From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.92.18.30]) by mx.groups.io with SMTP id smtpd.web12.3162.1586543921936474410 for ; Fri, 10 Apr 2020 11:38:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=TLd68SAY; spf=pass (domain: outlook.com, ip: 40.92.18.30, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ONiKNM8y4TaRL2hv78jXiuO3RFLS5gifV5oPnxwKyV5GEtfoLv9E4mL6lIbW2bZWHGsFEHRlTCij6p+TQdZz7O3AyqkMp7ETgNdbz1yDvBzA0cPz33tZRrDmtRSDiZ8gMUHk0uhOyT/3yMZ1dZm5C38VOQFBip7MpM3CuCR9JvXzLPeQUZoMEvE4EakSg5XZX2AuOsfCNS9rMmFXOIbJxQiWHmqaJ7Ov9zWtBTfsEjh1k+IDSPisET8F2OzzmSW9glnnpY0QCgEEuTfEvAVEdWuKiqTyVc4x0yx7ZZ/1IvmZwO7vFl3Wf/SBIVTbFDIe1KwJH5xocILig6QW1cv7OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CBN0UZK2/KTEDpRSAz4+QRBieBlsKrV4KG0/T2n5bd4=; b=kKU6SZqrVJCzS/mscDtu2Y8kVW2N1rOrVk+UJepfAfMqZFPXJjBT4oPIuStQVMV3oL6yVCZ8sP6OciW7RoOB0fG7x9+aKESQuNkKc0Jc27oLHWVwCm99GzqqxBf/zPerxhGEqbLH5pd8+YdJnwVm45u+CIV2wm4cHltSh7nybArHtp5VEQ4HztM6MsaZ0Kv2p2KWWQK0sUCiwVLAPArwPiQp011hvh7eeetxGYfol32ziz1NqjIVyVE+3DM3HikTls4D0eEz+kQHIC9Pt2jT3AnMDSskWc2VbFaQyySab/9GVEt0kwHzNgVW479geKMg2wDT4ZqAni4DGCFP6F1ZMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CBN0UZK2/KTEDpRSAz4+QRBieBlsKrV4KG0/T2n5bd4=; b=TLd68SAY6So1Mu5pxivhgK1qG1fkspcFTiqdpsvharjjoRxamTUaNcB7VZj8bjjnqB1TKrC0zaezXlmh+zRd5X30HHIyt2fCn2jH62VuSRdXlIHwEWByMNazmbts2+yepM+K3MN6mADEQaRdN0/zVhQSjtstk+38UXlU+jijV+vmq0oNIi00v5ybM0+i9qGcBS3dwnBYINb8h9rqSVdFSAPpL3ZgohEnvP2cE18/IQNhYTEKQCnSqh4VdN9/lXvvHHnRCDp5bq21331gMsj7G0T5+phCllzEZMzA1FDnJofB/eA3FBQ5NRhfq3/8OgcSU/hkhfcJuY6AxDw3zHx6pg== Received: from BN8NAM11FT063.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::47) by BN8NAM11HT025.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.18; Fri, 10 Apr 2020 18:38:37 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:fc4b::44) by BN8NAM11FT063.mail.protection.outlook.com (2a01:111:e400:fc4b::366) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Fri, 10 Apr 2020 18:38:37 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:2A68018B10D8A3169C965272CB866DD4D2E8DC2933E86E9991A2B07C2365482B;UpperCasedChecksum:4BDBB5F2CC6DD6D265EE73D65EF74522AA52494D79DC6D161ADF09C14C49F153;SizeAsReceived:7776;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.2900.015; Fri, 10 Apr 2020 18:38:37 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao Subject: [PATCH v1 4/9] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Date: Fri, 10 Apr 2020 11:37:57 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200410183802.21192-1-michael.kubacki@outlook.com> References: <20200410183802.21192-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MWHPR20CA0007.namprd20.prod.outlook.com (2603:10b6:300:13d::17) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200410183802.21192-4-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:9:2d7c:9ade:505:3bf5) by MWHPR20CA0007.namprd20.prod.outlook.com (2603:10b6:300:13d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.17 via Frontend Transport; Fri, 10 Apr 2020 18:38:35 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200410183802.21192-4-michael.kubacki@outlook.com> X-TMN: [2GM0ZAslaNqGT2ZIG2HvJYJHsRbjnc4OIM9xSUyK/Fo3KzNJUtMZDOiwOli6FXby] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 815b09f0-236a-4e46-108f-08d7dd7e6093 X-MS-TrafficTypeDiagnostic: BN8NAM11HT025: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7n8cz9qTc8M/KPk4JtdEVq53OCyq/tlhLtfuqGZrfXS3eSuHOENRWtG1Z2b2AUcjrVJk2Xf6HaVArbZPV4I5vCscagmm4drdPDfCbscMuE+DNjQ6cCbn9ZowXsaTWXWbG99W1x0nZ64dWJ2zr84XS+DazUwaT6ZyXqPqrLCTRVdqvPbJIG2X2WfbzgXuLaiIbvNeSYHkuPzIe+LSBOJ2I3W87sHaN7u2s0/Mm7P+FX8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: eG1DoKONZnO3O9AtFgi20ZoaGLBJguZHo4XI7W2V2S+hjumu1mGU7/LVur7DqroYsK2dbR47H+da+qrKzXeuIuW88N1jRtSK2a/Ydls+u6rdylY8o8+zzjioX7VkIk+LB6RHP1tduJBKfUWGH/fReeOcfjopDglFmNUXgQNRgVY1Qzcyn6B3Xvxw8f7StiZAvT329ILR121tguIcMRH/5Q== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 815b09f0-236a-4e46-108f-08d7dd7e6093 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2020 18:38:35.3862 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8NAM11HT025 Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=2522 VariablePolicy is an updated interface to replace VarLock and VarCheckProtocol. This is an instance of a VarCheckLib that is backed by the VariablePolicyLib business logic. It also publishes the SMM calling interface for messages from the DXE protocol. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Signed-off-by: Bret Barkelew Signed-off-by: Michael Kubacki --- MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 211 ++++++++++++++++++++ MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 43 ++++ MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf | 44 ++++ MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni | 12 ++ MdeModulePkg/MdeModulePkg.dec | 4 + MdeModulePkg/MdeModulePkg.dsc | 2 + 6 files changed, 316 insertions(+) diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c new file mode 100644 index 000000000000..3ad396412c49 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c @@ -0,0 +1,211 @@ +/** @file -- VarCheckPolicyLib.c +This is an instance of a VarCheck lib that leverages the business logic behind +the VariablePolicy code to make its decisions. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +//================================================ +// As a VarCheck library, we're linked into the VariableServices +// and may not be able to call them indirectly. To get around this, +// use the internal GetVariable function to query the variable store. +//================================================ +EFI_STATUS +EFIAPI +VariableServiceGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data + ); + + +/** + MM Communication Handler to recieve commands from the DXE protocol for + Variable Policies. This communication channel is used to register new policies + and poll and toggle the enforcement of variable policies. + + @param[in] DispatchHandle All parameters standard to MM communications convention. + @param[in] RegisterContex All parameters standard to MM communications convention. + @param[in,out] CommBuffer All parameters standard to MM communications convention. + @param[in,out] CommBufferSize All parameters standard to MM communications convention. + + @retval EFI_SUCCESS + @retval EFI_INVALID_PARAMETER CommBuffer or CommBufferSize is null pointer. + @retval EFI_INVALID_PARAMETER CommBuffer size is wrong. + @retval EFI_INVALID_PARAMETER Revision or signature don't match. + +**/ +STATIC +EFI_STATUS +EFIAPI +VarCheckPolicyLibMmiHandler ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *RegisterContext, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + VAR_CHECK_POLICY_COMM_HEADER *PolicyCommmHeader; + VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *IsEnabledParams; + // VAR_CHECK_POLICY_COMM_DUMP_PARAMS *DumpParams; // Not yet implemented. + VARIABLE_POLICY_ENTRY *PolicyEntry; + UINTN ExpectedSize; + + // + // Validate some input parameters. + // + // If either of the pointers are NULL, we can't proceed. + if (CommBuffer == NULL || CommBufferSize == NULL) { + DEBUG(( DEBUG_INFO, "%a - Invalid comm buffer pointers!\n", __FUNCTION__ )); + return EFI_INVALID_PARAMETER; + } + // If the size does not meet a minimum threshold, we cannot proceed. + ExpectedSize = sizeof(VAR_CHECK_POLICY_COMM_HEADER); + if (*CommBufferSize < ExpectedSize) { + DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, *CommBufferSize, ExpectedSize )); + return EFI_INVALID_PARAMETER; + } + // Check the revision and the signature of the comm header. + PolicyCommmHeader = CommBuffer; + if (PolicyCommmHeader->Signature != VAR_CHECK_POLICY_COMM_SIG || + PolicyCommmHeader->Revision != VAR_CHECK_POLICY_COMM_REVISION) { + DEBUG(( DEBUG_INFO, "%a - Signature or revision are incorrect!\n", __FUNCTION__ )); + // We have verified the buffer is not null and have enough size to hold Result field. + PolicyCommmHeader->Result = EFI_INVALID_PARAMETER; + return EFI_SUCCESS; + } + + // + // Now we can process the command as it was sent. + // + PolicyCommmHeader->Result = EFI_ABORTED; // Set a default return for incomplete commands. + switch(PolicyCommmHeader->Command) { + case VAR_CHECK_POLICY_COMMAND_DISABLE: + PolicyCommmHeader->Result = DisableVariablePolicy(); + break; + + case VAR_CHECK_POLICY_COMMAND_IS_ENABLED: + // Make sure that we're dealing with a reasonable size. + // This add should be safe because these are fixed sizes so far. + ExpectedSize += sizeof(VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS); + if (*CommBufferSize < ExpectedSize) { + DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, *CommBufferSize, ExpectedSize )); + PolicyCommmHeader->Result = EFI_INVALID_PARAMETER; + break; + } + + // Now that we know we've got a valid size, we can fill in the rest of the data. + IsEnabledParams = (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)((UINT8*)CommBuffer + sizeof(VAR_CHECK_POLICY_COMM_HEADER)); + IsEnabledParams->State = IsVariablePolicyEnabled(); + PolicyCommmHeader->Result = EFI_SUCCESS; + break; + + case VAR_CHECK_POLICY_COMMAND_REGISTER: + // Make sure that we're dealing with a reasonable size. + // This add should be safe because these are fixed sizes so far. + ExpectedSize += sizeof(VARIABLE_POLICY_ENTRY); + if (*CommBufferSize < ExpectedSize) { + DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION__, *CommBufferSize, ExpectedSize )); + PolicyCommmHeader->Result = EFI_INVALID_PARAMETER; + break; + } + + // At the very least, we can assume that we're working with a valid policy entry. + // Time to compare its internal size. + PolicyEntry = (VARIABLE_POLICY_ENTRY*)((UINT8*)CommBuffer + sizeof(VAR_CHECK_POLICY_COMM_HEADER)); + if (PolicyEntry->Version != VARIABLE_POLICY_ENTRY_REVISION || + PolicyEntry->Size < sizeof(VARIABLE_POLICY_ENTRY) || + EFI_ERROR(SafeUintnAdd(sizeof(VAR_CHECK_POLICY_COMM_HEADER), PolicyEntry->Size, &ExpectedSize)) || + *CommBufferSize < ExpectedSize) { + DEBUG(( DEBUG_INFO, "%a - Bad policy entry contents!\n", __FUNCTION__ )); + PolicyCommmHeader->Result = EFI_INVALID_PARAMETER; + break; + } + + PolicyCommmHeader->Result = RegisterVariablePolicy( PolicyEntry ); + break; + + case VAR_CHECK_POLICY_COMMAND_DUMP: + // There's currently no use for this, but it shouldn't be hard to implement. + PolicyCommmHeader->Result = EFI_UNSUPPORTED; + break; + + case VAR_CHECK_POLICY_COMMAND_LOCK: + PolicyCommmHeader->Result = LockVariablePolicy(); + break; + + default: + // Mark unknown requested command as EFI_UNSUPPORTED. + DEBUG(( DEBUG_INFO, "%a - Invalid command requested! %d\n", __FUNCTION__, PolicyCommmHeader->Command )); + PolicyCommmHeader->Result = EFI_UNSUPPORTED; + break; + } + + DEBUG(( DEBUG_VERBOSE, "%a - Command %d returning %r.\n", __FUNCTION__, + PolicyCommmHeader->Command, PolicyCommmHeader->Result )); + + return Status; +} + + +/** + Constructor function of VarCheckPolicyLib to register VarCheck handler and + SW MMI handlers. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +VarCheckPolicyLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE DiscardedHandle; + + // Initialize the business logic with the internal GetVariable handler. + Status = InitVariablePolicyLib( VariableServiceGetVariable ); + + // Only proceed with init if the business logic could be initialized. + if (!EFI_ERROR( Status )) { + // Register the VarCheck handler for SetVariable filtering. + // Forward the check to the business logic of the library. + VarCheckLibRegisterSetVariableCheckHandler( ValidateSetVariable ); + + // Register the MMI handlers for receiving policy commands. + DiscardedHandle = NULL; + Status = gMmst->MmiHandlerRegister( VarCheckPolicyLibMmiHandler, + &gVarCheckPolicyLibMmiHandlerGuid, + &DiscardedHandle ); + } + // Otherwise, there's not much we can do. + else { + DEBUG(( DEBUG_ERROR, "%a - Cannot Initialize VariablePolicyLib! %r\n", __FUNCTION__, Status )); + ASSERT_EFI_ERROR( Status ); + } + + return Status; +} diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h new file mode 100644 index 000000000000..ff64dcd9476b --- /dev/null +++ b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h @@ -0,0 +1,43 @@ +/** @file -- VarCheckPolicyMmiCommon.h +This header contains communication definitions that are shared between DXE +and the MM component of VarCheckPolicy. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef _VAR_CHECK_POLICY_MMI_COMMON_H_ +#define _VAR_CHECK_POLICY_MMI_COMMON_H_ + +#define VAR_CHECK_POLICY_COMM_SIG SIGNATURE_32('V', 'C', 'P', 'C') +#define VAR_CHECK_POLICY_COMM_REVISION 1 + +#pragma pack(push, 1) + +typedef struct _VAR_CHECK_POLICY_COMM_HEADER { + UINT32 Signature; + UINT32 Revision; + UINT32 Command; + EFI_STATUS Result; +} VAR_CHECK_POLICY_COMM_HEADER; + +typedef struct _VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS { + BOOLEAN State; +} VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS; + +typedef struct _VAR_CHECK_POLICY_COMM_DUMP_PARAMS { + UINT32 Size; +} VAR_CHECK_POLICY_COMM_DUMP_PARAMS; + +#pragma pack(pop) + +// Make sure that we will hold at least the headers. +#define VAR_CHECK_POLICY_MIN_MM_BUFFER_SIZE MAX((OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof(VAR_CHECK_POLICY_COMM_HEADER)), EFI_PAGES_TO_SIZE(4)) + +#define VAR_CHECK_POLICY_COMMAND_DISABLE 0x0001 +#define VAR_CHECK_POLICY_COMMAND_IS_ENABLED 0x0002 +#define VAR_CHECK_POLICY_COMMAND_REGISTER 0x0003 +#define VAR_CHECK_POLICY_COMMAND_DUMP 0x0004 +#define VAR_CHECK_POLICY_COMMAND_LOCK 0x0005 + +#endif // _VAR_CHECK_POLICY_MMI_COMMON_H_ diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf new file mode 100644 index 000000000000..7c407e254330 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf @@ -0,0 +1,44 @@ +## @file VarCheckPolicyLib.inf +# This is an instance of a VarCheck lib that leverages the business logic behind +# the VariablePolicy code to make its decisions. +# +## +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = VarCheckPolicyLib + FILE_GUID = 9C28A48F-C884-4B1F-8B95-DEF125448023 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + CONSTRUCTOR = VarCheckPolicyLibConstructor + + +[Sources] + VarCheckPolicyLib.c + + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + + +[LibraryClasses] + BaseLib + DebugLib + BaseMemoryLib + DxeServicesLib + MemoryAllocationLib + VarCheckLib + VariablePolicyLib + VariablePolicyHelperLib + SafeIntLib + MmServicesTableLib + + +[Guids] + gVarCheckPolicyLibMmiHandlerGuid ## CONSUME ## Used to register for MM Communication events. diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni new file mode 100644 index 000000000000..eedeeed15d31 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni @@ -0,0 +1,12 @@ +// /** @file +// VarCheckPolicyLib.uni +// +// Copyright (c) Microsoft Corporation. +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "NULL library implementation that conforms to the VarCheck interface to allow VariablePolicy engine to enforce policies" + +#string STR_MODULE_DESCRIPTION #language en-US "NULL library implementation that conforms to the VarCheck interface to allow VariablePolicy engine to enforce policies" diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 8fd0a6a4fdfb..b6625b6c69ce 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -383,6 +383,10 @@ ## Include/Guid/EndofS3Resume.h gEdkiiEndOfS3ResumeGuid = { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } } + ## Used (similar to Variable Services) to communicate policies to the enforcement engine. + # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB} + gVarCheckPolicyLibMmiHandlerGuid = { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }} + ## Include/Guid/S3SmmInitDone.h gEdkiiS3SmmInitDoneGuid = { 0x8f9d4825, 0x797d, 0x48fc, { 0x84, 0x71, 0x84, 0x50, 0x25, 0x79, 0x2e, 0xf6 } } diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index c27a3b488a32..7bdb1e0ee99c 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -311,6 +311,7 @@ MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf + MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf @@ -456,6 +457,7 @@ MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf -- 2.16.3.windows.1