From: "Michael Kubacki" <michael.kubacki@outlook.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Hao A Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
Bret Barkelew <brbarkel@microsoft.com>
Subject: [PATCH v3 12/14] MdeModulePkg: Change TCG MOR variables to use VariablePolicy
Date: Thu, 21 May 2020 15:43:29 -0700 [thread overview]
Message-ID: <MWHPR07MB3440898E8DD1C8AC196739EFE9B70@MWHPR07MB3440.namprd07.prod.outlook.com> (raw)
In-Reply-To: <20200521224331.15616-1-michael.kubacki@outlook.com>
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
These were previously using VarLock, which is
being deprecated.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 56 +++++++++++++++-----
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 56 ++++++++++++++++----
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 2 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 1 +
4 files changed, 90 insertions(+), 25 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
index e7accf4ed806..32328aebe0dd 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
@@ -5,6 +5,7 @@
MOR lock control unsupported.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -17,7 +18,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseMemoryLib.h>
#include "Variable.h"
-extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyHelperLib.h>
/**
This service is an MOR/MorLock checker handler for the SetVariable().
@@ -77,11 +79,6 @@ MorLockInit (
NULL // Data
);
- //
- // Need set this variable to be read-only to prevent other module set it.
- //
- VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid);
-
//
// The MOR variable can effectively improve platform security only when the
// MorLock variable protects the MOR variable. In turn MorLock cannot be made
@@ -99,11 +96,6 @@ MorLockInit (
0, // DataSize
NULL // Data
);
- VariableLockRequestToLock (
- &mVariableLock,
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid
- );
return EFI_SUCCESS;
}
@@ -118,7 +110,43 @@ MorLockInitAtEndOfDxe (
VOID
)
{
- //
- // Do nothing.
- //
+ EFI_STATUS Status;
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
+
+ // First, we obviously need to locate the VariablePolicy protocol.
+ Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **) &VariablePolicy);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status));
+ return;
+ }
+
+ // If we're successful, go ahead and set the policies to protect the target variables.
+ Status = RegisterBasicVariablePolicy (
+ VariablePolicy,
+ &gEfiMemoryOverwriteRequestControlLockGuid,
+ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status));
+ }
+ Status = RegisterBasicVariablePolicy (
+ VariablePolicy,
+ &gEfiMemoryOverwriteControlDataGuid,
+ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status));
+ }
+
+ return;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index 7a6c19b1fa96..2634d8179a75 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -19,7 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Variable.h"
#include <Protocol/VariablePolicy.h>
-
+#include <Library/VariablePolicyHelperLib.h>
#include <Library/VariablePolicyLib.h>
typedef struct {
@@ -422,6 +422,8 @@ MorLockInitAtEndOfDxe (
{
UINTN MorSize;
EFI_STATUS MorStatus;
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *NewPolicy;
if (!mMorLockInitializationRequired) {
//
@@ -494,11 +496,27 @@ MorLockInitAtEndOfDxe (
// The MOR variable is absent; the platform firmware does not support it.
// Lock the variable so that no other module may create it.
//
- VariableLockRequestToLock (
- NULL, // This
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
- &gEfiMemoryOverwriteControlDataGuid
- );
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy (
+ &gEfiMemoryOverwriteControlDataGuid,
+ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy
+ );
+ if (!EFI_ERROR (Status)) {
+ Status = RegisterVariablePolicy (NewPolicy);
+ }
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ if (NewPolicy != NULL) {
+ FreePool (NewPolicy);
+ }
//
// Delete the MOR Control Lock variable too (should it exists for some
@@ -514,9 +532,25 @@ MorLockInitAtEndOfDxe (
);
mMorLockPassThru = FALSE;
- VariableLockRequestToLock (
- NULL, // This
- MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
- &gEfiMemoryOverwriteRequestControlLockGuid
- );
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy (
+ &gEfiMemoryOverwriteRequestControlLockGuid,
+ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy
+ );
+ if (!EFI_ERROR (Status)) {
+ Status = RegisterVariablePolicy (NewPolicy);
+ }
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ if (NewPolicy != NULL) {
+ FreePool (NewPolicy);
+ }
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 08153006aa48..af2c51327e21 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -71,6 +71,7 @@ [LibraryClasses]
AuthVariableLib
VarCheckLib
VariablePolicyLib
+ VariablePolicyHelperLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -80,6 +81,7 @@ [Protocols]
gEfiVariableWriteArchProtocolGuid ## PRODUCES
gEfiVariableArchProtocolGuid ## PRODUCES
gEdkiiVariableLockProtocolGuid ## PRODUCES
+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES
gEdkiiVarCheckProtocolGuid ## PRODUCES
[Guids]
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 2db05238e406..2e1387541a88 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -76,6 +76,7 @@ [LibraryClasses]
SynchronizationLib
VarCheckLib
VariablePolicyLib
+ VariablePolicyHelperLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
--
2.16.3.windows.1
next prev parent reply other threads:[~2020-05-21 22:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200521224331.15616-1-michael.kubacki@outlook.com>
2020-05-21 22:43 ` [PATCH v3 01/14] MdeModulePkg: Define the VariablePolicy protocol interface Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 02/14] MdeModulePkg: Define the VariablePolicyLib Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 03/14] MdeModulePkg: Define the VariablePolicyHelperLib Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 04/14] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 05/14] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Michael Kubacki
2020-05-22 21:41 ` [edk2-devel] " Laszlo Ersek
2020-05-22 22:35 ` [EXTERNAL] " Bret Barkelew
2020-05-25 18:02 ` Laszlo Ersek
2020-05-21 22:43 ` [PATCH v3 06/14] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 07/14] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Michael Kubacki
2020-05-22 21:47 ` [edk2-devel] " Laszlo Ersek
2020-05-21 22:43 ` [PATCH v3 08/14] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Michael Kubacki
2020-05-22 0:29 ` [edk2-devel] " Ma, Maurice
2020-05-21 22:43 ` [PATCH v3 09/14] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Michael Kubacki
2020-05-22 20:29 ` [edk2-devel] " Laszlo Ersek
2020-05-21 22:43 ` [PATCH v3 10/14] MdeModulePkg: Allow VariablePolicy state to delete protected variables Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Michael Kubacki
2020-05-21 22:43 ` Michael Kubacki [this message]
2020-05-21 22:43 ` [PATCH v3 13/14] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 14/14] MdeModulePkg: Add a shell-based functional test for VariablePolicy Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MWHPR07MB3440898E8DD1C8AC196739EFE9B70@MWHPR07MB3440.namprd07.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox