From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.92.19.50]) by mx.groups.io with SMTP id smtpd.web10.3103.1586543939669367201 for ; Fri, 10 Apr 2020 11:38:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=Jbomh3XD; spf=pass (domain: outlook.com, ip: 40.92.19.50, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KiwzNBQ3wwBaInxTWGaqJs1uCjLzXBEC4rI+Ey2/16IGC9EdiAzvs+ILYf8Aftm+wQsz8FU96SFz8Jl84dm6gaXZx7SE7gRlXoZYzXM+c3ghmttRnmIxpvDODekWzvsyRalFDkrrXKH3xHu8CVGFydQka+rwlXzwA26+LvGKhSZK9gG134M8ON4AAOl6jz1KW/mJ0eNCCH42ZcL36cVjpDBHD+/5+ZMksftajN9EbdhtwzNGXLWZ2lVl6bLq2wVc+/JB8sEo0wjMyBSsZ/luadhZuCNoXHoZk8+fjpM5lwkk9CboWV5lJaHnZYPDCthZBsaMYdBJEEblFQs7jkxe8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/yPM+4ZRvQJid28ixFN2ZzYcM2ZYuxioay2MDuxRVkc=; b=PCdAbcYKiEkKb7DFxHay+9hlmVNQxCvrXCAV2yE3jFHoVWI+zG7kh5qRxdzoXfr5SGKNI9qnVb/u/m6VjE4NRICUYIBjBHQJ3KHxe0WPrJFW/vmlHsyQiXY2YT4YPcMlLljCCrRDBiTtB+Ao/fI0BafYf4gAjtxPExyM5KVtQ3zneAIV+ukBiQo8/1P2Ry3EL39ZWbq3fpgQLFeHnL/0WXdSlQKkLEKCSl3Az18UkvlbNejiVP3d0lnuNllGH1pyeAa0qc/4BnBhfE30CI/q5EzHKLLuj6tb1j2f4icj5OER7n18KwLoM2TyDmN1wRx+Q5OvsrTJ/0nftDHyDQTW7w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/yPM+4ZRvQJid28ixFN2ZzYcM2ZYuxioay2MDuxRVkc=; b=Jbomh3XDjnbpBc0f5vMHsWmkN1zbrA53+gXf7tj8b9KPu3gAPEXEXQ9lztBDCeyjXflIJSUozLRHSg6xxG4df7rhImS/fFtZu+TFKYbY2GIdREmP5Y1/m6BowHAAcDGhERQhMUAcN3WP8WBKdfF0zfSUT/wp6K6BAa2c2h/kxxOgr7nsSBOfRjfZlYjTUDJlzdgjilanmeyG+8mfC3VCvnET3/zWiTSqGqUzA93T3OCaVIsht3i/oG914OxRMhvFHG9P8sEgiPQcPkqFbDg+zU8VkBCmpNHI8FNEWYoL9MuVW+fpr8lJYnBK8CD5ol3BmYhFURnQbKUjnzh5YGDgtQ== Received: from BN8NAM11FT063.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::51) by BN8NAM11HT135.eop-nam11.prod.protection.outlook.com (2a01:111:e400:fc4b::141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.18; Fri, 10 Apr 2020 18:38:52 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:fc4b::44) by BN8NAM11FT063.mail.protection.outlook.com (2a01:111:e400:fc4b::366) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Fri, 10 Apr 2020 18:38:51 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:5F9E5E8D4FF24F8E21EBB81973E63B4D36AFA0C0BD77682A06D742E78A2D3A16;UpperCasedChecksum:743B820497A0AA24783D2939C0E8E90DB18BDB1476A805DE02616D881CF92845;SizeAsReceived:7774;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.2900.015; Fri, 10 Apr 2020 18:38:51 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao Subject: [PATCH v1 9/9] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Date: Fri, 10 Apr 2020 11:38:02 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200410183802.21192-1-michael.kubacki@outlook.com> References: <20200410183802.21192-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MWHPR20CA0007.namprd20.prod.outlook.com (2603:10b6:300:13d::17) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200410183802.21192-9-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:9:2d7c:9ade:505:3bf5) by MWHPR20CA0007.namprd20.prod.outlook.com (2603:10b6:300:13d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.17 via Frontend Transport; Fri, 10 Apr 2020 18:38:50 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200410183802.21192-9-michael.kubacki@outlook.com> X-TMN: [xMpo9XHKlajTa4QU1bl/vIUrxf/QeBleJ5UUBX+rWdMlbV/+fHpDwA38qRunapy/] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: e92de258-f433-48c1-a545-08d7dd7e69f2 X-MS-TrafficTypeDiagnostic: BN8NAM11HT135: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YMJKgUa3DFslsRKdsJClnZq6z8wxd5AwaU9swt429fAdUWa3UcSkYfolC9SdZOktx8pLRNSjk8GBnyNA07EB+WGmrS3lOsAiKNwAAQDI8wXHn/8BhULVV3Q4A/QjRIrBdPIWpV2omBNyYAMJrZWb3ZDkEzW8DSBRp/yETHpNtX8oSSAZF/rMKYDGkN/JQV4JR1NcdEPxjFfRHkfJT5bU85TjmFkKwmS9+08oPzJ1vSA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: wmWo98EEKp3AE4DiFFfBDzz4iqm/CSH0bLfTF9RvaxpH+kX/e7jyIyVFgLgo3+Pl4Mx6m6PnLtRIUw4LBJLw4kyW777rAV0IfgwbTucKydZneHhJS2ZUO8eBgHl1B3OddDRhPF1mWcG/tIQoblobOdNFb6iwmyDCzUtvBQqEvYAp5ba/ODHkRw8PP8b/m2mrj6b8/N1DTZNHoWEEfUKLQA== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e92de258-f433-48c1-a545-08d7dd7e69f2 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Apr 2020 18:38:51.2830 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8NAM11HT135 Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=2522 Now that everything should be moved to VariablePolicy, drop support for the deprecated VarLock SMI interface and associated functions from variable RuntimeDxe. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Signed-off-by: Bret Barkelew Signed-off-by: Michael Kubacki --- MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +------------- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c | 71 ++++++++++++++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 2 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 1 + 5 files changed, 76 insertions(+), 48 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c index f15219df5eb8..486d85b022e1 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c @@ -3,60 +3,13 @@ and variable lock protocol based on VarCheckLib. Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "Variable.h" -/** - Mark a variable that will become read-only after leaving the DXE phase of execution. - Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed. - - @param[in] This The VARIABLE_LOCK_PROTOCOL instance. - @param[in] VariableName A pointer to the variable name that will be made read-only subsequently. - @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently. - - @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked - as pending to be read-only. - @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. - Or VariableName is an empty string. - @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has - already been signaled. - @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request. -**/ -EFI_STATUS -EFIAPI -VariableLockRequestToLock ( - IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - EFI_STATUS Status; - VAR_CHECK_VARIABLE_PROPERTY Property; - - AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property); - if (!EFI_ERROR (Status)) { - Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - } else { - Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION; - Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - Property.Attributes = 0; - Property.MinSize = 1; - Property.MaxSize = MAX_UINTN; - } - Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property); - - DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status)); - - ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - return Status; -} - /** Register SetVariable check handler. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c new file mode 100644 index 000000000000..1f7f0b7ef06c --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c @@ -0,0 +1,71 @@ +/** @file -- VariableLockRequstToLock.c +Temporary location of the RequestToLock shim code while +projects are moved to VariablePolicy. Should be removed when deprecated. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +#include + +#include +#include +#include + + +/** + DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING. + Mark a variable that will become read-only after leaving the DXE phase of execution. + Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed. + + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be made read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently. + + @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked + as pending to be read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request. +**/ +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewPolicy; + + NewPolicy = NULL; + Status = CreateBasicVariablePolicy( VendorGuid, + VariableName, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy ); + if (!EFI_ERROR( Status )) { + Status = RegisterVariablePolicy( NewPolicy ); + } + if (EFI_ERROR( Status )) { + DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status )); + ASSERT_EFI_ERROR( Status ); + } + if (NewPolicy != NULL) { + FreePool( NewPolicy ); + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 5fbec5cee8ab..2d1261ef0fba 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -49,6 +49,7 @@ VarCheck.c VariableExLib.c SpeculationBarrierDxe.c + VariableLockRequstToLock.c [Packages] MdePkg/MdePkg.dec @@ -70,6 +71,7 @@ TpmMeasurementLib AuthVariableLib VarCheckLib + VariablePolicyLib VariablePolicyHelperLib [Protocols] diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index bbc8d2080193..26fbad97339f 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -58,6 +58,7 @@ VariableExLib.c TcgMorLockSmm.c SpeculationBarrierSmm.c + VariableLockRequstToLock.c [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 62f2f9252f43..7c6fdf4d65fd 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -58,6 +58,7 @@ VariableExLib.c TcgMorLockSmm.c SpeculationBarrierSmm.c + VariableLockRequstToLock.c [Packages] MdePkg/MdePkg.dec -- 2.16.3.windows.1