From: "Gao, Zhichao" <zhichao.gao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"mikuback@linux.microsoft.com" <mikuback@linux.microsoft.com>
Cc: Anatol Belski <anbelski@linux.microsoft.com>,
Anthony Perard <anthony.perard@citrix.com>,
"Bi, Dandan" <dandan.bi@intel.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
Jianyong Wu <jianyong.wu@arm.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
Julien Grall <julien@xen.org>,
"Gao, Liming" <gaoliming@byosoft.com.cn>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 0/3] Add Variable Policy Audit and Shell Command
Date: Tue, 24 Oct 2023 00:31:14 +0000 [thread overview]
Message-ID: <IA1PR11MB6370950779906F3EA8BD077BF6DFA@IA1PR11MB6370.namprd11.prod.outlook.com> (raw)
In-Reply-To: <de03ca2b-0e5e-443c-967f-59000894d5d3@linux.microsoft.com>
Hi Michael,
I cannot find the shellpkg change of this patch set. Can you share your poll request for review?
Thanks,
Zhichao
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
> Kubacki
> Sent: Tuesday, October 24, 2023 2:16 AM
> To: devel@edk2.groups.io
> Cc: Anatol Belski <anbelski@linux.microsoft.com>; Anthony Perard
> <anthony.perard@citrix.com>; Bi, Dandan <dandan.bi@intel.com>; Gerd
> Hoffmann <kraxel@redhat.com>; Wu, Hao A <hao.a.wu@intel.com>; Wang,
> Jian J <jian.j.wang@intel.com>; Jianyong Wu <jianyong.wu@arm.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Julien Grall <julien@xen.org>; Gao, Liming
> <gaoliming@byosoft.com.cn>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>
> Subject: Re: [edk2-devel] [PATCH v1 0/3] Add Variable Policy Audit and Shell
> Command
>
> A reminder to review this series.
>
> Regards,
> Michael
>
> On 9/19/2023 10:32 AM, Michael Kubacki wrote:
> > From: Michael Kubacki <michael.kubacki@microsoft.com>
> >
> > Adds a new module (dynamic shell command) to ShellPkg that lists
> > variable policy information for all UEFI variables on the system.
> >
> > Some other UEFI variable related functionality is also included to
> > give a greater sense of platform UEFI variable state.
> >
> > Like all dynamic shell commands, a platform only needs to include
> > VariablePolicyDynamicCommand.inf in their flash image to have the
> > command registered in their UEFI shell.
> >
> > The shell command is added to OvmfPkg so it is available in an easily
> > obtainable virtual platform.
> >
> > This is being made available to ease auditing and enabling of UEFI
> > variable policy to encourage its adoption for securing UEFI variables.
> >
> > ---
> >
> > Command Help:
> >
> > Lists UEFI variable policy information.
> >
> > VARPOLICY [-p] [-s] [-v]
> >
> > -p - The policy flag will print variable policy info for each variable.
> >
> > -s - The stats flag will print overall UEFI variable policy statistics.
> >
> > -v - The verbose flag indicates all known information should be printed.
> >
> > This includes a dump of the corresponding UEFI variable data in
> > addition to all other UEFI variable policy information.
> >
> > EXAMPLES:
> >
> > * To dump all active UEFI variables:
> > fs0:\> varpolicy
> >
> > * To include UEFI variable policy information:
> > varpolicy -p
> >
> > * To include UEFI variable statistics:
> > varpolicy -s
> >
> > Press ENTER to continue or 'Q' break:
> >
> > ---
> >
> > Images showing example output are available in the PR:
> > https://github.com/tianocore/edk2/pull/4835
> >
> > Cc: Anatol Belski <anbelski@linux.microsoft.com>
> > Cc: Anthony Perard <anthony.perard@citrix.com>
> > Cc: Dandan Bi <dandan.bi@intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Cc: Hao A Wu <hao.a.wu@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Jianyong Wu <jianyong.wu@arm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Julien Grall <julien@xen.org>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Zhichao Gao <zhichao.gao@intel.com>
> >
> > Michael Kubacki (3):
> > MdeModulePkg/VariablePolicy: Add more granular variable policy
> > querying
> > ShellPkg: Add varpolicy dynamic shell command
> > OvmfPkg: Add varpolicy shell command
> >
> > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> | 174 +++-
> > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> | 304 ++++++
> > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> | 4 +-
> > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> | 346 ++++++-
> >
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.c | 1009 ++++++++++++++++++++
> > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
> | 39 +-
> > MdeModulePkg/Include/Library/VariablePolicyLib.h |
> 107 +++
> > MdeModulePkg/Include/Protocol/VariablePolicy.h |
> 133 ++-
> > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> | 1 +
> > OvmfPkg/CloudHv/CloudHvX64.dsc | 4 +
> > OvmfPkg/Microvm/MicrovmX64.dsc | 4 +
> > OvmfPkg/OvmfPkgIa32.dsc | 4 +
> > OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
> > OvmfPkg/OvmfPkgX64.dsc | 4 +
> > OvmfPkg/OvmfXen.dsc | 4 +
> >
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.h | 94 ++
> >
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.inf | 56 ++
> >
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.uni | 86 ++
> > ShellPkg/ShellPkg.dsc | 1 +
> > 19 files changed, 2332 insertions(+), 46 deletions(-)
> > create mode 100644
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.c
> > create mode 100644
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.h
> > create mode 100644
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> DynamicCommand.inf
> > create mode 100644
> >
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy
> Dyn
> > amicCommand.uni
> >
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109963): https://edk2.groups.io/g/devel/message/109963
Mute This Topic: https://groups.io/mt/102141559/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-24 0:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <178653656C780AFD.28522@groups.io>
2023-10-23 18:15 ` [edk2-devel] [PATCH v1 0/3] Add Variable Policy Audit and Shell Command Michael Kubacki
2023-10-24 0:31 ` Gao, Zhichao [this message]
2023-09-19 14:32 Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=IA1PR11MB6370950779906F3EA8BD077BF6DFA@IA1PR11MB6370.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox