From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.97]) by mx.groups.io with SMTP id smtpd.web10.3516.1609906409692983967 for ; Tue, 05 Jan 2021 20:13:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=Yw5mJQ+3; spf=pass (domain: microsoft.com, ip: 40.107.92.97, mailfrom: bret.barkelew@microsoft.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QTMounp5COVc6qaaQoCrJ2aXFPqUrenG7PXT1PpHHIIVYuCPN2eHfHZxHGcQh2yFb1EXbaMF93envFMKkdkQ9Ir5w0Zu39rsoc06crqgompEHY+hwCkJih/SXfs6KP9imAhy/B18kc61+9fd1hq64fTugSfQsNfTrL+5pOhntPZsvQeoRLUS8y/XjtDkV7yRfgA6UMMizBEUV9vEtKusK8cEu5MWW+tyM115FVAfSM+aKAwBN1TGBM6iy4RShLydDqx5cjb9kGy3xiajb5m96JufYLUcsCBQiz8xRO2OjCO+ekfTutrOYmD1mAJnHMA3HWeQdm05Ng8V8Bpf57fEIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MX3Bjnw/htHC2AQ/TkFkFQny87kG0cWi4DOT1AAHiV8=; b=BCDs7+0GVkd24oyf0RHQXy+MS0pYrfjvW9eWnZaeQ1+W4TJe+Urk/agUyWlL0sNgSXkRQtEzb2oU63cDPY/kM2AbrqnNTD9qMrqgdInrEOfj7jGrAHBuzfm+li9Vd0mw8n9XV/NX8TjbzMlnpHucreWB+eHZj+1mtLQ1VFr+HGIS90kd0JIws6Yxzf4/KJ09k6zwtNvxqv1jFA2Cd/7LlAuOerW7z2qVVNnQi3BBVQ3JNJNW8xt9VDsqSbMJ35QRoptRA7Z4RxfUhZRoL7Ndr9W1shzuSjdYet5W4uaup7FLYafvMpw1jl7idi5gMV5sc4ZWjDHW/rKc/HysEnaxtg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MX3Bjnw/htHC2AQ/TkFkFQny87kG0cWi4DOT1AAHiV8=; b=Yw5mJQ+3FNN7EQhbScsU2HtMJHQKdXE2VOrju/62Wr6sAHOpLXaEFmOZNtxzgwSJNqYo9I4C67HO6CqBAfLeR+Ag+yeo/1L3wBZgkBAoUAPGVwsBGkpX6ysIOi2wX0e7x7WBSd4JYOt9vQzUK+0f0aG5A4wghXaZUECVDBbzph4= Received: from (2603:10b6:300:76::10) by MW2PR2101MB1801.namprd21.prod.outlook.com (2603:10b6:302:5::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.0; Wed, 6 Jan 2021 04:13:27 +0000 Received: from MWHPR21MB0832.namprd21.prod.outlook.com ([fe80::a5f1:3119:28d8:808f]) by MWHPR21MB0832.namprd21.prod.outlook.com ([fe80::a5f1:3119:28d8:808f%8]) with mapi id 15.20.3763.002; Wed, 6 Jan 2021 04:13:27 +0000 From: "Bret Barkelew" To: "devel@edk2.groups.io" , "Kinney, Michael D" CC: Hao A Wu , Liming Gao Subject: Re: [EXTERNAL] [edk2-devel] [Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM Thread-Topic: [EXTERNAL] [edk2-devel] [Patch 1/1] MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM Thread-Index: AQHW498ji4kVBspyB0qqQDXLLeTt6KoZ/MJ+ Date: Wed, 6 Jan 2021 04:13:27 +0000 Message-ID: References: <20210106035043.1412-1-michael.d.kinney@intel.com> In-Reply-To: <20210106035043.1412-1-michael.d.kinney@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-01-06T04:13:12.7667983Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [174.21.79.155] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 3e67e5fc-61cf-4a34-7dcf-08d8b1f96b26 x-ms-traffictypediagnostic: MW2PR2101MB1801: x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lAJgk2yWuhf2vn1en1oeRcLY5dxZTGGdD3OienF+8NeSHy4D3tXXv8fELiQWGS7/RTg/Zeyb6zZ2OQ8KI7MrA1XroBa+eGUwdrK+VuT60NMDe/Ks9e/jrCb9Qy7Yfxl2Ot+BSI2QY55M7gGyeFnbk2mahaGsqF6pGd6DO9t3jRUIv3FPWR9ccA0ClUVwl7GFx7pxzRC3U/PJE/zTcrR2fffAoHhyh0lAgL6J7npJmiLLQbLzatk7zTeCEjuQgWv5J46MI5/5xts4QAcyBDDJcntAjgORUg7nyIciHKrmfdOrPnxOKDKZ4P5whuz8tphZhERQsw/C70kKjRmxOdCjF+//n7vlf0b6hxTyDFINBPldCf5kn6RrdnRKK1SseqJnR5hX7pxh8skrrgjwjZbR0XS5b2DwhncsZItiekQyhO8bbY/UarkDBjeDQLWA4+JNttUwGVecKZPRL5PTiNh7qQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR21MB0832.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(376002)(39860400002)(346002)(396003)(136003)(66476007)(966005)(66946007)(71200400001)(8990500004)(53546011)(55016002)(6506007)(76116006)(33656002)(54906003)(186003)(83380400001)(64756008)(52536014)(66446008)(8936002)(26005)(110136005)(166002)(7696005)(478600001)(10290500003)(82950400001)(5660300002)(82960400001)(2906002)(9686003)(66556008)(8676002)(316002)(86362001)(4326008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?7Q2/3iALiX6FEMdfMkvsyt78KeedHvhIe7DCH0LbtQBImQEugVASRQMwfoxR?= =?us-ascii?Q?llUZRsK/3Vq1HQxuwMNkvswEBX1jHwQ+azN8ZjTEOh1Ctn7nKpjht42bVLh/?