From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web09.4018.1644626883226635002 for ; Fri, 11 Feb 2022 16:48:04 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=gT5pPHj0; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: isaac.w.oram@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644626883; x=1676162883; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=EG2QaCUtovrGdLd0so5bbwYCLQ+EnAFYNeFPkNmELqU=; b=gT5pPHj0VCwk9SOyGpNDQhdgpwGr/LMl/7DdwFS/O2XADdcy9gNleX6t yoe6qQHcjA3c2Gfq8uoA7fOUFgtFE8smrYYho9g2Ew6qbtD9+gfmr4TFv GGsTM8AXuFts3CuKc13+b85HtDbGysn80btY/P31Zh8z3lEu05sKM4LgE 5/E5KiAPR4nRQWk9kKqXx4tiukTfvWyWUo1RVhRmQz7QhdzFzywzVM6l4 pBYR/AExQZjLI1u/pQ74A/Em+gbaNU42urk2JVZMOIMXMmfBF0pzKCvXf xgz2Iqqvs+TwkgyXfpuCY1oHeQzAbTxTKxC1jwLHNbccTePEr/3mJawMM A==; X-IronPort-AV: E=McAfee;i="6200,9189,10255"; a="249784355" X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="249784355" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Feb 2022 16:47:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="702287425" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga005.jf.intel.com with ESMTP; 11 Feb 2022 16:47:42 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Fri, 11 Feb 2022 16:47:41 -0800 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Fri, 11 Feb 2022 16:47:41 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Fri, 11 Feb 2022 16:47:41 -0800 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.169) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Fri, 11 Feb 2022 16:47:41 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YDrLENB8j9R/EMTaFcSh5b00Trv46e4sB/RxwvHb2/QHRtP7vf88OWJ5oMGOsPkqX6vLiZn6Xrq5cWU3YH3IcKRydDlqOUKGBrxBS/De15bDWsFyrvGnKfFFWsMN113Am63oHsdZWN/SNAmsuXPhcL9Uz6SQVmDStCsJTPAvR4LtDkrt9L6l5v4d0NV81JBFEHjRKe2RYj12s1C9zPhj2T4SOOEzlMunI1JmaojgF5AnGrUiJgtRrYFCcPY8L9X69t3fOC5AtDIPhtiOC4Z3zYYC0POX2U3NZyboGwyWoZtUr58g691CiwFlib2uY9pPqA5lnYoRdIT0BntaZH1OiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6HISBfQqn37f0deU8Ilhe/rnbONyZnWIyN3DceDsvqQ=; b=MFuCulmGX/v5M75gTXV+Wcl1uP3aO2H4HJHTTQSKZZfK8iqsKrvk9tcy1nYub7u1ks2r1sBx6r/SMYm4bviptG6kiuQxMaVV6hF3nalJoVgOxpfUq9mmjFLiyZY9ifwB3vo0QzIlz5QNuGdHeT+QyOrSaJ/xhd9WLkBy4dW9eqE2lA/ElyG78AQasbXv+LZL61DCrtzY3FoVR3dK4C+yg3BMI79E6lO7pQr58IGXnr85AzfYNAE6g1UPidjIbWLapV/R383EXz/GX8Ojv2LahPqrzdnj6wXBe3N5HdfxkKKbGojEF8NPndC9xw4rddhXI+IPnsSUVD0VRkgPrvvo5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from MW3PR11MB4747.namprd11.prod.outlook.com (2603:10b6:303:2f::11) by SN6PR11MB2717.namprd11.prod.outlook.com (2603:10b6:805:60::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.12; Sat, 12 Feb 2022 00:47:38 +0000 Received: from MW3PR11MB4747.namprd11.prod.outlook.com ([fe80::9c36:57de:e967:55a3]) by MW3PR11MB4747.namprd11.prod.outlook.com ([fe80::9c36:57de:e967:55a3%8]) with mapi id 15.20.4951.019; Sat, 12 Feb 2022 00:47:38 +0000 From: "Oram, Isaac W" To: "devel@edk2.groups.io" , "Chiu, Chasel" CC: "Desimone, Nathaniel L" , "Gao, Liming" , "Dong, Eric" Subject: Re: [edk2-devel] [edk2-platforms: PATCH v3] MinPlatformPkg/SaveMemoryConfig: Variable may not be locked. Thread-Topic: [edk2-devel] [edk2-platforms: PATCH v3] MinPlatformPkg/SaveMemoryConfig: Variable may not be locked. Thread-Index: AQHYHyYbU03UMXGfnkWaX1Q2jwZo+qyPE4rw Date: Sat, 12 Feb 2022 