From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.89.1683043865512684284 for ; Tue, 02 May 2023 09:11:05 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=CTC0itUX; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683043865; x=1714579865; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4vaLh4NKaZpCxRv6fyTpa+XQjxGiPlTf4euk+UIS4Mc=; b=CTC0itUXf26KcHMotjmv8K2xnaJqBi7FoNu5hZqQn+bQfwlCBrrdRSDz seNGTbjzhwca2110+W9x8Pt6XZ+unphgeRFrhSmojTmYWn3QLHMRHlqHz 2wV2Xbw68ZGJswawKoS2aqlj8AipalwdkmlDfMlxsqlj5sgaI73kadVu/ HpEYy3+KnXP6af9FDo5rnijxORme244PzPyq+R3+lhz2t/92nRtJJcl56 gmLTXK60Ma6C0Kxjhq52aYrSfuqnHEsMxK8qHzpXA9xlYDNyCCPI8aE+k hZE0D+0sYKuASYrvYZOAdTV5U2FxJlr75Zu4ETpPB4v9RoPfRf5aFDUeh g==; X-IronPort-AV: E=McAfee;i="6600,9927,10698"; a="328077811" X-IronPort-AV: E=Sophos;i="5.99,244,1677571200"; d="scan'208";a="328077811" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 May 2023 09:10:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10698"; a="785725236" X-IronPort-AV: E=Sophos;i="5.99,244,1677571200"; d="scan'208";a="785725236" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by FMSMGA003.fm.intel.com with ESMTP; 02 May 2023 09:10:37 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 2 May 2023 09:10:36 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 2 May 2023 09:10:36 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Tue, 2 May 2023 09:10:36 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.44) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Tue, 2 May 2023 09:10:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jC7M4mOs0667O7QJ4a3O+ZcD7AhIsxux2bZ8/DkCanXzEzb3S5xmVd3CHtwuJez8XgvITNyKQxHtj9aF8vB0n3UYKq/9OS1GSaAjqewRxb4fC/6j/0PWXRj2XSKRCBnKi/3e7JFj781FP+gMIhlHTV5EiWkBBE3bQh4MAzSYZ7UqNodzDshuikOwaVeiKvBwpyOE/z4nUcY8b6mD2n3EqZL9DOAjkgs1jDsriq7eGLT5vI5qbFmj1PbaLqtdUUuoWc7Ig+rQZj+vDXkKY4ML3cVOdC0xvAmQN4O9P2TYmQe2hEueTAZKHAWYjE5NhGEvYR9B6YTRUe9vA5T76Y1WLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2GxVC4vaV7hySiURLFRHcTMT6rb+TVyiK3kRvcgW7Yc=; b=S+1CRh2kj0c3XAoXVXd2pnrTxcYAYwbBYGvmU9xOwOaR5xLPiQvePURX4iGpgylsjqilgcUIHshtHU7ldfffGjXa6xrveQ05JuueqnvyJzzO7U6UmeWtD55HXZSEvuwNrqbnp1nOZntGkzInNl8PrLqXYqa+G1XYPZqqLEgfKFF5xbF0InIK4OLBjXEtj85fB7wiJJOUU3qnTxDgBfleSXeQPRN64WrdPLtovXB3wHaV39Dxo7E8ZVjNBWxQG3SzswlsIUyHnfdNUDD1P85kkJiV1R1tmg115LBgWDhHK1o7SkTV/Cc4W6Jv8dJtwC8lIIahTXSnspIZD85X4/WN9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SJ2PR11MB8372.namprd11.prod.outlook.com (2603:10b6:a03:539::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.30; Tue, 2 May 2023 16:10:34 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::48e9:aeb0:c365:388]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::48e9:aeb0:c365:388%6]) with mapi id 15.20.6340.031; Tue, 2 May 2023 16:10:33 +0000 From: "Yao, Jiewen" To: "Liu, Linus" , "devel@edk2.groups.io" CC: FST-FIR-PRC , FST FIR Server , "Chu, Maggie" Subject: Re: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbFwCEyp1DQojiUOhgZhU7VP89a9HSFQQ Date: Tue, 2 May 2023 16:10:33 +0000 Message-ID: References: <20230411095524.1668-1-linus.liu@intel.com> In-Reply-To: <20230411095524.1668-1-linus.liu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SJ2PR11MB8372:EE_ x-ms-office365-filtering-correlation-id: 76505c7b-3dc6-4019-9002-08db4b27c218 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OweYKwJjnJ0pkp0FtqKGaOI2q+qjBCZkMJJZyNsAeYZbCC//V8iBS1a6+bmcHZQMk6zQilO3dYcHHnqnFSMLpJSvfMA9njay6mGmRofg+rLk+a0UxJYB0UD901YWBTkLRzCKLcX+0/sbcKFOnLMPa3vF+0dRnxESnFHUatHDeSrrzlUXdgbz5Z86ZdRWWs1hM/4BSVVCHK3OIr0CCjGMJnA8RWWU/HeGWGoLHRe+DFIn66wrUPEWOrVVmd91hqti4QrKijDHOM+L8T3qxArKFQK/a0knJnf+h1PQ7I3NUWOSKuWTc9aC4bdxLI5imEBLuf9cEmUwJ2pkYerpUNU8O2wcVkvFBpJ2DKvpEof4nEuo2AiiXZ9UXJ/hyfNQN31HxktXWOtFpJjr5cfluv0PaZI+otZF4kqncswjQjV2BKqFlGxT2kHzdn/HlTtBvFDFNQF1hHh3uybFZWBy3LHXHdGCtUTpdAVoobfCYMVM2ftoxx8SfjNMIkVyekkwLxrS8DNNmw2L6mQstuKJpK9H5ZdodJlS8Lou6ArB7cBgGrqsg2cmIOdVU6mYhBOGNvv9L28mm/N/FzU1Mi+GnbqkZinnx3Ih9/2oXXeULMA7dzc= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(346002)(39860400002)(376002)(396003)(136003)(451199021)(76116006)(107886003)(83380400001)(478600001)(186003)(4326008)(54906003)(66446008)(110136005)(64756008)(66476007)(66556008)(66946007)(53546011)(71200400001)(966005)(7696005)(9686003)(6506007)(316002)(8676002)(52536014)(82960400001)(8936002)(5660300002)(41300700001)(2906002)(38100700002)(55016003)(15650500001)(122000001)(38070700005)(86362001)(33656002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?tDi9URPNtqyepZJ2c2ApKTmn+omTbqZvGQpSd7NsIlFv81SJb6reDZnT5bJV?= =?us-ascii?Q?ciPt1RWRvMQJyHZO+8lzOnHBmFp2zoA9s9PHfSYHB1W8zjSrYbqhUR3MRT7q?= =?us-ascii?Q?PyP4jKyM06hN+GvHjfVWQ5hpxd3SXgD+FBi2lxzQNCDa+k/qgrGYMxy9+nAM?= =?us-ascii?Q?ATiIorQsK0jB4Wu1T97bOZ9o9vY9Armj325uRJyO230GT9fYv5V3kPcpamuW?= =?us-ascii?Q?UAUliODNfh+wbZPsDz0LqulwwKEiABJuCUtjccn20EM3fI5SgP9RFgDVkhKp?= =?us-ascii?Q?rV8HdFzllvAQr483/Ufbq11cocYiQN1o7+Pdkp3M7I5NnncXMvj47rzhEgdB?= =?us-ascii?Q?iGqYXEeaC6nOnvkWLUueRgfQTV/s+A9Rkvhhyo6/7UEo7luCDRTfww+SOh5M?= =?us-ascii?Q?gG4EoKTjG5Yld0pp4h3rZqNgbAuq7xcGji/7aMqiLoZ2wvq5ZkeNiiym5xH7?= =?us-ascii?Q?4+T1rfNpck1sdRcEpROOGJG+04TFNTQp54hhrRT/xy8V80nsKXQr+KmAoZIS?= =?us-ascii?Q?mKCLOYVDt7AlyYxRhml+PECFTZDK6rOCzmB0O0p70AF0lAXcIKREv8nyaQXH?= =?us-ascii?Q?rccB7Oz+U29E6MzOX9p/k9bDQskg1OzNdqhrz/+X2fBKfEkpz72VnRWUMPqp?= =?us-ascii?Q?Vmg7uLaN8M0nGteoRVE12mFuw+hHiqwINi82uCgca6/d0wI5L8Qnq+pCI8NH?= =?us-ascii?Q?xG4zdaZ2+L7Zl75LU+AGSYAGZO5ZtjWqxSGEfLfrgDX/O9iqxJ2rpwkWPCDn?= =?us-ascii?Q?1k7isApzpz1zSbE8DwJmI+UpWhkw3RqeU+6bwTAf75VTGohM9geZ6BZd8zZa?= =?us-ascii?Q?p3vJeStXLxf5W/ULkliPpblDnF5SXz+wCz7ry+c09xe4U2zjrDi9uX6dQH1t?