From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (NAM02-BL2-obe.outbound.protection.outlook.com [40.92.3.16]) by mx.groups.io with SMTP id smtpd.web11.3117.1590101112784851816 for ; Thu, 21 May 2020 15:45:13 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=d2SuImfg; spf=pass (domain: outlook.com, ip: 40.92.3.16, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aevUk0kuTCgIDhDLwpdHGOhk8GJk8GYyF44wttXtN9hPCXqlgRxDW2e8mcx3RZw8HJArOITuYaXxpluIs7YI0IOgX3RIHWdDCCnvHlCivYYmSSFWRfm39e/tjgO6ym1qsZFxrJsd/27rNIF/hQhkU9Mf7QdT3sxg538whMbE8ImSd8ZK/S0Xx9W/trgPpdOZOsaFpP4CrvUEz7yl+nH8Yoe7UxEBhiy4HLXPobTDqHQ31ml2tYiiJ91p8gt6nx/lFI1JDPw0gSSZBRn9n0hEUfd/LjSIFZ5QpRbJTzttgRpuRHj2BSxzqoQtXHVLfaAafOuVqwOw4axrHchcFgJfqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MVHiK4oEeLwH9LGDM+tM079V8KbXV+X+kj8Ik8fbfTE=; b=Sx1+nGdFSYns4smrxzZU8bNIrvEzmo0FofDTl/x1pU/LpgQbMJreXD30givzcJqwudLimqVVfbkCyyua/2ZDZwBzvvVj59DW4eYcciYHEYu6p+vkVbfJw3OLOjbIh09tjP5V2a8V/GESXfGBIV8YhB9hK/+ZtFWUZYUWjXxyln/OAVSAGcZbeely/GaEV3KOc+29pdCIoUsj3wSm86BkCGdXaBozNTwwzZRxCexUGDJIycUxC12U0Yx3DLlL1VTlaiJ2em1hsjuB53tcKdZiBPhahkq6X6UCIZiw/2s98VcTo9GVNACIXnXkVCO42A9IgvplSmUusjtwlQwCpQF2Xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MVHiK4oEeLwH9LGDM+tM079V8KbXV+X+kj8Ik8fbfTE=; b=d2SuImfgn5EVlcbb1N6TIrNp9gpZUTL+Pzdw8xn1e27r7w5t9fqfPrDmU2oMWTdQWPD6xBbbXKE5Y2NbKkAwmT4S3bEUMJWR6wkAwLl7ZAD8qP28PmSc5fRQWhqsdhArz2ux3Tv2Kr/dvFNvT8hR2t2SIlD6SiARGeOJlseg/m2T7pdP2cEIj49Ye1mvRAEgiRzdxC1GTzpocN8hP+nbTD5X/Gsf13REzammL76ZDN1IlPgyKd9ZFFILoh8y2BFudyQ4zkuq1wKUaEJ+SR0iGzakun/uFkDpzp2fthkZAKNMH/0GIRAluQFoJf5WVO3xTch3MPAvcPSvpNJs9hUkMA== Received: from CY1NAM02FT003.eop-nam02.prod.protection.outlook.com (10.152.74.58) by CY1NAM02HT266.eop-nam02.prod.protection.outlook.com (10.152.74.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23; Thu, 21 May 2020 22:45:11 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e45::53) by CY1NAM02FT003.mail.protection.outlook.com (2a01:111:e400:7e45::151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 22:45:11 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:C52FC2B10024397BB6A2BEEE86318697AC6CC4227DB8481E94D5B134D5C0FF19;UpperCasedChecksum:0161A5F9F7743E96B4B3CA78B09237D962A1E58A0D2FFB05B0CC6199892AFD39;SizeAsReceived:7860;Count:50 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.3021.020; Thu, 21 May 2020 22:45:11 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Jian J Wang , Hao A Wu , Liming Gao , Bret Barkelew Subject: [PATCH v3 13/14] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver Date: Thu, 21 May 2020 15:43:30 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200521224331.15616-1-michael.kubacki@outlook.com> References: <20200521224331.15616-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MWHPR12CA0071.namprd12.prod.outlook.com (2603:10b6:300:103::33) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200521224331.15616-14-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:1:2c94:8481:fffa:8ac5) by MWHPR12CA0071.namprd12.prod.outlook.com (2603:10b6:300:103::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 22:45:11 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200521224331.15616-14-michael.kubacki@outlook.com> X-TMN: [sdV5UlUrKu5Uwp8DFnbzPjlhGnrxD4LO2ycyhsokez+8zYrb38EARN9NCdTyjUv7] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 50 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 944e6807-deb0-4900-1f19-08d7fdd89ea4 X-MS-TrafficTypeDiagnostic: CY1NAM02HT266: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SoYn/kBBC1nTUgG/dZIB5QmUmF5LWAKJUzj6lzmhukXuZ3GfJLFOLzyFavLFV0RyDDuENXDy+tcg7Xaq1ZeSRu8Rlpuae2SkIE3nEla5kM7nluWW0Ke7c9gynciIY+rPJg+7FhDaYornkcbY+acuwjYNLEmnqQl0FCqa8HZ/7s/uOmiZtoWRSZC5r1vFjYYeM17YLBhCDQgDwCAf9MFD0sizxK61WCv07ZRTr6YRm7WxJ2+nHmHA3Bk7z6YTO2hz X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: KInpMMr57AVkDQjAqUeOHNlj0k8Hm/uhQ92Q0atilgOUjYjuMYmLsxmJiW5LSl0RtS951tSzLJQ4xHk9laChVLpKW3WKeTRP3zXshxwGchjInldKogxrdBE+eN1+gpb1ONMtpusD8gtdrM5uLn0oRqZK7OJmTIuFWy3RrITdTH5FlxU9p5fMUtixIwR7hiivJi3ICsWMEKWlN4Qz/8SQfA== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 944e6807-deb0-4900-1f19-08d7fdd89ea4 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2020 22:45:11.5192 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT266 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 Now that everything should be moved to VariablePolicy, drop support for the deprecated VarLock SMI interface and associated functions from variable RuntimeDxe. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Michael Kubacki --- MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 4= 9 +------------ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c | 7= 3 ++++++++++++++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | = 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | = 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | = 1 + 5 files changed, 77 insertions(+), 48 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeMod= ulePkg/Universal/Variable/RuntimeDxe/VarCheck.c index f15219df5eb8..3f1a4e0a1a67 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c @@ -3,60 +3,13 @@ and variable lock protocol based on VarCheckLib. =20 Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #include "Variable.h" =20 -/** - Mark a variable that will become read-only after leaving the DXE phase o= f execution. - Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTO= COL is allowed. - - @param[in] This The VARIABLE_LOCK_PROTOCOL instance. - @param[in] VariableName A pointer to the variable name that will be mad= e read-only subsequently. - @param[in] VendorGuid A pointer to the vendor GUID that will be made = read-only subsequently. - - @retval EFI_SUCCESS The variable specified by the VariableName= and the VendorGuid was marked - as pending to be read-only. - @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. - Or VariableName is an empty string. - @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has - already been signaled. - @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the l= ock request. -**/ -EFI_STATUS -EFIAPI -VariableLockRequestToLock ( - IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - EFI_STATUS Status; - VAR_CHECK_VARIABLE_PROPERTY Property; - - AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); - - Status =3D VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Pr= operty); - if (!EFI_ERROR (Status)) { - Property.Property |=3D VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - } else { - Property.Revision =3D VAR_CHECK_VARIABLE_PROPERTY_REVISION; - Property.Property =3D VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - Property.Attributes =3D 0; - Property.MinSize =3D 1; - Property.MaxSize =3D MAX_UINTN; - } - Status =3D VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Pr= operty); - - DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableN= ame, Status)); - - ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); - - return Status; -} - /** Register SetVariable check handler. =20 diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequest= ToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestTo= Lock.c new file mode 100644 index 000000000000..75aa69d499a5 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.= c @@ -0,0 +1,73 @@ +/** @file -- VariableLockRequestToLock.c +Temporary location of the RequestToLock shim code while +projects are moved to VariablePolicy. Should be removed when deprecated. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +#include + +#include +#include +#include + + +/** + DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING. + Mark a variable that will become read-only after leaving the DXE phase o= f execution. + Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTO= COL is allowed. + + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be mad= e read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made = read-only subsequently. + + @retval EFI_SUCCESS The variable specified by the VariableName= and the VendorGuid was marked + as pending to be read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the l= ock request. +**/ +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID VendorGuid + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewPolicy; + + NewPolicy =3D NULL; + Status =3D CreateBasicVariablePolicy ( + (CONST EFI_GUID *) &VendorGuid, + VariableName, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy + ); + if (!EFI_ERROR (Status)) { + Status =3D RegisterVariablePolicy (NewPolicy); + } + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTI= ON__, VariableName, Status)); + ASSERT_EFI_ERROR (Status); + } + if (NewPolicy !=3D NULL) { + FreePool (NewPolicy); + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.= inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index af2c51327e21..31b47f0e8ff6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -49,6 +49,7 @@ [Sources] VarCheck.c VariableExLib.c SpeculationBarrierDxe.c + VariableLockRequestToLock.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/M= deModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 1b069ea7ca40..612b8cb60f18 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -58,6 +58,7 @@ [Sources] VariableExLib.c TcgMorLockSmm.c SpeculationBarrierSmm.c + VariableLockRequestToLock.c =20 [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneM= m.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 2e1387541a88..82e01f4282fd 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -58,6 +58,7 @@ [Sources] VariableExLib.c TcgMorLockSmm.c SpeculationBarrierSmm.c + VariableLockRequestToLock.c =20 [Packages] MdePkg/MdePkg.dec --=20 2.16.3.windows.1