From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Mistry, Nishant C" <nishant.c.mistry@intel.com>,
"Vang, Judah" <judah.vang@intel.com>
Subject: Re: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib
Date: Thu, 15 Dec 2022 03:10:35 +0000 [thread overview]
Message-ID: <MW4PR11MB5872F69B438B40F4B9A920E88CE19@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20221215030223.899-1-jian.j.wang@intel.com>
Agree.
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
I will wait for 1 work week to see if there is any objection.
If anyone has concern, please let us know as soon as possible.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Thursday, December 15, 2022 11:02 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>; Vang, Judah <judah.vang@intel.com>
> Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
>
> There's no real usage of these two libraries. They're deprecated.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
> Cc: Judah Vang <judah.vang@intel.com>
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
> SecurityPkg/Include/Library/RpmcLib.h | 42 ------------
> SecurityPkg/Include/Library/VariableKeyLib.h | 59 -----------------
> SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 -------------
> .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ----------
> .../VariableKeyLibNull/VariableKeyLibNull.c | 66 -------------------
> .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ----------
> SecurityPkg/SecurityPkg.dec | 8 ---
> SecurityPkg/SecurityPkg.dsc | 4 --
> 8 files changed, 291 deletions(-)
> delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h
> delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h
> delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> delete mode 100644
> SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> delete mode 100644
> SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
>
> diff --git a/SecurityPkg/Include/Library/RpmcLib.h
> b/SecurityPkg/Include/Library/RpmcLib.h
> deleted file mode 100644
> index df4ba34ba8..0000000000
> --- a/SecurityPkg/Include/Library/RpmcLib.h
> +++ /dev/null
> @@ -1,42 +0,0 @@
> -/** @file
>
> - Public definitions for the Replay Protected Monotonic Counter (RPMC)
> Library.
>
> -
>
> -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#ifndef _RPMC_LIB_H_
>
> -#define _RPMC_LIB_H_
>
> -
>
> -#include <Uefi/UefiBaseType.h>
>
> -
>
> -/**
>
> - Requests the monotonic counter from the designated RPMC counter.
>
> -
>
> - @param[out] CounterValue A pointer to a buffer to store the RPMC
> value.
>
> -
>
> - @retval EFI_SUCCESS The operation completed successfully.
>
> - @retval EFI_DEVICE_ERROR A device error occurred while
> attempting to update the counter.
>
> - @retval EFI_UNSUPPORTED The operation is un-supported.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -RequestMonotonicCounter (
>
> - OUT UINT32 *CounterValue
>
> - );
>
> -
>
> -/**
>
> - Increments the monotonic counter in the SPI flash device by 1.
>
> -
>
> - @retval EFI_SUCCESS The operation completed successfully.
>
> - @retval EFI_DEVICE_ERROR A device error occurred while
> attempting to update the counter.
>
> - @retval EFI_UNSUPPORTED The operation is un-supported.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -IncrementMonotonicCounter (
>
> - VOID
>
> - );
>
> -
>
> -#endif
>
> diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h
> b/SecurityPkg/Include/Library/VariableKeyLib.h
> deleted file mode 100644
> index 561ebad09d..0000000000
> --- a/SecurityPkg/Include/Library/VariableKeyLib.h
> +++ /dev/null
> @@ -1,59 +0,0 @@
> -/** @file
>
> - Public definitions for Variable Key Library.
>
> -
>
> -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#ifndef _VARIABLE_KEY_LIB_H_
>
> -#define _VARIABLE_KEY_LIB_H_
>
> -
>
> -#include <Uefi/UefiBaseType.h>
>
> -
>
> -/**
>
> - Retrieves the key for integrity and/or confidentiality of variables.
>
> -
>
> - @param[out] VariableKey A pointer to pointer for the variable key
> buffer.
>
> - @param[in,out] VariableKeySize The size in bytes of the variable key.
>
> -
>
> - @retval EFI_SUCCESS The variable key was returned.
>
> - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> get the variable key.
>
> - @retval EFI_ACCESS_DENIED The function was invoked after locking
> the key interface.
>
> - @retval EFI_UNSUPPORTED The variable key is not supported in the
> current boot configuration.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -GetVariableKey (
>
> - OUT VOID **VariableKey,
>
> - IN OUT UINTN *VariableKeySize
>
> - );
>
> -
>
> -/**
>
> - Regenerates the variable key.
>
> -
>
> - @retval EFI_SUCCESS The variable key was regenerated
> successfully.
>
> - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> regenerate the key.
>
> - @retval EFI_ACCESS_DENIED The function was invoked after locking
> the key interface.
>
> - @retval EFI_UNSUPPORTED Key regeneration is not supported in
> the current boot configuration.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -RegenerateVariableKey (
>
> - VOID
>
> - );
>
> -
>
> -/**
>
> - Locks the regenerate key interface.
>
> -
>
> - @retval EFI_SUCCESS The key interface was locked successfully.
>
> - @retval EFI_UNSUPPORTED Locking the key interface is not
> supported in the current boot configuration.
>
> - @retval Others An error occurred while attempting to lock the
> key interface.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -LockVariableKeyInterface (
>
> - VOID
>
> - );
>
> -
>
> -#endif
>
> diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> deleted file mode 100644
> index 792e48250e..0000000000
> --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -/** @file
>
> - NULL RpmcLib instance for build purpose.
>
> -
>
> -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include <Library/DebugLib.h>
>
> -#include <Library/RpmcLib.h>
>
> -
>
> -/**
>
> - Requests the monotonic counter from the designated RPMC counter.
>
> -
>
> - @param[out] CounterValue A pointer to a buffer to store the RPMC
> value.
>
> -
>
> - @retval EFI_SUCCESS The operation completed successfully.
>
> - @retval EFI_DEVICE_ERROR A device error occurred while
> attempting to update the counter.
>
> - @retval EFI_UNSUPPORTED The operation is un-supported.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -RequestMonotonicCounter (
>
> - OUT UINT32 *CounterValue
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return EFI_UNSUPPORTED;
>
> -}
>
> -
>
> -/**
>
> - Increments the monotonic counter in the SPI flash device by 1.
>
> -
>
> - @retval EFI_SUCCESS The operation completed successfully.
>
> - @retval EFI_DEVICE_ERROR A device error occurred while
> attempting to update the counter.
>
> - @retval EFI_UNSUPPORTED The operation is un-supported.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -IncrementMonotonicCounter (
>
> - VOID
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return EFI_UNSUPPORTED;
>
> -}
>
> diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> deleted file mode 100644
> index 500edfa87d..0000000000
> --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -## @file
>
> -# Provides Null version of RpmcLib for build purpose.
>
> -#
>
> -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -#
>
> -##
>
> -
>
> -[Defines]
>
> - INF_VERSION = 0x00010029
>
> - BASE_NAME = RpmcLibNull
>
> - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360
>
> - MODULE_TYPE = BASE
>
> - VERSION_STRING = 1.0
>
> - LIBRARY_CLASS = RpmcLib
>
> -
>
> -#
>
> -# The following information is for reference only and not required by the
> build tools.
>
> -#
>
> -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64
>
> -#
>
> -
>
> -[Sources]
>
> - RpmcLibNull.c
>
> -
>
> -[Packages]
>
> - MdePkg/MdePkg.dec
>
> - SecurityPkg/SecurityPkg.dec
>
> -
>
> -[LibraryClasses]
>
> - BaseLib
>
> - DebugLib
>
> -
>
> diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> deleted file mode 100644
> index a08def767b..0000000000
> --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> +++ /dev/null
> @@ -1,66 +0,0 @@
> -/** @file
>
> - Null version of VariableKeyLib for build purpose. Don't use it in real
> product.
>
> -
>
> -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -#include <Library/DebugLib.h>
>
> -#include <Library/VariableKeyLib.h>
>
> -
>
> -/**
>
> - Retrieves the key for integrity and/or confidentiality of variables.
>
> -
>
> - @param[out] VariableKey A pointer to pointer for the variable key
> buffer.
>
> - @param[in,out] VariableKeySize The size in bytes of the variable key.
>
> -
>
> - @retval EFI_SUCCESS The variable key was returned.