= =?us-ascii?Q?OSJZTG9pU+Sp4gDrBPtqJw4JmkYpNBr8pUc7nSMmUMJlC9fs/rsOsKmrDj7S?= =?us-ascii?Q?lBywaPgIeQxOOCamT+QAHTQePTj5mNCPNDw1F5yvATRcx9xoeAXm712lykSb?= =?us-ascii?Q?ka+GCUifZF2lPnVS/wCg4M62UJ9lmiK5LGMvn2b9oI6NH8gVDMxHXkLyihFS?= =?us-ascii?Q?ErOeRYTXDHrZusafe3S0l6i3OFcK0shLY56pU8GxQZJZstcXpJNuSIhVJqQg?= =?us-ascii?Q?4WtOZkXriBfnie8c1oB4SM4JaK/ZJMafItz08de5NYuZqcNaON9n87jhZAcG?= =?us-ascii?Q?j+isHznU3swEtmHRpoNjlxowMCTnMbljzRKZYwot7sFvzoVHmyc4TfZdA7ra?= =?us-ascii?Q?SmJGlUSx9wiPabDROKhwK5hlsq/MhJWJ/J0TAl3lAp8/P5rWKASZGt4qYjES?= =?us-ascii?Q?4a7n9zs0oZcn34s+y08u+Y31eGJABqDmbLC1elMQ+SRFQGu10IdTEUqSVeHa?= =?us-ascii?Q?WCwH/jjHTLUMkONF+N0P5xI0OpjWxv7YOKktGKRBSHAIV7l5Js3st7xtI4fF?= =?us-ascii?Q?w4Nymm3v13aNVQ0Vgne+rx0Yin7tU5SpDSotGWWhtkipJgOHKm4rkhIU9Ak5?= =?us-ascii?Q?lp3eldOZ50viqFWQkV+ISCbV1BpPUsFB5+cMitKljOKEqHgHOxtl+y+UqTrW?= =?us-ascii?Q?j2PwtVBkl+nWTNISYEc=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 76505c7b-3dc6-4019-9002-08db4b27c218 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 May 2023 16:10:33.4673 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: DdBxOC7TzigljO8YMV+c35LXs+/ypUviCgwcSC+JGnwkFs9ApET+5Zy1Wt0p1bnE2Tlkb/h8xmCr2xudzoTyRw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR11MB8372 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks. The patch loos good to me. Would you please share with us, how you validate the patch? > -----Original Message----- > From: Liu, Linus > Sent: Tuesday, April 11, 2023 5:55 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; FST-FIR-PRC prc@intel.com>; FST FIR Server ; Chu, Maggie > > Subject: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to > use Variable Policy >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 >=20 > Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c > Cc: Jiewen Yao > Cc: FST-FIR-PRC > Cc: FST FIR Server C > Cc: Maggie Chu > Signed-off-by: Linus Liu > --- > SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++----- > SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - > SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- > SecurityPkg/SecurityPkg.dsc | 1 + > 4 files changed, 14 insertions(+), 7 deletions(-) >=20 > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c > b/SecurityPkg/HddPassword/HddPasswordDxe.c > index a1a63b67a4..c20fdbe83f 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c > @@ -9,6 +9,7 @@ > **/ >=20 >=20 >=20 > #include "HddPasswordDxe.h" >=20 > +#include >=20 >=20 >=20 > EFI_GUID mHddPasswordVendorGuid =3D > HDD_PASSWORD_CONFIG_GUID; >=20 > CHAR16 mHddPasswordVendorStorageName[] =3D > L"HDD_PASSWORD_CONFIG"; >=20 > @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( > HDD_PASSWORD_DXE_PRIVATE_DATA *Private; >=20 > VOID *Registration; >=20 > EFI_EVENT EndOfDxeEvent; >=20 > - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; >=20 > + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; >=20 >=20 >=20 > Private =3D NULL; >=20 >=20 >=20 > @@ -2858,12 +2859,17 @@ HddPasswordDxeInit ( > // >=20 > // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. >=20 > // >=20 > - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, > (VOID **)&VariableLock); >=20 > + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NUL= L, > (VOID **)&VariablePolicy); >=20 > if (!EFI_ERROR (Status)) { >=20 > - Status =3D VariableLock->RequestToLock ( >=20 > - VariableLock, >=20 > + Status =3D RegisterBasicVariablePolicy ( >=20 > + VariablePolicy, >=20 > + &mHddPasswordVendorGuid, >=20 > HDD_PASSWORD_VARIABLE_NAME, >=20 > - &mHddPasswordVendorGuid >=20 > + VARIABLE_POLICY_NO_MIN_SIZE, >=20 > + VARIABLE_POLICY_NO_MAX_SIZE, >=20 > + VARIABLE_POLICY_NO_MUST_ATTR, >=20 > + VARIABLE_POLICY_NO_CANT_ATTR, >=20 > + VARIABLE_POLICY_TYPE_LOCK_NOW >=20 > ); >=20 > DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __FUNCTION__, > HDD_PASSWORD_VARIABLE_NAME, Status)); >=20 > ASSERT_EFI_ERROR (Status); >=20 > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h > b/SecurityPkg/HddPassword/HddPasswordDxe.h > index 231533e737..049a208794 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.h > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h > @@ -17,7 +17,6 @@ > #include >=20 > #include >=20 > #include >=20 > -#include >=20 >=20 >=20 > #include >=20 > #include >=20 > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf > b/SecurityPkg/HddPassword/HddPasswordDxe.inf > index 06e8755ffc..2c0ebbcc78 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf > @@ -50,6 +50,7 @@ > PrintLib >=20 > UefiLib >=20 > LockBoxLib >=20 > + VariablePolicyHelperLib >=20 > S3BootScriptLib >=20 > PciLib >=20 > BaseCryptLib >=20 > @@ -63,7 +64,7 @@ > gEfiHiiConfigAccessProtocolGuid ## PRODUCES >=20 > gEfiAtaPassThruProtocolGuid ## CONSUMES >=20 > gEfiPciIoProtocolGuid ## CONSUMES >=20 > - gEdkiiVariableLockProtocolGuid ## CONSUMES >=20 > + gEdkiiVariablePolicyProtocolGuid ## CONSUMES >=20 >=20 >=20 > [Pcd] >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## > CONSUMES >=20 > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 3bad5375c0..3c62205162 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -74,6 +74,7 @@ >=20 > PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo > licy/PlatformPKProtectionLibVarPolicy.inf >=20 >=20 > SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro > visionLib/SecureBootVariableProvisionLib.inf >=20 > TdxLib|MdePkg/Library/TdxLib/TdxLib.inf >=20 > + > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var > iablePolicyHelperLib.inf >=20 >=20 >=20 > [LibraryClasses.ARM, LibraryClasses.AARCH64] >=20 > # >=20 > -- > 2.33.1.windows.1