From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (NAM02-BL2-obe.outbound.protection.outlook.com [40.92.3.90]) by mx.groups.io with SMTP id smtpd.web10.3081.1590101085419843680 for ; Thu, 21 May 2020 15:44:45 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=RW91L/YP; spf=pass (domain: outlook.com, ip: 40.92.3.90, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NfZ1RRkphXcKV80+xIF32Gm2gofTwhPBsJDhiHFGdjVmbMJqOWrTgOZUvkQAoQis5NeFIm2PO/jr0XdZzzlWiX207gVqO0IVqXHKz+mkyc6E8lS2QNGNPWjVSaWAtuplMHbxzBshGwBFwBsgNvuHgmGnMUSoxajkgI5JwG53pdnPvCjp82iQpRwoCpfOohM7OfzI5rfD18sFoFMci5lLt1pcOyWm6rXKdjIRqFo5tI3znv0DzME01hZOP+irVAlo50FzRT731fXDdYiKzcqiurofunqpqnl7j4Bdq88zRYGTiYnCr83mRT5tO40I4rBffJH+Xi4jICxM5SzICIpbog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CFmVWyc+WPfjpixa8v0ELe8B+y/D7gDKNU92td/Ctis=; b=kVKJrJHKb5l85K3zMBfyUgOkJLc7URglPhcLNkVfhdJno+BXTAkgEdGjMrXszlwsb8QDIxhJqyvsnG15OKa/5P8B2oEXNcqxqBGRZ91l3TNwcwV30rGHgRNUXYu2s6RZ+sfdvCwY4WICdRQpyvzk8C3JesDiZbZ8vXIVcruVxHU57TMbvusKFN3PBGGA7XbDZYqAlmHRc4Bu0EVGk8J3ANNBp4qXlHuzfy3mIovxVrdZ847hGhXzEqeR6UakQI7alJJKKE2tn/qZg5kV2bJMtlokyUtcpfBvK8x+XsKuBciT/IyIxJulAJ0+ccLwwzHf5O+7098ZTocqb39xEaZmaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CFmVWyc+WPfjpixa8v0ELe8B+y/D7gDKNU92td/Ctis=; b=RW91L/YPXW84Dpkan7Wvj/RKrvdqy5fSXoVZkssm8BhHDmFCuofH8uTwiBiry3e+7jIwyNm6lV/V2YYUOQyXPgNJfePZGxSjBEACXhdWVKridzeB25wfjgA1H+PNJbeIc6cISTGXxCHG3willHJJwwH3SUdOh5l6+ybYC1KWdg8Lc4IutiY/YgUglOQzVou1TdFWn43fNs5I+gZIaCFrmjwITygX3yPFKpYVHb4AIH59yiAFO2vKM/9/J06G1V6QZQhfBTydNDnZr1RMdXONIkjkkm4KGtykjeSE9SEdbAn9bNzCLbJGvnAYx+He31BxHofgVKd8KVX6xldPanvi2g== Received: from CY1NAM02FT003.eop-nam02.prod.protection.outlook.com (10.152.74.59) by CY1NAM02HT148.eop-nam02.prod.protection.outlook.com (10.152.75.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23; Thu, 21 May 2020 22:44:44 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e45::53) by CY1NAM02FT003.mail.protection.outlook.com (2a01:111:e400:7e45::151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 22:44:44 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:18486DC877862C9F9B1017B0860EECAB572F11191A2752E037E29C756C4AA379;UpperCasedChecksum:73EAC8715EDDA714E22F7FF71633CE5B015D36BE3BC638E2DD4BB1378E14A351;SizeAsReceived:7884;Count:50 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.3021.020; Thu, 21 May 2020 22:44:43 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Maurice Ma , Guo Dong , Benjamin You , Bret Barkelew Subject: [PATCH v3 08/14] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Date: Thu, 21 May 2020 15:43:25 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200521224331.15616-1-michael.kubacki@outlook.com> References: <20200521224331.15616-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MWHPR12CA0071.namprd12.prod.outlook.com (2603:10b6:300:103::33) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200521224331.15616-9-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:1:2c94:8481:fffa:8ac5) by MWHPR12CA0071.namprd12.prod.outlook.com (2603:10b6:300:103::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 22:44:41 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200521224331.15616-9-michael.kubacki@outlook.com> X-TMN: [zG4FE/jdC+q/U2+/EsvitaBltewAKWC2rHrskueIp1/IIUQKPkvatAD3JknlxKYf] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 50 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 5a371db1-e231-4ddb-d6ff-08d7fdd88d23 X-MS-TrafficTypeDiagnostic: CY1NAM02HT148: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rcRmhhBIcFvaPF/02mq4Xtu4CjcMRrNvyvL47r+LFWvCdvq89XMaMfTDBqCAzctjk/8sqeZVAnrr+QFttf5/0TgYuBi+QH+NUTe+hAiICMqkhs787ZxN5f1kMDep7WP5H8uZZEECyCK1y+xNq5QWdch9haNeJlGqgTnzuFe2siXl6FSIEMAKhbut6LHQmOs5SWalrvrDf8Zr7ty22GtK6EYxl5dQiA5mtwV66sNvuSDjCO4AbPhCzinKZqJHJtsR X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: nsvCd1YmsghBnZMbV9vZweCG+V2K5b5cdnY7Ry4fEtJpd59eZpykUYY7piM1sa9fAzz/r7AL5wy2DzyzCtKzAJs5Ml9k70PEoeKIl+j4mfMcZzQAzRJ+zGY4+kAU+Hxzu4tIyjKznhv4woPQ4Q4R6WIJG51noybqtIg5UHzh3SAP+7afAD//mgQAIDxovhhjuM29qkp40L+h+ugHwt3q4Q== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5a371db1-e231-4ddb-d6ff-08d7fdd88d23 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2020 22:44:42.8478 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT148 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 Cc: Maurice Ma Cc: Guo Dong Cc: Benjamin You Cc: Bret Barkelew Signed-off-by: Michael Kubacki --- UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 7 +++++++ UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/UefiPayloadPkg/UefiPayloadPkgIa32.dsc b/UefiPayloadPkg/UefiPay= loadPkgIa32.dsc index d52945442e0e..472196d2c60e 100644 --- a/UefiPayloadPkg/UefiPayloadPkgIa32.dsc +++ b/UefiPayloadPkg/UefiPayloadPkgIa32.dsc @@ -4,6 +4,7 @@ # Provides drivers and definitions to create uefi payload for bootloaders. # # Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -204,6 +205,8 @@ [LibraryClasses] AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf =20 [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf @@ -251,6 +254,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/R= untimeDxeReportStatusCodeLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ibRuntimeDxe.inf =20 [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -329,6 +333,9 @@ [PcdsPatchableInModule.common] =20 gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LOGICAL_= PROCESSORS) =20 + # Optional: Omit if VariablePolicy should be always-on. + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|= TRUE + =20 ##########################################################################= ###### # diff --git a/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc b/UefiPayloadPkg/Uefi= PayloadPkgIa32X64.dsc index 0736cd995476..817400604347 100644 --- a/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc +++ b/UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc @@ -4,6 +4,7 @@ # Provides drivers and definitions to create uefi payload for bootloaders. # # Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -205,6 +206,8 @@ [LibraryClasses] AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf =20 [LibraryClasses.IA32.SEC] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf @@ -252,6 +255,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/R= untimeDxeReportStatusCodeLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ibRuntimeDxe.inf =20 [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -331,6 +335,9 @@ [PcdsPatchableInModule.common] =20 gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|$(MAX_LOGICAL_= PROCESSORS) =20 + # Optional: Omit if VariablePolicy should be always-on. + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|= TRUE + =20 ##########################################################################= ###### # --=20 2.16.3.windows.1