockProtocolGuid ## CONSUMES > gEfiSmmVariableProtocolGuid ## CONSUMES > + gEdkiiSmmExitBootServicesProtocolGuid ## CONSUMES > + gEdkiiSmmLegacyBootProtocolGuid ## CONSUMES >=20 > [Depex] > gEfiSmmVariableProtocolGuid AND gEfiVariableWriteArchProtocolGuid > -- > 2.26.2.windows.1