From: "Michael Kubacki" <michael.kubacki@outlook.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Hao A Wu <hao.a.wu@intel.com>, Liming Gao <liming.gao@intel.com>,
Bret Barkelew <brbarkel@microsoft.com>
Subject: [PATCH v3 13/14] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
Date: Thu, 21 May 2020 15:43:30 -0700 [thread overview]
Message-ID: <MWHPR07MB3440AB54D5EBCA2EA9F315FAE9B70@MWHPR07MB3440.namprd07.prod.outlook.com> (raw)
In-Reply-To: <20200521224331.15616-1-michael.kubacki@outlook.com>
From: Bret Barkelew <brbarkel@microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=2522
Now that everything should be moved to
VariablePolicy, drop support for the
deprecated VarLock SMI interface and
associated functions from variable RuntimeDxe.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 49 +------------
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 73 ++++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 1 +
5 files changed, 77 insertions(+), 48 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
index f15219df5eb8..3f1a4e0a1a67 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
@@ -3,60 +3,13 @@
and variable lock protocol based on VarCheckLib.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Variable.h"
-/**
- Mark a variable that will become read-only after leaving the DXE phase of execution.
- Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
-
- @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
- @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
- @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
-
- @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
- as pending to be read-only.
- @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
- Or VariableName is an empty string.
- @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
- already been signaled.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
-**/
-EFI_STATUS
-EFIAPI
-VariableLockRequestToLock (
- IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- EFI_STATUS Status;
- VAR_CHECK_VARIABLE_PROPERTY Property;
-
- AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property);
- if (!EFI_ERROR (Status)) {
- Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- } else {
- Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
- Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- Property.Attributes = 0;
- Property.MinSize = 1;
- Property.MaxSize = MAX_UINTN;
- }
- Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property);
-
- DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status));
-
- ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- return Status;
-}
-
/**
Register SetVariable check handler.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
new file mode 100644
index 000000000000..75aa69d499a5
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
@@ -0,0 +1,73 @@
+/** @file -- VariableLockRequestToLock.c
+Temporary location of the RequestToLock shim code while
+projects are moved to VariablePolicy. Should be removed when deprecated.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/VariableLock.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+#include <Library/VariablePolicyHelperLib.h>
+
+
+/**
+ DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+ Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
+
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
+**/
+EFI_STATUS
+EFIAPI
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *NewPolicy;
+
+ NewPolicy = NULL;
+ Status = CreateBasicVariablePolicy (
+ (CONST EFI_GUID *) &VendorGuid,
+ VariableName,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW,
+ &NewPolicy
+ );
+ if (!EFI_ERROR (Status)) {
+ Status = RegisterVariablePolicy (NewPolicy);
+ }
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status));
+ ASSERT_EFI_ERROR (Status);
+ }
+ if (NewPolicy != NULL) {
+ FreePool (NewPolicy);
+ }
+
+ return Status;
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index af2c51327e21..31b47f0e8ff6 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -49,6 +49,7 @@ [Sources]
VarCheck.c
VariableExLib.c
SpeculationBarrierDxe.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index 1b069ea7ca40..612b8cb60f18 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -58,6 +58,7 @@ [Sources]
VariableExLib.c
TcgMorLockSmm.c
SpeculationBarrierSmm.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 2e1387541a88..82e01f4282fd 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -58,6 +58,7 @@ [Sources]
VariableExLib.c
TcgMorLockSmm.c
SpeculationBarrierSmm.c
+ VariableLockRequestToLock.c
[Packages]
MdePkg/MdePkg.dec
--
2.16.3.windows.1
next prev parent reply other threads:[~2020-05-21 22:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200521224331.15616-1-michael.kubacki@outlook.com>
2020-05-21 22:43 ` [PATCH v3 01/14] MdeModulePkg: Define the VariablePolicy protocol interface Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 02/14] MdeModulePkg: Define the VariablePolicyLib Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 03/14] MdeModulePkg: Define the VariablePolicyHelperLib Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 04/14] MdeModulePkg: Define the VarCheckPolicyLib and SMM interface Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 05/14] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Michael Kubacki
2020-05-22 21:41 ` [edk2-devel] " Laszlo Ersek
2020-05-22 22:35 ` [EXTERNAL] " Bret Barkelew
2020-05-25 18:02 ` Laszlo Ersek
2020-05-21 22:43 ` [PATCH v3 06/14] EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 07/14] ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform Michael Kubacki
2020-05-22 21:47 ` [edk2-devel] " Laszlo Ersek
2020-05-21 22:43 ` [PATCH v3 08/14] UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform Michael Kubacki
2020-05-22 0:29 ` [edk2-devel] " Ma, Maurice
2020-05-21 22:43 ` [PATCH v3 09/14] MdeModulePkg: Connect VariablePolicy business logic to VariableServices Michael Kubacki
2020-05-22 20:29 ` [edk2-devel] " Laszlo Ersek
2020-05-21 22:43 ` [PATCH v3 10/14] MdeModulePkg: Allow VariablePolicy state to delete protected variables Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Michael Kubacki
2020-05-21 22:43 ` [PATCH v3 12/14] MdeModulePkg: Change TCG MOR variables to use VariablePolicy Michael Kubacki
2020-05-21 22:43 ` Michael Kubacki [this message]
2020-05-21 22:43 ` [PATCH v3 14/14] MdeModulePkg: Add a shell-based functional test for VariablePolicy Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MWHPR07MB3440AB54D5EBCA2EA9F315FAE9B70@MWHPR07MB3440.namprd07.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox