From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web11.9359.1670578892200069365 for ; Fri, 09 Dec 2022 01:41:32 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=NExrhx87; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1670578892; x=1702114892; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=z8858bqhfWNsOeAJs1SSGvDNi1ASJHgMlABZNN1l+9k=; b=NExrhx876eNqgviWX8InYSQaOrzUxVp3y2sChVDTeUpGvlI+GhNeEcTf yO/Sklwy1oNbFYO4puUcH80gWpMQlX503EHPMP9g+RE2WMPnlRQt9vn+N 9NBoB4VnVysxRA3bZKCxKUvJfzjN+bOiRnaynI59M/CNVFmGgE8/tsazH zFNOqMts2GSAlkCuSOC6Z5Hv5f5RbR/bKKAfWRsssNUCMUHn4m/+5Xg8L ltsLCuKduqlICDl+teRH3eDr2sMWgYvoOtltqM2tmpp1VlEaeYySzDbDB mT9Etsx/32ByBZ03sitGMcwfu8uISk0I4xrfpKBe15RpjIgSc8uc+958N A==; X-IronPort-AV: E=McAfee;i="6500,9779,10555"; a="305066922" X-IronPort-AV: E=Sophos;i="5.96,230,1665471600"; d="scan'208";a="305066922" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Dec 2022 01:41:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10555"; a="821678339" X-IronPort-AV: E=Sophos;i="5.96,230,1665471600"; d="scan'208";a="821678339" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga005.jf.intel.com with ESMTP; 09 Dec 2022 01:41:31 -0800 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Fri, 9 Dec 2022 01:41:30 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Fri, 9 Dec 2022 01:41:30 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via Frontend Transport; Fri, 9 Dec 2022 01:41:30 -0800 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Fri, 9 Dec 2022 01:41:29 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jzKEnr3WxIZQQJ5JRFZElqUPbU5V397VTMd5AEs3mxWg89j+gCzan2qWIKZNzGIVdKvaCN2T1wmuo/+r5Ud5JIQDW3BKNosOyGTPsVAMf4u+MA1vlEIVD9SIrMCfN1Uu8g+fsK23gB8zJo9RSQSr3RUGtTH9nUk1s/0Er3iY4BbnaFOsjxJ26WJJyBWBDz4OGlwEZ1NBUmxiETIB3gniMra1LIpKoQpTuwsR76yXPOwWGVJXe3YlDyrjX0zWDEjpqJtA4QNrY1J0fwJoMCxRC4KbnnMCug0Hv0Pnnv09XYCkeSTmfudtbrLEe7PEgIxb3sNOydEtK9D7tGFbPnnhNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C+D85nSH1CE29DLG/aKp3Yf0RRfYn7AFdHVHeOq42aI=; b=Zg87MkVcGWcR501Et1+mR+QNOlVnVjUg4fLeXweco1d0XUFAXMFG9MLSZJREDDpRaWTsKBGkaKKSzDNHtfUJiZ58nxE9oiT2ThaPjVkRnqo4t/en7HYkoGvIlnBD1aZgtDuOGbrXa59QyEmtujoer+4Ipo5yTn6eRs5vpVdTcM5DveuA/077RBYepWLM3WTNhYZewmGlyJQ9WfiFWao1Iw2EXIPiJRUe+Y6lSs1ixMuHG/exoSJk+Z2pBeo7yGX+a6oM2+pfXeBt5GrqUHN5B1/3mPxuK4ONbAfTAbs4gjXJ5zNcaYLX6iu7VW+hlI/f91GwFkxfm3oiim3pp543PA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SA2PR11MB5163.namprd11.prod.outlook.com (2603:10b6:806:113::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.18; Fri, 9 Dec 2022 09:41:27 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::5f56:1bdc:2eae:c041]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::5f56:1bdc:2eae:c041%9]) with mapi id 15.20.5880.018; Fri, 9 Dec 2022 09:41:27 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , "Vang, Judah" CC: "Kinney, Michael D" , "Wang, Jian J" , "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH v5 00/19] UEFI variable protection Thread-Topic: [edk2-devel] [PATCH v5 00/19] UEFI variable protection Thread-Index: AQHY8brNAKo3EOTVBUSRu6Q35cJSgq5lZEdggAAb3RA= Date: Fri, 9 Dec 2022 09:41:26 +0000 Message-ID: References: <20221106073509.3071-1-judah.vang@intel.com> <172F11512E3044E7.1612@groups.io> In-Reply-To: <172F11512E3044E7.1612@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA2PR11MB5163:EE_ x-ms-office365-filtering-correlation-id: d5ad0ce1-2299-4295-dfeb-08dad9c98afb x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: U6lVJmvbbwRfQs8D9RoXob3QSyL4XcT2gcGd0gZIn4bM56XLxNqfU4w5heG+gX+vIgcjtEBuaeFS9uFJR6Vt9RkGY5Bu6J5SFXzU8k7cyO7m5FuZnQy8qkmIhs440yE4SplnbisEQbQuubLohIO3X2i6SsaoqleQ1TVN/5XOhSdHNtEymDvJAvwbtY01+l8DkA72973ABjBnmqCMd1IQPjnwEmfvDUkdx/BAvwPjx4XDHZ5uC3YkPw7KZjyHkhkaFWyyIumJXZYkx/z7MJB938NeJcwhXzEk7m27AKMsjvD8w/7JcglanJhuO/bFnbC47VxUYhfA+kkm3/H1HLIDKrwBvRg0NSsK4HVPb/c1LbN/KS8Fv+Fny1WEMWJ7iz1VV6RF+weVoh+kIF6EWDwdOF69OiFoR6oyOIYeTfEykPvsoJcUR5SJdh9uJYOwWMx97wgtS8Kt+K5jLqhtHY8+LCN2MjgtVvioxo2oCLIgvhlrrfl1tkvcLRksyGOmVmYo6xRQhLXfsrXxs6WxmLU1XQBQl8JvlYCg4+pGNofX/jxyw7gJGowbGakkMOG17wItowCw81GgRAfphgLojeoMNZZt7wcpXVNYGyjgk0cjZhHJ7culTWvYAEatNtuxE0oxXmN76MaLj0RxM1ESbTMx4A/8eH0kETFjVunbKJ7iqVShYeOxAjHMY9qF5WkYENIzxf0gCkpWNfaYlH2qC11TuVsbbjbGzQIEUodmI9mkCGohcDfpNTE4tpS4DaWz1CLopsfS6VVhbEpLiRcI3nPBvQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(346002)(136003)(396003)(376002)(366004)(39860400002)(451199015)(66899015)(478600001)(966005)(6506007)(86362001)(7696005)(26005)(71200400001)(38070700005)(107886003)(53546011)(9686003)(110136005)(6636002)(54906003)(82960400001)(316002)(19627235002)(38100700002)(122000001)(66446008)(66476007)(66556008)(4326008)(76116006)(64756008)(8676002)(41300700001)(66946007)(55016003)(33656002)(186003)(83380400001)(8936002)(52536014)(5660300002)(2906002)(30864003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?tSOV12EIc1qYzVSeGO1jVJSqHcGmhNtY4XOoOaqbn3QfjBeBGtuJoUsKGfmM?= =?us-ascii?Q?z/zNbcxtLSXMhRq1oX0YHx4rtIp3o4m4ocPGVGPH9t8Kv/odMBq3f8yv5XPs?= =?us-ascii?Q?+xw9STX8K5wQhReCPTtYoTU9ILA6y37f+S572MkTIAkCPSNjtbOejNONzh4/?= =?us-ascii?Q?/V4veCX0vmgOpjb6oYiJyQdUZYwuEp9raZSPMrgvmN83ATMfxJZX50plLmvO?= =?us-ascii?Q?eETDwDZYQW5ZG8MyfHuiFOxXgLug9zmiyxRcZGjZtONE93f7ANVaT7U5NJOo?= =?us-ascii?Q?Is/zmJSNSQ/LtkiCN2hGK0wZA4YrdMPgAiq63XnKj0iB/FUivkk0CR4cQNpg?= =?us-ascii?Q?EChGNfg1rVO2P3t5oRpoUXk2YH7gJr9O1T9DJr23PK92Tuag3v0wTdLtLR79?= =?us-ascii?Q?/NZkyMumtD9tYC4UxBIhCZ5Bg01bS5Z6bLx1BIsp4KXleSE7BZXcnqwFuqto?= =?us-ascii?Q?OyfpGY8rVJiOqCtQ/5Zsr8tikQx7fa9nttNBS6soevQNz3XVYPMdPVhc15Rz?= =?us-ascii?Q?/nNwBm4/JgAGBlOwjYlh70Kn6lphDqGIA5xBqpmUrF+bcDV9Iff6tRfHmJPR?= =?us-ascii?Q?his7rmV+ojHMD8ZrORRR69H5E5UKGroRG8JzuNrrQohVGb/LiJw8c5wIMLx6?= =?us-ascii?Q?ppYvlJtfkvhID2IvQYYWrR2TUiV1D1KY7ThhPz4JZDsItrrI+GHKam6B+pxi?= =?us-ascii?Q?EuKsz2/4rCwYxoPKRXljPBzu+8p+51HL03C/yM8hApM0wZR3L14uopROudef?= =?us-ascii?Q?KYXb4G73CawxCtMVvDvQm93bBu8YktJVD+KkJTsqTnwbBEtqRND0YVAv+A7+?= =?us-ascii?Q?kIt2P7mLkthUZ3+m3EcSKzlJF0ZE+vSbLaGCnLE01tTcESPCzulNhEfQFSzP?= =?us-ascii?Q?rYeaH7SP2acQSjTjg6JRzu4BgsZZVLB7CGTcxE+lDWzgnImSOOt3mlpc0gCs?= =?us-ascii?Q?MhhtfxGZWqjkbOslUIAORjcur57FH0XsuFn0ypdoFAlWyNRgis6HaLCDbWlL?= =?us-ascii?Q?zRJjJvGgewQTuGg0bAflgqsMGyfPb254bMdoYKFeXEzY1+bdtYltIHqrNUNU?= =?us-ascii?Q?sP2XentBlbZyT9D5HdhyrFxmznsd3I2kOkUNMKBl3ltbkGFnqfooedWYd4l3?= =?us-ascii?Q?Uej8YB+ikFXbZAN6MNJGPrwar7jo+rGiRYY8mqEd44e5gk7zvaKCxt/mSpKn?= =?us-ascii?Q?c2v7lRM+MMJDGB5HFyEhhzcsjZsic8AonHRc50dz2Cn0rvSKtZBDSNxUGSkq?= =?us-ascii?Q?Ouyet9JOLdk5/D3Dl/HpykENLh36EpnbOrqTTgZCWe0144gjhcal3UeisMHh?= =?us-ascii?Q?ukcwAhOBtGXpRB52pY2Eb2AJsdwa+WVvdQePevVwI90s19OWAivmHajYVvmd?= =?us-ascii?Q?K74HNQ0mu6pCoOxeJv8rGN4HAXi7x9hmWTGrw/U440fE4NbIwRiR1E5BJ6rW?= =?us-ascii?Q?aixvprmnlnifnz+yJUtbf0Xm3H9Qs4PGoJOMOqMZoegNW3CiIg75l2/XxvQ4?= =?us-ascii?Q?8X4kyYw0mgcf/5SM3XvuV0MptD3Ej+VCdtF0pVdveGU+taI6qwGixV6jciMo?= =?us-ascii?Q?plSrGKadVFkz3uzC2WqwOYwbX8are+pex9UDWB6v?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d5ad0ce1-2299-4295-dfeb-08dad9c98afb X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2022 09:41:26.9295 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nv0pz4mDHTa6/4qKXWgztFlglt8vISS83YS09edxXXocXpIN6FWlsIyC+YJy7Splv/eLsH37QQFOfpzagsOIHg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR11MB5163 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hey I notice that there is duplicated code in variable driver (MdeModulePkg/Uni= versal/Variable/Protected/ and MdeModulePkg/Universal/Variable/). That is n= ot the best idea and it adds maintenance burden. I am not sure if the feature is ready for EDKII. Another option is to create ProtectedVariablePkg in https://github.com/tian= ocore/edk2-platforms/tree/master/Features/Intel, and put code there. It can merge back from edk2-platforms to edk2, after we finalize the Variab= le driver interface and avoid code duplication. Thank you Yao, Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, > Jiewen > Sent: Friday, December 9, 2022 4:04 PM > To: devel@edk2.groups.io; Vang, Judah > Cc: Yao, Jiewen ; Kinney, Michael D > ; Wang, Jian J > Subject: Re: [edk2-devel] [PATCH v5 00/19] UEFI variable protection >=20 > Hi > Since this is a big feature in SecurityPkg and MdeModulePkg, I proposal t= o > add *dedicated reviewer(s)* to support the maintenance work in EDKII. >=20 > Something like: >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > MdeModulePkg: Protected Variable > F: MdeModulePkg/Universal/Variable/Protected/ > F: > R: >=20 >=20 > SecurityPkg: Protected Variable > F: SecurityPkg/Library/ProtectedVariableLib/ > F: > R: >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > Please follow the style at > https://github.com/tianocore/edk2/blob/master/Maintainers.txt >=20 > Thank you > Yao, Jiewen >=20 >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Judah > > Vang > > Sent: Sunday, November 6, 2022 3:35 PM > > To: devel@edk2.groups.io > > Subject: [edk2-devel] [PATCH v5 00/19] UEFI variable protection > > > > Patch 07 - Add PEI Variable Protection into a new directory and leave t= he > > existing PEI Variable unchanged. > > > > Patch 08 - Add RuntimeDxe Variable Protection into a new directory and > > keep existing Variable for RuntimeDxe unchanged. > > > > Patch 09 - Add reference to new Protected Variable libs. > > > > Patch 16 - Applied code review comments by adding PEIM to library class > > > > Patch 18 - Applied code review comments by removing unused API. > > > > Notes: > > The CryptoPkg changes are now being tracked separately. > > Patches 21 on is no longer needed due to reorganization of the new > > protected variable modules. > > > > Judah Vang (19): > > MdePkg: Add reference to new Ppi Guid > > MdeModulePkg: Update AUTH_VARIABLE_INFO struct > > MdeModulePkg: Add new ProtectedVariable GUIDs > > MdeModulePkg: Add new include files > > MdeModulePkg: Add new GUID for Variable Store Info > > MdeModulePkg: Add Null ProtectedVariable Library > > MdeModulePkg: Add new Variable functionality > > MdeModulePkg: Add support for Protected Variables > > MdeModulePkg: Reference Null ProtectedVariableLib > > SecurityPkg: Add new GUIDs for > > SecurityPkg: Add new KeyService types and defines > > SecurityPkg: Add new variable types and functions > > SecurityPkg: Update RPMC APIs with index > > SecurityPkg: Fix GetVariableKey API > > SecurityPkg: Add null encryption variable libs > > SecurityPkg: Add VariableKey library function > > SecurityPkg: Add EncryptionVariable lib with AES > > SecurityPkg: Add Protected Variable Services > > SecurityPkg: Add references to new *.inf files > > > > MdeModulePkg/MdeModulePkg.dec > > | 13 +- > > SecurityPkg/SecurityPkg.dec > > | 43 +- > > MdeModulePkg/MdeModulePkg.dsc > > | 20 +- > > MdeModulePkg/Test/MdeModulePkgHostTest.dsc > > | 8 + > > SecurityPkg/SecurityPkg.dsc > > | 13 +- > > > > > MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull > > .inf | 34 + > > MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf > > | 79 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni > > tTest/VariableLockRequestToLockUnitTest.inf | 36 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eDxe.inf | 151 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.i > > nf | 153 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxe.inf | 119 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal > > oneMm.inf | 143 + > > SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf > > | 43 + > > > > > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.i= n > > f | 34 + > > SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf > > | 64 + > > SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf > > | 68 + > > SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf > > | 67 + > > > > > SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLi > > b.inf | 62 + > > SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf > > | 36 + > > MdeModulePkg/Include/Guid/ProtectedVariable.h > > | 22 + > > MdeModulePkg/Include/Library/AuthVariableLib.h > > | 4 +- > > MdeModulePkg/Include/Library/EncryptionVariableLib.h > > | 165 + > > MdeModulePkg/Include/Library/ProtectedVariableLib.h > > | 607 +++ > > MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h > > | 225 ++ > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h > > | 309 ++ > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h > > | 116 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/PrivilegePolym > > orphic.h | 158 + > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h > > | 948 +++++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol > > atile.h | 67 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing > > .h | 424 ++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eCache.h | 51 + > > MdePkg/Include/Ppi/ReadOnlyVariable2.h > > | 4 +- > > SecurityPkg/Include/Library/RpmcLib.h > > | 15 +- > > SecurityPkg/Include/Library/VariableKeyLib.h > > | 37 +- > > SecurityPkg/Include/Ppi/KeyServicePpi.h > > | 57 + > > SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h > > | 49 + > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h > > | 589 +++ > > MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c > > | 336 ++ > > MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c > > | 628 +++ > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c > > | 941 +++++ > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c > > | 307 ++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c > > | 343 ++ > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c > > | 504 +++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni > > tTest/VariableLockRequestToLockUnitTest.c | 607 +++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar > > rierDxe.c | 27 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar > > rierSmm.c | 26 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe > > .c | 153 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSm > > m.c | 569 +++ > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c > > | 101 + > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c > > | 4037 ++++++++++++++++++++ > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c > > | 670 ++++ > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib.c > > | 417 ++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableLockRe > > questToLock.c | 96 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol > > atile.c | 537 +++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing > > .c | 1110 ++++++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePolicyS > > mmDxe.c | 575 +++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eCache.c | 158 + > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c > > | 1268 ++++++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxe.c | 1895 +++++++++ > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal > > oneMm.c | 89 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableTraditi > > onalMm.c | 130 + > > SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c > > | 734 ++++ > > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c > > | 92 + > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c > > | 2103 ++++++++++ > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c > > | 163 + > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c > > | 1327 +++++++ > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c > > | 209 + > > > > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeComm > > on.c | 967 +++++ > > > > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c > > | 233 ++ > > SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c > > | 8 +- > > SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c > > | 59 + > > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c > > | 8 +- > > MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni > > | 16 + > > MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni > > | 14 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eDxe.uni | 22 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eDxeExtra.uni | 14 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.u > > ni | 27 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmEx > > tra.uni | 14 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxe.uni | 23 + > > > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxeExtra.uni | 14 + > > 80 files changed, 26556 insertions(+), 48 deletions(-) > > create mode 100644 > > > MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull > > .inf > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni > > tTest/VariableLockRequestToLockUnitTest.inf > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eDxe.inf > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.i > > nf > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxe.inf > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal > > oneMm.inf > > create mode 100644 > > SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf > > create mode 100644 > > > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.i= n > > f > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf > > create mode 100644 > > > SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLi > > b.inf > > create mode 100644 > SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf > > create mode 100644 MdeModulePkg/Include/Guid/ProtectedVariable.h > > create mode 100644 > > MdeModulePkg/Include/Library/EncryptionVariableLib.h > > create mode 100644 > > MdeModulePkg/Include/Library/ProtectedVariableLib.h > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/PrivilegePolym > > orphic.h > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol > > atile.h > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing > > .h > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eCache.h > > create mode 100644 SecurityPkg/Include/Ppi/KeyServicePpi.h > > create mode 100644 > > SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h > > create mode 100644 > > MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni > > tTest/VariableLockRequestToLockUnitTest.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar > > rierDxe.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar > > rierSmm.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe > > .c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSm > > m.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableLockRe > > questToLock.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol > > atile.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing > > .c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePolicyS > > mmDxe.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eCache.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxe.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal > > oneMm.c > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableTraditi > > onalMm.c > > create mode 100644 > > SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c > > create mode 100644 > > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c > > create mode 100644 > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c > > create mode 100644 > > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeComm > > on.c > > create mode 100644 > > > SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c > > create mode 100644 > SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni > > create mode 100644 > > MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eDxe.uni > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim > > eDxeExtra.uni > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.u > > ni > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmEx > > tra.uni > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxe.uni > > create mode 100644 > > > MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR > > untimeDxeExtra.uni > > > > -- > > 2.35.1.windows.2 > > > > > > > > > > >=20 >=20 >=20 >=20 >=20