From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web12.4691.1590107365015507084 for ; Thu, 21 May 2020 17:29:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=k5wlvp8E; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: maurice.ma@intel.com) IronPort-SDR: 168J15sIyT3q01KlUn3cZFY3Mme4EDE37TF6l/JW6nqVEgigbxuvkPOYZ2d4JqDl0c3muIcmAE sGCezXHllEdg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2020 17:29:24 -0700 IronPort-SDR: mF+QdLg5ubfnpODLgUWVCZShcpXXHxW4FFXOEilRaGHwYLIb95dgFVn5dc6YdLiO9Xga3RYaY5 ZOtiDTjOaNQw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,419,1583222400"; d="scan'208";a="466996671" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga005.fm.intel.com with ESMTP; 21 May 2020 17:29:24 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 21 May 2020 17:29:23 -0700 Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 21 May 2020 17:29:23 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.103) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 21 May 2020 17:29:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j2XuoOFsaN6T8z7oXERor4iKT1vgYke2vIf7r/n4O+AeBK0VaSqn6D4hWfNPQassv17FzEmH+1ETf6hIqCZbfQabrkfgz6kyFardp+ffTKWaUKXgEReVqy8J9/4fDk0YovRvfRS5z9TsGH+uQssa0iXepj+kCPbpsYFFxNWNKUEyRDPnvLQy5x0RPmuo7pgg/k8TYPI9P8i1LnJEp8sqfT5Hg+jlR89bxjhQSJGEvzsIdBgz/1kjRJqsIczfjRQVYEmmwgBSkPmZSdYVtIDfHYGFHBi7T9b1qxF3EgzhZxVqI3baNTzBrlb56UDxB2IkDHK31MRK5HCYhGEvst2usg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cZ8boDRXffRiKmL530FPhnZcT13X+NBP4SU0Ut5NIkk=; b=J5kSZfpFeZWYaz9xQBJC5TYKXFyIANhp7evnJfmDv3SlRQPluJnpbp3ccQ6I6cTwao3c8ozeIvAsFQ7Adtw+xFEVmw9+s3Cp/oXwxSrHkMNts08cGD/ajqy+QN+E8+q5F8B/EqhYEtwQhwt0yNfNYBYF1qoj32GFyrQuOBciD5o4gVzgxy+2LxU4wguw/f7w7kp7HfPsaFGQ1Zt5TtvvFlAy0fO/tde1MuoK2WQe4TUqiZUN/FJ/loEWgJcNrBDeEfMkihUP8Wu4gKakKTLIaEgVtHMa5w35vbxdTY64OeLVlmuFiOkT0WuIouFGZGKB1+aGqj8IIQXsNCNLHocLtQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cZ8boDRXffRiKmL530FPhnZcT13X+NBP4SU0Ut5NIkk=; b=k5wlvp8EsT5JN08yKhR9xOcvpTFvPpzX5v7R2lSB+fK4JNv8JsRgBhwWofZt0hD/Q5FxnjhEtOLW3fkceX51WhnPxskKgLZArMfWW4WLYejTrMwvZFf2wns/11eL759C1Nr10YK03JEtrB0yxVT2SCkhgLnzSXbebWiDh8l42es= Received: from DM6PR11MB2793.namprd11.prod.outlook.com (2603:10b6:5:c0::29) by DM6PR11MB4457.namprd11.prod.outlook.com (2603:10b6:5:203::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.27; Fri, 22 May 2020 00:29:22 +0000 Received: from DM6PR11MB2793.namprd11.prod.outlook.com ([fe80::ccf0:142e:4ef4:34d0]) by DM6PR11MB2793.namprd11.prod.outlook.com ([fe80::ccf0:142e:4ef4:34d0%5]) with mapi id 15.20.3021.020; Fri, 22 May 2020 00:29:22 +0000 From: "Ma, Maurice" To: "devel@edk2.groups.io" , "michael.kubacki@outlook.com" CC: "Dong, Guo" , "You, Benjamin" , Bret Barkelew Subject: Re: [edk2-devel] [PATCH v3 08/14] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Thread-Topic: [edk2-devel] [PATCH v3 08/14] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Thread-Index: AQHWL8F/0+nQT3JDt0KRoVE5Y7EGxKizQGNA Date: Fri, 22 May 2020 00:29:22 +0000 Message-ID: References: <20200521224331.15616-1-michael.kubacki@outlook.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [104.153.200.60] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8196e500-9638-44db-cf40-08d7fde72c9a x-ms-traffictypediagnostic: DM6PR11MB4457: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:514; x-forefront-prvs: 04111BAC64 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: mQn1A48/83/vA9TOIB8zM7L5s+lqIDdrP9BJuT9NOz5TZFiKHAobfHs0mXY2WE54rrHIM2fkzXy8D60juEOM2O3YtsaqBI0u2DR1C898kYRmjeQTOwXbOfMLlJRO9FoRZUcsledpTtQEkVP5cqRyQTE8Jj0d7dYCWWN0QGwhgBytIEPlo5/yP5FUr6U1XuGVdoKROSvEzc+cYPYh4BbJjFpTNDycUastTjAwJD7oq8Syb1DlDSdVkWtnin7ZCk0TTTqZ+Omyb9ZdWbBt6XGiIEBAG0HPtFGr2q/e7wt+IoNshdK/BP3czAkY5vpqcubhmSte6xK9VK96qY0GYvcD2cWxGSGfHUnVlhXL43oaEuD8bBVyLSFkCErxO6f0FlbverYNdIFvGnSBcTBDG1lc4Q== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB2793.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(366004)(136003)(396003)(39860400002)(376002)(346002)(66476007)(71200400001)(55016002)(26005)(9686003)(45080400002)(2906002)(33656002)(53546011)(7696005)(4326008)(6506007)(86362001)(186003)(66946007)(66556008)(66446008)(8936002)(64756008)(76116006)(966005)(19627235002)(54906003)(52536014)(110136005)(316002)(8676002)(5660300002)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 9rFh4z7WdQ1YeP9BaM+vxM+y31U35IoNd2M7qot8Xf3wbEJx1X+iMpnektoXcCYQKo2Ij/R1AzprTZL5EN9ZMfvXc++u7GGAn2ixBcVbmrDvoxfyEYXsFKs8KfcaT2PWFCj9CEY4Ag6EqgQ7lnyq1ATznDL4Hbu80OVGR54G0WfdKSEj2YfFSSpcHEZtvttEd5RLsoarZ1DxDXIFFUu8P08/wZ2VRKV6dsZ4LXkR5H0Gmm4Ryd67PmNuAPrWL/qYKwQ63Cne8QZYkBLyY/1t5Ll5f/OuJQSnXI18DFCfnQjeTPtyitAgD4QrgPUqjmyY4Kpcwp+QUcviR0TLvFzSk4MGc7AdTfMDwA+PR6ywDvUIuYQ5ggsbaAlJSzfEOsH+K6Z11auwIBhPGkd86OgbSAHNcLCSJ4QTi7r0DBnjXkJy21pcUBXAYMpdxsxGYCuwnoZ53DHYLU39ouSt0PLfJ2dAgyUwEpF7hyq0/sKDwkOqdyCm+nxstuC7pFDrUHUz MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 8196e500-9638-44db-cf40-08d7fde72c9a X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2020 00:29:22.2740 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TjpMnXm+ndrL81nDNn5of5AlHFHDfeEzvotVZyfAVyjRNJqm76gh7V+f1UrxJHd14E3I+7aN73XHofIZELdMJQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4457 Return-Path: maurice.ma@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Maurice Ma > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Michael > Kubacki > Sent: Thursday, May 21, 2020 15:43 > To: devel@edk2.groups.io > Cc: Ma, Maurice ; Dong, Guo ; > You, Benjamin ; Bret Barkelew > > Subject: [edk2-devel] [PATCH v3 08/14] UefiPayloadPkg: Add VariablePolic= y > engine to UefiPayloadPkg platform >=20 > From: Bret Barkelew >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 >=20 > Cc: Maurice Ma > Cc: Guo Dong > Cc: Benjamin You > Cc: Bret Barkelew > Signed-off-by: Michael Kubacki > --- > UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 7 +++++++ > UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 7 +++++++ > 2 files changed, 14 insertions(+) >=20 > diff --git a/UefiPayloadPkg/UefiPayloadPkgIa32.dsc > b/UefiPayloadPkg/UefiPayloadPkgIa32.dsc > index d52945442e0e..472196d2c60e 100644 > --- a/UefiPayloadPkg/UefiPayloadPkgIa32.dsc > +++ b/UefiPayloadPkg/UefiPayloadPkgIa32.dsc > @@ -4,6 +4,7 @@ > # Provides drivers and definitions to create uefi payload for bootloade= rs. > # > # Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) Microsoft Corporation.
> # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -204,6 +205,8 = @@ > [LibraryClasses] >=20 > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib > Null.inf >=20 > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > MeasurementLibNull.inf > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > + > + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolic > + yLib.inf > + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/V > + ariablePolicyHelperLib.inf >=20 > [LibraryClasses.IA32.SEC] > DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf > @@ -251,6 +254,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf >=20 > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemory > AllocationLib.inf >=20 > ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib > /RuntimeDxeReportStatusCodeLib.inf > + > + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolic > + yLibRuntimeDxe.inf >=20 >=20 > [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATI > ON] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -329,6 +333,9 @@ [PcdsPatchableInModule.common] >=20 >=20 > gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LO > GICAL_PROCESSORS) >=20 > + # Optional: Omit if VariablePolicy should be always-on. > + > + > gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisabl > + e|TRUE > + >=20 >=20 > ################################################################ > ################ > # > diff --git a/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc > b/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc > index 0736cd995476..817400604347 100644 > --- a/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc > +++ b/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc > @@ -4,6 +4,7 @@ > # Provides drivers and definitions to create uefi payload for bootloade= rs. > # > # Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved. > +# Copyright (c) Microsoft Corporation.
> # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -205,6 +206,8 = @@ > [LibraryClasses] >=20 > AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib > Null.inf >=20 > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm > MeasurementLibNull.inf > VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > + > + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolic > + yLib.inf > + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/V > + ariablePolicyHelperLib.inf >=20 > [LibraryClasses.IA32.SEC] > DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf > @@ -252,6 +255,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf >=20 > MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemory > AllocationLib.inf >=20 > ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib > /RuntimeDxeReportStatusCodeLib.inf > + > + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolic > + yLibRuntimeDxe.inf >=20 >=20 > [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATI > ON] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -331,6 +335,9 @@ [PcdsPatchableInModule.common] >=20 >=20 > gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LO > GICAL_PROCESSORS) >=20 > + # Optional: Omit if VariablePolicy should be always-on. > + > + > gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisabl > + e|TRUE > + >=20 >=20 > ################################################################ > ################ > # > -- > 2.16.3.windows.1 >=20 >=20 >=20