>
> - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> get the variable key.
>
> - @retval EFI_ACCESS_DENIED The function was invoked after locking
> the key interface.
>
> - @retval EFI_UNSUPPORTED The variable key is not supported in the
> current boot configuration.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -GetVariableKey (
>
> - OUT VOID **VariableKey,
>
> - IN OUT UINTN *VariableKeySize
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return EFI_UNSUPPORTED;
>
> -}
>
> -
>
> -/**
>
> - Regenerates the variable key.
>
> -
>
> - @retval EFI_SUCCESS The variable key was regenerated
> successfully.
>
> - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> regenerate the key.
>
> - @retval EFI_ACCESS_DENIED The function was invoked after locking
> the key interface.
>
> - @retval EFI_UNSUPPORTED Key regeneration is not supported in
> the current boot configuration.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -RegenerateVariableKey (
>
> - VOID
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return EFI_UNSUPPORTED;
>
> -}
>
> -
>
> -/**
>
> - Locks the regenerate key interface.
>
> -
>
> - @retval EFI_SUCCESS The key interface was locked successfully.
>
> - @retval EFI_UNSUPPORTED Locking the key interface is not
> supported in the current boot configuration.
>
> - @retval Others An error occurred while attempting to lock the
> key interface.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -LockVariableKeyInterface (
>
> - VOID
>
> - )
>
> -{
>
> - ASSERT (FALSE);
>
> - return EFI_UNSUPPORTED;
>
> -}
>
> diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> deleted file mode 100644
> index ea74e38cf9..0000000000
> --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -## @file
>
> -# Provides Null version of VariableKeyLib for build only.
>
> -#
>
> -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -#
>
> -##
>
> -
>
> -[Defines]
>
> - INF_VERSION = 0x00010029
>
> - BASE_NAME = VariableKeyLibNull
>
> - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A
>
> - MODULE_TYPE = BASE
>
> - VERSION_STRING = 1.0
>
> - LIBRARY_CLASS = VariableKeyLib
>
> -
>
> -#
>
> -# The following information is for reference only and not required by the
> build tools.
>
> -#
>
> -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64
>
> -#
>
> -
>
> -[Sources]
>
> - VariableKeyLibNull.c
>
> -
>
> -[Packages]
>
> - MdePkg/MdePkg.dec
>
> - SecurityPkg/SecurityPkg.dec
>
> -
>
> -[LibraryClasses]
>
> - BaseLib
>
> - DebugLib
>
> -
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 7ecf9565d9..358b3dc543 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -80,14 +80,6 @@
> #
>
> TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h
>
>
>
> - ## @libraryclass Provides interfaces to access RPMC device.
>
> - #
>
> - RpmcLib|Include/Library/RpmcLib.h
>
> -
>
> - ## @libraryclass Provides interfaces to access variable root key.
>
> - #
>
> - VariableKeyLib|Include/Library/VariableKeyLib.h
>
> -
>
> ## @libraryclass Provides interfaces about firmware TPM measurement.
>
> #
>
> TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 30d911d8a1..2f679c87a9 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -68,8 +68,6 @@
>
> TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi
> b.inf
>
>
> TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi
> b.inf
>
>
> ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseReset
> SystemLibNull.inf
>
> -
> VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.in
> f
>
> - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
>
>
> TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventL
> ogRecordLib.inf
>
>
> MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnbloc
> kMemoryLibNull.inf
>
>
> SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo
> otVariableLib.inf
>
> @@ -264,8 +262,6 @@
> #
>
> # Variable Confidentiality & Integrity
>
> #
>
> - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
>
> - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
>
>
> SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionL
> ibVarPolicy.inf
>
>
>
> #
>
> --
> 2.36.1.windows.1
next prev parent reply other threads:[~2022-12-15 3:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 3:02 [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib Wang, Jian J
2022-12-15 3:10 ` Yao, Jiewen [this message]
2022-12-15 18:27 ` Michael D Kinney
2022-12-21 5:58 ` Yao, Jiewen
2022-12-21 1:51 ` Judah Vang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB5872F69B438B40F4B9A920E88CE19@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox