From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.92.40.79]) by mx.groups.io with SMTP id smtpd.web10.1166.1589266060133748048 for ; Mon, 11 May 2020 23:47:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=FPDZWOiC; spf=pass (domain: outlook.com, ip: 40.92.40.79, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z3VaEdGsmdHpl3RRRFGE46GHk5ANDHEt63kL5W+ekYKOMLIs3rhJdyb2ZPIqFu+g2izMHtuBghtMNnvqgRLXse3zrIiMhWsJ9o5hg757CyhPdS3ldgWX7D58o2BswC8siZlAwML7AFRiytNndD3o2TKjS/2T/lHMp8UZzJ+Z5eno5am4wuPBRtIomBuKMqrx2yWVd6TPc9BpoEuOJsXJYG1Ld4QTNQNvbxKSN6hB9xdPCYA9Ix08gNrVtO8U0Q/SjwYC4qD1jsvIZPgNgNhJoiir7ZVB9CH9NoeLgRPpci6HGD7rcouqPoC3ImaFB5dWcHe/KvP3QvndMvquhbRUlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8wGVU1gc7gVVYysh4Qb1B2OmULl4Tbq3QIg6B5BmvG8=; b=cSsWacZTCTEXz7FWbY+J4/8+Wt7BoWS6Qo0any/hQKNPWgNg+Ys6M0Y63+pRAvYAH4FYgnSAn4dHIaUOrwahm46kNRVQJFNhKu7G/MnZgv/trcHvelHlxO/OvtiTXITPh304Lh0FYUeJUYegJtVgJ0n4OH96KyMZbtX9s64eD4Rlpyib8nlr4Iv2syq8iHFc8/ELUgQFBCfcZsCl3jHEhiJhEmnUb76rtrDCVvhqYoQUg0iq3CRPUWONOkE+nVt5Md7KQ/Fb7P8EemugMTh2Z2FUK8XqN2DPhCcvxV6H/kiBPA79OJ+AEsiejadGzJN/+YDshRuVPUS7r1Deeqonag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8wGVU1gc7gVVYysh4Qb1B2OmULl4Tbq3QIg6B5BmvG8=; b=FPDZWOiCIASotVg9DPcpAiMtTgcXbA5Tvcgbb/3k5eDI5PN+jgl4uwLpUsitoqqA+i+ndOEUjUFXlysIXmOo+G4ibyPW/IZ0jUkH1PnZaKF3AxQTuEt+hHI6RwwB672jpGs8Caa216YZY5fnl0KP84JKYDdzDkLrinnWY8zBVZZp0FoVt5zcH2E9eu5deXqNZEPg83p3qj3AzSUIUtTjJGipNAEQ+xJ55tvWUlsSqS4VQW2KBSBzIQN9fwcvWupf8SsnjxnzljPWNhqIhRK+Y0sS2ipf/KE8Wj7zvh1owe2EROPFc3648wn9NDgulXw/Jf1QIZjYOXJIkAXIf3jgIg== Received: from BN7NAM10FT010.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e8f::4a) by BN7NAM10HT173.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e8f::137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27; Tue, 12 May 2020 06:47:39 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e8f::4b) by BN7NAM10FT010.mail.protection.outlook.com (2a01:111:e400:7e8f::421) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 06:47:38 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:E51326916973779A561C316B45DB2D2E5F59766B7E2A0F2BA6D1CCD8E4B9FB7C;UpperCasedChecksum:84CFEF66F9846235B500C2D1C008319C532BDBE0889322F3ABCEDA3DCB9564AC;SizeAsReceived:7752;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.2979.033; Tue, 12 May 2020 06:47:38 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel Subject: [PATCH v2 11/12] OvmfPkg: Add VariablePolicy engine to OvmfPkg platform Date: Mon, 11 May 2020 23:46:34 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200512064635.14640-1-michael.kubacki@outlook.com> References: <20200512064635.14640-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MW2PR16CA0022.namprd16.prod.outlook.com (2603:10b6:907::35) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200512064635.14640-12-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:b:422:2743:5e95:81bb) by MW2PR16CA0022.namprd16.prod.outlook.com (2603:10b6:907::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 06:47:38 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200512064635.14640-12-michael.kubacki@outlook.com> X-TMN: [HPkI9tSKIYSGPbXbrtQF52NsBovxxCYmx0LRtXFZMKmrDniarmqmIOTlTuzbbSKi] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 80168c00-4d1c-4994-9029-08d7f6405c8f X-MS-TrafficTypeDiagnostic: BN7NAM10HT173: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mjr3wXtFK/i0ZtX93L2pmL62QjqixaEjgdu6N4YhXOEM6dhxxl5EtfN21hIJVhotXnfwiEWGKEO2/GxbPuBodVi6XgWwinoKTZzC7KZ0vgfdiBYI+KWse/h993YKXMUMBk3Dgy9ZOa7Mcq88ddzYlkDCwcPrhLOepDaTIigkSMfVh4KCcNSDWX298EET7scrByLAU/L66B0n+WYFqr+3UwVYQXx89TpDiQF5DIR7fTxp301oYo85N4bXL6I4Rml7 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: 49xws9qt2qzNUfF2TOOkrYl9WinGiJi43SMI57BtODm0YuWiFYVz1CQvXA2K9+jbfzinxVgk6MjZBZdfgV3TRY3flJrIHW6HmXSNoe8xaGzyLFIFq1HpUteN4DmpMhCrpfJrer1UN7nu2BJVTLjAyXIAB7GNYWBJd9Np9RWQT89xMrOGwwdTZYuvaYn1oI0E8FUW067NBQGjSJTdjWX/1A== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 80168c00-4d1c-4994-9029-08d7f6405c8f X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 06:47:38.9075 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7NAM10HT173 Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=2522 Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Michael Kubacki --- OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 41ac3202961b..7c7b33a8bec3 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -3,6 +3,7 @@ # # Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -196,6 +197,8 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf # @@ -334,6 +337,7 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf [LibraryClasses.common.UEFI_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -492,6 +496,9 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000 !endif + # Optional: Omit if VariablePolicy should be always-on. + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 @@ -945,6 +952,7 @@ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf } MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index c2f11aee2cec..8d5c6b3fc4b6 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -3,6 +3,7 @@ # # Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -200,6 +201,8 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf # @@ -338,6 +341,7 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf [LibraryClasses.common.UEFI_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -496,6 +500,9 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000 !endif + # Optional: Omit if VariablePolicy should be always-on. + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 @@ -959,6 +966,7 @@ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf } MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 643e6041ad53..960d43eb1e84 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -3,6 +3,7 @@ # # Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -200,6 +201,8 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf # @@ -338,6 +341,7 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf [LibraryClasses.common.UEFI_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -496,6 +500,9 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000 !endif + # Optional: Omit if VariablePolicy should be always-on. + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 @@ -956,6 +963,7 @@ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf } MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf -- 2.16.3.windows.1