00:47:38 +0000 Message-ID: References: <20220211090204.987-1-chasel.chiu@intel.com> In-Reply-To: <20220211090204.987-1-chasel.chiu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.6.200.16 dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ae3a5a3d-0b86-463f-d67f-08d9edc1446e x-ms-traffictypediagnostic: SN6PR11MB2717:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:133; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Ot9E4WmiPaHBObMrbCSYfhvIoF7EipV+DJKkFyt8l+LTVxtPdVU0IOhebjVhFva27BNpEuf7nUPADXNhzrnR6u+SP2AC89itKZ/O1sWXhbtnuhQ7lYNgKlYviCJuF3ma1LCPEiJPKi3iGE2v5ILyqNsUgqAI9nGC/bUJKmTkwFlLMeqNgsxCIK2qOOm5DakbaRNRluCn9HeAA4z7+irJEmKo90CsXyKkr321Kl1Uy4KNyCGYKuqnOBSVIj6TQJfBPC4J6+yXLjp9zB2sbabVgmKNJai9ef+W2htyM5NTPLMI8c5Vx5AWf32LBBY/pqRU3KsxjkmUJubfH0A+LIwZGBLSvjGZKJVAcX3QWFQcUvCoVwVyeIa7hyw8JsEMsVa1fZLFkwSWz8F2hwQu2G84mAiPNVCGXq/rWqouSyE+Cl+kXgjP3WmDw5HPJj7MPDekSSAmZqqrGtPwnbH4Qxs68Tlyu5kdIR/yTdOU6qI01MxH0xMC0KJ5vTYz3RyKd6kytrjYh+x7SWOkWC8WLBdaU+Vn89fWtB96LTca0+sQMn/NL68F1oNVfSuz2OExHpOmhjFzbWKEE0jRvhqTVJQHb7qLPgoeCR+9crvV1PKCAQwZAA5wzObPd4X7ovLYGt7hIAIyu9YLrLIAukbvRBWaC0rRpzQ2u+RQbpg4n0RM4/pxQ3q0gsxA8V1jWoZMFFdLjgWVm9kIKK9wBLzqz1l302HppDOcyH/EAG4ryxjmre0NFdEdA6kk/sTw3HppT18Ua4t+h4jr3KpY8G11u2h2/Mye1DXAHsObcfKcjFWNmrx0kK1n8IfJYOuRqXJeZwEfMdI2CrzJttnhxJLCVfjRzw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW3PR11MB4747.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(86362001)(54906003)(966005)(82960400001)(5660300002)(53546011)(4326008)(110136005)(38100700002)(30864003)(38070700005)(9686003)(83380400001)(8676002)(64756008)(8936002)(71200400001)(52536014)(186003)(107886003)(55016003)(122000001)(316002)(66446008)(66946007)(66476007)(66556008)(6636002)(6506007)(26005)(2906002)(33656002)(508600001)(76116006)(7696005)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EZFerQVVZsnq85AO4vbaSnUQvpAYHWeqckLeqbkA+bIhqK0JPMpTZyGrAl+d?= =?us-ascii?Q?KBEYkow/cUTUDuarjSX1h2gAJO5X7Z66Iw2ZyJo2RRn8ZQ7Ac568uibEm61R?= =?us-ascii?Q?TXA7zW7EhXIgR0Eqx9k2WJ1MQvaRIUM8puI1vNMOBjQiAtnomevft1Yw2St9?= =?us-ascii?Q?EpPimvYLuvTtXIoC4b7BJfVn5HCORLY+i8LYzN3jLQ37yo/NtC1NvArg6k+9?= =?us-ascii?Q?lYKuxbMvEWTOrwfRDMzltwqTU0BkoaS0wlz+ZEoxq0DmYTApMWobDl0DJ628?= =?us-ascii?Q?BWV5I+QSv7yhx4Ea8b2Am5iPlYzRW2XPx54HGH0kmO7glEtTBJEZ4bvD2zGy?= =?us-ascii?Q?aLX/U90GbUcxeO/nX2Aw5bBqqDdrC6A1kRrGWmVaI37p/cwwADKrk2F6MSEp?= =?us-ascii?Q?8mIe1x2J8J7WJd0Y2ZzrQ1oeuQXFQvPebFu9ciO02pwx0wCD1hHUKU+bHSAz?= =?us-ascii?Q?XvqBlsUR3N0xQGLJJnEKi2QCHGIjp7z28L86ZPkFj8FjTHrmCBQWafmdn0/U?= =?us-ascii?Q?FwKJB7ooDciPmwUOGC48Z7SSZk7XP9XyPrFak+AI3Ns/aoIbAvkSkG4L2fGR?= =?us-ascii?Q?QsgnS5x/zWZRgLnFfAZmbRpcySEMqdJpSC7nPeqrjHGwGZjSMhbR0uYfZa0T?= =?us-ascii?Q?0nYkq8ITSJHqH4ss8AgFTRa1/mqg+qwRVUHFrp/LKruc2zwcUoyUYtz1WjX7?= =?us-ascii?Q?l0dD6dO1wGG6r3M8ii27s3c8NS9C0zvPHUry/4UDzK4WSDvbbnxx8KLAPDxb?= =?us-ascii?Q?IXJX3RdMOu4PWmLEX93CKA6FneWtXsvVaGPdn8Mn1edv8I4LCsiuNsFonX2J?= =?us-ascii?Q?5+PZCcBN4TrwC4vVzSfLYfQHfjp36dsFJbfqjTmFyNrJJfyazYAk1vAetI5c?= =?us-ascii?Q?hh+cI8YZMyJME5UZYWCC+uGv12+pyBRcDJfEGlAAOA8qZaX7Pl6txkdWmA1l?= =?us-ascii?Q?AfNI0ouK7W4+hyBDn2vmjVCWlBw5Fc/oBpBH79tbBpiE/XkQ1F6676qlGlw+?= =?us-ascii?Q?naH/efTWsKTDcDQlwAQOOjuhLOpfpZzTiXP2vbjzRv4Uh2ynJkxkT/xTW4MY?= =?us-ascii?Q?kr7mMkMLlkXROuLRXPT206kSqDGQ+34AlXl779wKni1a8M82mp3iU5qVtEIA?= =?us-ascii?Q?eXbFSm0wl/e4XdNmYYbAJF/kcpFowHRwwRT12pEUDqYCcC/Yt1N4e6TIGLBP?= =?us-ascii?Q?+pkqjgFO4FJVohyDgUsAjiEB/thJuWlxSGZGYo+Dzh92IXl558D+5MvscWjM?= =?us-ascii?Q?IBAcaWA7lhqbZxK4MBTgEaekaQiNlJBBDLWOZZR1DZ+dJV2s3eUlZUBd5uDz?= =?us-ascii?Q?tQniC2sCj/DTyYSjPEL/Xkl4Hdz5MnQFt10tG/DjP+Cj9U9obOCRtibwx7Y6?= =?us-ascii?Q?gjk29fKV51dfn1Pxj4QdudD6I8pwIMKJZGZ8dCP880kqtpY+X8GQAUlC6cUo?= =?us-ascii?Q?GmtYyBVI/nndMgWFrNwSL0o8v8terhRGC52Rk3dO6U6xVxCC5rR2RdZKTXab?= =?us-ascii?Q?Gtaz/tRFsX4f7vOkdHf2ESzIdxUyiCgvCjGRgUcG4ezLrfTpLyOWfMaWqkLF?= =?us-ascii?Q?VQcXftmTKq+k0AxFydD/xWr4thBc3y7h18dxKEV8gdlEs2wC7YVPNOwJ/b2s?= =?us-ascii?Q?jVNvk9nujleoiSEKxCBRCFo=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW3PR11MB4747.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ae3a5a3d-0b86-463f-d67f-08d9edc1446e X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2022 00:47:38.0346 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3Q8dXozwmLU1fLuvkJ6YH0pfN9ewF9vMt7RmOFkJTEjXjLmF2lB+pwHUk4iEbM3UUz7O7iwSsoEDPXSU1dsuzg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2717 Return-Path: isaac.w.oram@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Isaac Oram Minor code style nits that can be fixed before pushing: These do not need = another patch for review, if a maintainer agrees. SaveMemoryConfig.c Line 95 : EFI_ERROR( put a space before ( Line 101, 118: CpuDeadLoop( put a space before ( LargeVariableWriteLib.c: Lines 506, 519, 542: EFI_ERROR( put a space before ( Regards, Isaac -----Original Message----- From: devel@edk2.groups.io On Behalf Of Chiu, Chasel Sent: Friday, February 11, 2022 1:02 AM To: devel@edk2.groups.io Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Gao, Liming ; Dong, Eric <= eric.dong@intel.com> Subject: [edk2-devel] [edk2-platforms: PATCH v3] MinPlatformPkg/SaveMemoryC= onfig: Variable may not be locked. From: "Chiu, Chasel" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3829 Fixed the bug that existing variable will not be locked when it is identica= l with hob data by creating LockLargeVariable function, also switched to Va= riablePolicyProtocol for locking variables. Failing to lock variable could be security vulnerability, so the function w= ill return EFI_ABORTED when it failed and SaveMemoryConfig driver will halt= the system for developers to resolve this issue. This patch also modified SaveMemoryConfig driver to be unloaded after execu= tion because it does not produce any service protocol. To achieve this goal= the DxeRuntimeVariableWriteLib should close registered ExitBootService eve= nts in its DESTRUCTOR. Cc: Nate DeSimone Cc: Liming Gao Cc: Eric Dong Signed-off-by: Chasel Chiu ---V3:Updated LargeVaria= bleWriteLib to return EFI_ABORTED when locking variables failed.Also SaveMe= moryConfig driver will halt the system in this case for developers to fixsu= ch security vulnerability issue. Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemoryConfig= .c | 27 ++++++++++++++++++++++++--- Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariableWr= iteLib.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeRuntim= eVariableWriteLib.c | 61 +++++++++++++++++++++++++++++++++++++++++++++--= -------------- Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemoryConfig= .inf | 3 ++- Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLib.h = | 25 +++++++++++++++++++++++-- Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeRuntim= eVariableWriteLib.inf | 8 +++++--- 6 files changed, 209 insertions(+), 30 deletions(-) diff --git a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/Save= MemoryConfig.c b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/= SaveMemoryConfig.c index 820585f676..54e11e20bd 100644 --- a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemoryC= onfig.c +++ b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemo +++ ryConfig.c @@ -2,13 +2,14 @@ This is the driver that locates the MemoryConfigurationData HOB, if it = exists, and saves the data to nvRAM. -Copyright (c) 2017 - 2021, Intel Cor= poration. All rights reserved.
+Copyright (c) 2017 - 2022, Intel Corpora= tion. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent= **/ #include #include +#include #in= clude #include #include @@ -18,6 +19,7 @@ SPDX-License-= Identifier: BSD-2-Clause-Patent #include #include #include +#include #include /**@@ -86,6 +88,18 @@= SaveMemoryConfigEntryPoint ( Status =3D GetLargeVariable (L"FspNvsBuffer", &gFspNvsBufferVa= riableGuid, &BufferSize, VariableData); if (!EFI_ERROR (Status)= && (BufferSize =3D=3D DataSize) && (0 =3D=3D CompareMem (HobData, Variable= Data, DataSize))) { DataIsIdentical =3D TRUE;+ /= /+ // No need to update Variable, only lock it.+ = //+ Status =3D LockLargeVariable (L"FspNvsBuffer", &gFspNvsBu= fferVariableGuid);+ if (EFI_ERROR(Status)) {+ /= /+ // Fail to lock variable is security vulnerability and sh= ould not happen.+ //+ DEBUG ((DEBUG_ERROR, "L= ockVariable is requested but failed unexpectedly!\n"));+ ASS= ERT_EFI_ERROR (Status);+ CpuDeadLoop();+ } = } FreePool (VariableData); }@@ -96,6 +110,13 = @@ SaveMemoryConfigEntryPoint ( if (!DataIsIdentical) { Status =3D SetLargeVariable (L"FspNv= sBuffer", &gFspNvsBufferVariableGuid, TRUE, DataSize, HobData); ASS= ERT_EFI_ERROR (Status);+ if (Status =3D=3D EFI_ABORTED) {+ = //+ // Fail to lock variable is security vulnerability and should = not happen.+ //+ DEBUG ((DEBUG_ERROR, "LockVariable is re= quested but failed unexpectedly!\n"));+ CpuDeadLoop();+ } = DEBUG ((DEBUG_INFO, "Saved size of FSP / MRC Training Data: 0x%x\n",= DataSize)); } else { DEBUG ((DEBUG_INFO, "FSP / MRC Training= Data is identical to data from last boot, no need to save.\n"));@@ -106,7 = +127,7 @@ SaveMemoryConfigEntryPoint ( } //- // This driver cannot be unloaded because DxeRuntimeVariableWr= iteLib constructor will register ExitBootServices callback.+ // This drive= r does not produce any protocol services, so always unload it. //- retur= n EFI_SUCCESS;+ return EFI_REQUEST_UNLOAD_IMAGE; }diff --git a/Platform/In= tel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariableWriteLib.c b/P= latform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVariableWrit= eLib.c index e4b97ef1df..154f6f448f 100644 --- a/Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVaria= bleWriteLib.c +++ b/Platform/Intel/MinPlatformPkg/Library/BaseLargeVariableLib/LargeVa +++ riableWriteLib.c @@ -10,7 +10,7 @@ integer number will be added to the end of the variable name. This numbe= r will be incremented for each variable as needed to store the entire dat= a set. - Copyright (c) 2021, Intel Corporation. All rights reserved.
+ = Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved.
S= PDX-License-Identifier: BSD-2-Clause-Patent **/@@ -245,7 +245,7 @@ Done: @retval EFI_DEVICE_ERROR The variable could not be retrieved due t= o a hardware error. @retval EFI_WRITE_PROTECTED The variable in questi= on is read-only. @retval EFI_WRITE_PROTECTED The variable in question = cannot be deleted.-+ @retval EFI_ABORTED LockVariable was reque= sted but failed. @retval EFI_NOT_FOUND The variable trying to be= updated or deleted was not found. **/@@ -412,7 +412,7 @@ SetLargeVariable= ( // all data is saved. // if (LockVariable) {- for (Index = =3D 0; Index < VariablesSaved; Index++) {+ for (Index =3D 0; Index <= =3D VariablesSaved; Index++) { ZeroMem (TempVariableName, MAX_VARIA= BLE_NAME_SIZE); UnicodeSPrint (TempVariableName, MAX_VARIABLE_NAME_= SIZE, L"%s%d", VariableName, Index); @@ -420,7 +420,7 @@ SetLargeVariable ( Status =3D VarLibVariableRequestToLock (TempVariableName, VendorGu= id); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "SetL= argeVariable: Error locking variable: Status =3D %r\n", Status));- = VariablesSaved =3D 0;+ Status =3D EFI_ABORTED; goto Don= e; } }@@ -442,9 +442,114 @@ Done: 0, NULL );- DEBUG= ((DEBUG_ERROR, "SetLargeVariable: Error deleting variable: Status =3D %r\n= ", Status2));+ if (EFI_ERROR (Status2)) {+ DEBUG ((DEBUG_ERROR,= "SetLargeVariable: Error deleting variable: Status =3D %r\n", Status2));+ = } } } DEBUG ((DEBUG_ERROR, "SetLargeVariable: Status =3D %r\n"= , Status)); return Status; }++/**+ Locks the existing large variable.++ = @param[in] VariableName A Null-terminated string that is the name o= f the vendor's variable.+ Each VariableName= is unique for each VendorGuid. VariableName must+ = contain 1 or more characters. If VariableName is an empty string,+ = then EFI_INVALID_PARAMETER is returned.+ @= param[in] VendorGuid A unique identifier for the vendor.+ @retval= EFI_SUCCESS The firmware has successfully locked the variable.+= @retval EFI_INVALID_PARAMETER An invalid combination of variable name an= d GUID was supplied+ @retval EFI_UNSUPPORTED The service for lockin= g variable is not ready.+ @retval EFI_NOT_FOUND The targeting var= iable for locking is not present.+ @retval EFI_ABORTED Fail to = lock variable.+**/+EFI_STATUS+EFIAPI+LockLargeVariable (+ IN CHAR16 = *VariableName,+ IN EFI_GUID *VendorG= uid+ )+{+ CHAR16 TempVariableName[MAX_VARIABLE_NAME_SIZE];+ UINT6= 4 VariableSize;+ EFI_STATUS Status;+ UINTN Index;++ //= + // Check input parameters.