= =?us-ascii?Q?xv7dnoHuwdUtXaZSMHlyMctrh2p2UqjdAR+sNHRfeNi9EXMjdT3qz2gByaL4?= =?us-ascii?Q?VzO1vWRFkFeMCkFViBWzd/dmAVPsTKe8QpSZb6Oq/XfCJTEI0tiH5F1R0cLU?= =?us-ascii?Q?F09o5nGrXROtuF/St2ejTrB1GJNE9GfMwbTPJDoRLyRFa0RyO54bL/SLZvTK?= =?us-ascii?Q?MJ5qI3uoQI3+ctyzf/RdujSdoU0+p/b7Z/Wkqo0lincqtNYaWvlXEv4uUs6J?= =?us-ascii?Q?SO6JqLU1P35fQ0pIrsDBzoGldZKKPY6QXSSURzVsK+Ixo7nkA9lf+BmTrz0g?= =?us-ascii?Q?T+zoC5lJpEi8/ukOhYjXnbZZEDY/B/i1E3eFuC0H5KUUdKaXi/kyqOtsPZWI?= =?us-ascii?Q?39GBFKUqnALbtrz3QMeWJRMHk37FkgJcPjz6A8J5NPIkptbMJKC8t4mGBgxK?= =?us-ascii?Q?yy1bBM1hnXv05MPe8C6IdH9+GA1zIzIuOc4FTzczuTrpVvhyKJHVCkUbdPOC?= =?us-ascii?Q?4Kn+84lbuQKtelu1w452jJxXCecg3xmcS45i4eHVUGckMB5nXT4I2P33C6Ob?= =?us-ascii?Q?1OCmIGZ9yMl5hZfheEjnAJeadI74ipQycTEzcvQPSudDUsDbtEEvifkQbi63?= =?us-ascii?Q?YlRJGY4TrVBotYTPeyT1BGWSTQ0xx6ceGjU5EuPaw62j5GcIEfxmtRzYrdjT?= =?us-ascii?Q?PS2H9XVvZNaplSwYO++gdh3R8NfInSJvCYxMt07ZQmHZALQXeSxutWcea2+4?= =?us-ascii?Q?TuoADSI/Iglspp25u1zxQlDS2O/0jY8tEtb6kljqGLEG/U4258yRVCUEnHOG?= =?us-ascii?Q?LnZquOkCcSiisUQsrk78AVJFF3eHXmPkohULjm+WegCunbsV59X5Cf58N004?= =?us-ascii?Q?B2Vywf/5t0OaRx/JyL4XywGQXaE8Seh2+RIeIufdv4QhP9stHE1StkmcDWOv?= =?us-ascii?Q?8BuK36N/n21Sk3NWEphPQKgEFg=3D=3D?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR21MB0832.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3e67e5fc-61cf-4a34-7dcf-08d8b1f96b26 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2021 04:13:27.4873 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yU+6D6Q1hhQUaTU/fj/ep3f8MPCRAQNfYLZmPFO4yJFNWSUBrCOPw53uhJqYvoaio4C1VyqsnEJWGWQXBrm1zA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR2101MB1801 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MWHPR21MB0832AFBEEDFC1366920731C9EFD09MWHPR21MB0832namp_" --_000_MWHPR21MB0832AFBEEDFC1366920731C9EFD09MWHPR21MB0832namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Bret Barkelew - Bret From: Michael D Kinney via groups.io Sent: Tuesday, January 5, 2021 7:51 PM To: devel@edk2.groups.io Cc: Bret Barkelew; Hao A Wu; Liming Gao Subject: [EXTERNAL] [edk2-devel] [Patch 1/1] MdeModulePkg/Library/VarCheck= Lib: Allow SetVariable from SMM REF: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fb= ugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3154&data=3D04%7C01%7Cbret.= barkelew%40microsoft.com%7Cdd8b9b71d99a4ae7056e08d8b1f64465%7C72f988bf86f14= 1af91ab2d7cd011db47%7C1%7C0%7C637455018562833685%7CUnknown%7CTWFpbGZsb3d8ey= JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&= ;sdata=3D0UiR50Bobd3%2BQdK9lRD3ffTSoaHCNbPlY40sVeTIx3s%3D&reserved=3D0 Update VarCheckLibSetVariableCheck() to allow locked variables to be updated if the RequestSource is VarCheckFromTrusted even if one or more variable check handlers return EFI_WRITE_PROTECTED. RequestSource is only set to VarCheckFromTrusted if the request is through the EFI_SMM_VARAIBLE_PROTOCOL. Cc: Bret Barkelew Cc: Hao A Wu Cc: Liming Gao Signed-off-by: Michael D Kinney --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg= /Library/VarCheckLib/VarCheckLib.c index 470d782444bf..9596d760e945 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c @@ -1,7 +1,7 @@ /** @file Implementation functions and structures for var check services. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck ( DataSize, Data ); + if (Status =3D=3D EFI_WRITE_PROTECTED && RequestSource =3D=3D VarChec= kFromTrusted) { + // + // If RequestSource is trusted, then allow variable to be set even = if it + // is write protected. + // + continue; + } if (EFI_ERROR (Status)) { DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Sta= tus, VendorGuid, VariableName)); return Status; -- 2.29.2.windows.2 --_000_MWHPR21MB0832AFBEEDFC1366920731C9EFD09MWHPR21MB0832namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Reviewed-by: Bret Barkelew <bret.barkelew@micros= oft.com>

 

- Bret

 

From: Michael D Kinney via = groups.io
Sent: Tuesday, January 5, 2021 7:51 PM
To: devel@edk2.groups.io
Cc: Bret Barkelew; Hao A Wu; Liming Gao Subject: [EXTERNAL] [edk2-devel] [Patch 1/1] MdeModulePkg/Library/V= arCheckLib: Allow SetVariable from SMM

 

REF: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzil= la.tianocore.org%2Fshow_bug.cgi%3Fid%3D3154&amp;data=3D04%7C01%7Cbret.b= arkelew%40microsoft.com%7Cdd8b9b71d99a4ae7056e08d8b1f64465%7C72f988bf86f141= af91ab2d7cd011db47%7C1%7C0%7C637455018562833685%7CUnknown%7CTWFpbGZsb3d8eyJ= WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&= amp;sdata=3D0UiR50Bobd3%2BQdK9lRD3ffTSoaHCNbPlY40sVeTIx3s%3D&amp;reserv= ed=3D0

Update VarCheckLibSetVariableCheck() to allow locked variables
to be updated if the RequestSource is VarCheckFromTrusted even
if one or more variable check handlers return EFI_WRITE_PROTECTED.
RequestSource is only set to VarCheckFromTrusted if the request
is through the EFI_SMM_VARAIBLE_PROTOCOL.

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 MdeModulePkg/Library/VarCheckLib/VarCheckLib.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg= /Library/VarCheckLib/VarCheckLib.c
index 470d782444bf..9596d760e945 100644
--- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
+++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
@@ -1,7 +1,7 @@
 /** @file
   Implementation functions and structures for var check service= s.
 
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR&= gt;
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR&= gt;
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck (
            &n= bsp;   DataSize,
            &n= bsp;   Data
            &n= bsp;   );
+    if (Status =3D=3D EFI_WRITE_PROTECTED && Reque= stSource =3D=3D VarCheckFromTrusted) {
+      //
+      // If RequestSource is trusted, then allow= variable to be set even if it
+      // is write protected.
+      //
+      continue;
+    }
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_INFO, "Variable Ch= eck handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));        return Status;
--
2.29.2.windows.2





 

--_000_MWHPR21MB0832AFBEEDFC1366920731C9EFD09MWHPR21MB0832namp_--