+ //+ if (VariableName =3D=3D NULL || Variab= leName[0] =3D=3D 0 || VendorGuid =3D=3D NULL) {+ return EFI_INVALID_PARA= METER;+ }++ if (!VarLibIsVariableRequestToLockSupported ()) {+ return = EFI_UNSUPPORTED;+ }++ VariableSize =3D 0;+ Index =3D 0;+ ZeroMem (TempV= ariableName, MAX_VARIABLE_NAME_SIZE);+ UnicodeSPrint (TempVariableName, MA= X_VARIABLE_NAME_SIZE, L"%s%d", VariableName, Index);+ Status =3D VarLibGet= Variable (TempVariableName, VendorGuid, NULL, &VariableSize, NULL);+ if (S= tatus =3D=3D EFI_BUFFER_TOO_SMALL) {+ //+ // Lock multiple variables.= + //++ //+ // Lock first variable and continue to rest of the vari= ables.+ //+ DEBUG ((DEBUG_INFO, "Locking %s, Guid =3D %g\n", TempVari= ableName, VendorGuid));+ Status =3D VarLibVariableRequestToLock (TempVar= iableName, VendorGuid);+ if (EFI_ERROR(Status)) {+ DEBUG ((DEBUG_ER= ROR, "LockLargeVariable: Failed! Satus =3D %r\n", Status));+ return EF= I_ABORTED;+ }+ for (Index =3D 1; Index < MAX_VARIABLE_SPLIT; Index++)= {+ ZeroMem (TempVariableName, MAX_VARIABLE_NAME_SIZE);+ UnicodeS= Print (TempVariableName, MAX_VARIABLE_NAME_SIZE, L"%s%d", VariableName, Ind= ex);++ VariableSize =3D 0;+ Status =3D VarLibGetVariable (TempVar= iableName, VendorGuid, NULL, &VariableSize, NULL);+ if (Status =3D=3D = EFI_BUFFER_TOO_SMALL) {+ DEBUG ((DEBUG_INFO, "Locking %s, Guid =3D %= g\n", TempVariableName, VendorGuid));+ Status =3D VarLibVariableRequ= estToLock (TempVariableName, VendorGuid);+ if (EFI_ERROR(Status)) {+= DEBUG ((DEBUG_ERROR, "LockLargeVariable: Failed! Satus =3D %r\n",= Status));+ return EFI_ABORTED;+ }+ } else if (Status = =3D=3D EFI_NOT_FOUND) {+ //+ // No more variables need to loc= k.+ //+ return EFI_SUCCESS;+ }+ } // End of for loo= p+ } else if (Status =3D=3D EFI_NOT_FOUND) {+ //+ // Check if it is = single variable scenario.+ //+ VariableSize =3D 0;+ Status =3D Var= LibGetVariable (VariableName, VendorGuid, NULL, &VariableSize, NULL);+ i= f (Status =3D=3D EFI_BUFFER_TOO_SMALL) {+ //+ // Lock single vari= able.+ //+ DEBUG ((DEBUG_INFO, "Locking %s, Guid =3D %g\n", Varia= bleName, VendorGuid));+ Status =3D VarLibVariableRequestToLock (Variab= leName, VendorGuid);+ if (EFI_ERROR(Status)) {+ DEBUG ((DEBUG_E= RROR, "LockLargeVariable: Failed! Satus =3D %r\n", Status));+ return= EFI_ABORTED;+ }+ return EFI_SUCCESS;+ }+ }++ //+ // Here p= robably means variable not present.+ //+ return Status;++}diff --git a/Pl= atform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeRuntimeVa= riableWriteLib.c b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariable= WriteLib/DxeRuntimeVariableWriteLib.c index 9ed59f8827..28730f858b 100644 --- a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeR= untimeVariableWriteLib.c +++ b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/D +++ xeRuntimeVariableWriteLib.c @@ -10,7 +10,7 @@ Using this library allows code to be written in a generic manner that ca= n be used in DXE or SMM without modification. - Copyright (c) 2021, Inte= l Corporation. All rights reserved.
+ Copyright (c) 2021 - 2022, Intel = Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clau= se-Patent **/@@ -18,14 +18,16 @@ #include #include -#include +#include #include #include #include #include -STATIC EDKII_VA= RIABLE_LOCK_PROTOCOL *mVariableWriteLibVariableLock =3D NULL;+STATIC EDKII= _VARIABLE_POLICY_PROTOCOL *mVariableWriteLibVariablePolicy =3D NULL;+EFI_E= VENT mExitBootServiceEvent;+EFI_EVENT = mLegacyBootEvent; /** Sets the value of a variable.= @@ -144,7 +146,7 @@ VarLibIsVariableRequestToLockSupported ( VOID ) {- if (mVariableWriteLibVariableLock !=3D NULL) {+ if (mVaria= bleWriteLibVariablePolicy !=3D NULL) { return TRUE; } else { retu= rn FALSE;@@ -178,16 +180,45 @@ VarLibVariableRequestToLock ( { EFI_STATUS Status =3D EFI_UNSUPPORTED; - if (mVariableWriteLibVari= ableLock !=3D NULL) {- Status =3D mVariableWriteLibVariableLock->Request= ToLock (- mVariableWriteLibVar= iableLock,- VariableName,- = VendorGuid- = );+ if (mVariableWriteLibVariablePolicy !=3D NULL)= {+ Status =3D RegisterBasicVariablePolicy (+ mVariableWri= teLibVariablePolicy,+ (CONST EFI_GUID*) VendorGuid,+ = (CONST CHAR16 *) VariableName,+ VARIABLE_POLICY_NO_MIN_= SIZE,+ VARIABLE_POLICY_NO_MAX_SIZE,+ VARIABLE_P= OLICY_NO_MUST_ATTR,+ VARIABLE_POLICY_NO_CANT_ATTR,+ = VARIABLE_POLICY_TYPE_LOCK_NOW+ ); } return Status; }= +/**+ Close events when driver unloaded.++ @param[in] ImageHandle A han= dle for the image that is initializing this driver+ @param[in] SystemTable= A pointer to the EFI system table++ @retval EFI_SUCCESS The initiali= zation finished successfully.+**/+EFI_STATUS+EFIAPI+DxeRuntimeVariableWrite= LibDestructor (+ IN EFI_HANDLE ImageHandle,+ IN EFI_SYSTEM_TABLE = *SystemTable+ )+{+ if (mExitBootServiceEvent !=3D 0) {+ gBS->CloseEven= t (mExitBootServiceEvent);+ }+ if (mLegacyBootEvent !=3D 0) {+ gBS->Cl= oseEvent (mLegacyBootEvent);+ }+ return EFI_SUCCESS;+}+ /** Exit Boot S= ervices Event notification handler. @@ -202,7 +233,7 @@ DxeRuntimeVariableW= riteLibOnExitBootServices ( IN VOID *Context ) {- mVariableWriteLibVaria= bleLock =3D NULL;+ mVariableWriteLibVariablePolicy =3D NULL; } /**@@ -227= ,13 +258,11 @@ DxeRuntimeVariableWriteLibConstructor ( ) { EFI_STATUS Status;- EFI_EVENT ExitBootServiceEvent;- EFI_= EVENT LegacyBootEvent; // // Locate VariableLockProtocol. //- S= tatus =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID= **)&mVariableWriteLibVariableLock);+ Status =3D gBS->LocateProtocol (&gEd= kiiVariablePolicyProtocolGuid, NULL, (VOID **)&mVariableWriteLibVariablePol= icy); ASSERT_EFI_ERROR (Status); //@@ -245,7 +274,7 @@ DxeRuntimeVaria= bleWriteLibConstructor ( DxeRuntimeVariableWriteLibOnExitBootServices, NU= LL, &gEfiEventExitBootServicesGuid,- &ExitBootServ= iceEvent+ &mExitBootServiceEvent ); ASSERT_EFI_E= RROR (Status); @@ -257,7 +286,7 @@ DxeRuntimeVariableWriteLibConstructor ( TPL_NOTIFY, DxeRuntimeVariableWriteLibOnExitBoot= Services, NULL,- &LegacyBootEvent+ &mL= egacyBootEvent ); ASSERT_EFI_ERROR (Status); diff --git a/Pl= atform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemoryConfig.in= f b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemoryCon= fig.inf index e2dbd2fb49..61e85a6586 100644 --- a/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemoryC= onfig.inf +++ b/Platform/Intel/MinPlatformPkg/FspWrapper/SaveMemoryConfig/SaveMemo +++ ryConfig.inf @@ -1,7 +1,7 @@ ### @file # Component information file for SaveMemoryConfig module #-# Cop= yright (c) 2017 - 2021, Intel Corporation. All rights reserved.
+# Copyr= ight (c) 2017 - 2022, Intel Corporation. All rights reserved.
# # SPDX-= License-Identifier: BSD-2-Clause-Patent #@@ -25,6 +25,7 @@ BaseMemoryLib LargeVariableReadLib LargeVariableWriteLib+ BaseLib = [Packages] MdePkg/MdePkg.decdiff --git a/Platform/Intel/MinPlatformPkg/In= clude/Library/LargeVariableWriteLib.h b/Platform/Intel/MinPlatformPkg/Inclu= de/Library/LargeVariableWriteLib.h index c847d7f152..64b0090c2c 100644 --- a/Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLib.h +++ b/Platform/Intel/MinPlatformPkg/Include/Library/LargeVariableWriteLi +++ b.h @@ -16,7 +16,7 @@ is possible, adjusting the value of PcdMaxVariableSize may provide a sim= pler solution to this problem. - Copyright (c) 2021, Intel Corporation. = All rights reserved.
+ Copyright (c) 2021 - 2022, Intel Corporation. Al= l rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/@= @ -52,7 +52,7 @@ @retval EFI_DEVICE_ERROR The variable could not be retrieved due t= o a hardware error. @retval EFI_WRITE_PROTECTED The variable in questi= on is read-only. @retval EFI_WRITE_PROTECTED The variable in question = cannot be deleted.-+ @retval EFI_ABORTED LockVariable was reque= sted but failed. @retval EFI_NOT_FOUND The variable trying to be= updated or deleted was not found. **/@@ -66,4 +66,25 @@ SetLargeVariable = ( IN VOID *Data ); +/**+ Locks the existing la= rge variable.++ @param[in] VariableName A Null-terminated string th= at is the name of the vendor's variable.+ E= ach VariableName is unique for each VendorGuid. VariableName must+ = contain 1 or more characters. If VariableName is an= empty string,+ then EFI_INVALID_PARAMETER = is returned.+ @param[in] VendorGuid A unique identifier for the v= endor.+ @retval EFI_SUCCESS The firmware has successfully locke= d the variable.+ @retval EFI_INVALID_PARAMETER An invalid combination of = variable name and GUID was supplied+ @retval EFI_UNSUPPORTED The se= rvice for locking variable is not ready.+ @retval EFI_NOT_FOUND T= he targeting variable for locking is not present.+ @retval EFI_ABORTED = Fail to lock variable.+**/+EFI_STATUS+EFIAPI+LockLargeVariable (+ = IN CHAR16 *VariableName,+ IN EFI_GUID = *VendorGuid+ );+ #endif // _LARGE_VARIABLE_WRITE_LIB_H_diff --git= a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeRunt= imeVariableWriteLib.inf b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeV= ariableWriteLib/DxeRuntimeVariableWriteLib.inf index 704a8ac7cc..f83090c847 100644 --- a/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/DxeR= untimeVariableWriteLib.inf +++ b/Platform/Intel/MinPlatformPkg/Library/DxeRuntimeVariableWriteLib/D +++ xeRuntimeVariableWriteLib.inf @@ -10,7 +10,7 @@ # Using this library allows code to be written in a generic manner that ca= n be # used in DXE or SMM without modification. #-# Copyright (c) 2021, Int= el Corporation. All rights reserved.
+# Copyright (c) 2021 - 2022, Intel= Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-C= lause-Patent #@@ -24,6 +24,7 @@ MODULE_TYPE =3D DXE_RUNTIME_DRIVER LIBRARY_CLASS = =3D VariableWriteLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER = UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR =3D DxeRuntim= eVariableWriteLibConstructor+ DESTRUCTOR =3D DxeRuntim= eVariableWriteLibDestructor [Packages] MdePkg/MdePkg.dec@@ -37,13 +38,14= @@ UefiLib UefiBootServicesTableLib UefiRuntimeServicesTableLib+ Varia= blePolicyHelperLib [Guids] gEfiEventExitBootServicesGuid ## CONSUM= ES ## Event [Protocols] gEfiVariableWriteArchProtocolGuid ## CONSUMES-= gEdkiiVariableLockProtocolGuid ## CONSUMES+ gEdkiiVariablePolicyPro= tocolGuid ## CONSUMES [Depex]- gEfiVariableWriteArchProtocolGuid AND= gEdkiiVariableLockProtocolGuid+ gEfiVariableWriteArchProtocolGuid AND gEd= kiiVariablePolicyProtocolGuid--=20 2.28.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86614): https://edk2.groups.io/g/devel/message/86614 Mute This Topic: https://groups.io/mt/89067146/1492418 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [isaac.w.oram@intel.com] = -=3D-=3D-=3D-=3D-=3D-=3D