From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web10.7952.1683074384188253782 for ; Tue, 02 May 2023 17:39:44 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=G2GUcbM2; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: linus.liu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683074384; x=1714610384; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=hKa3qukfs0lxl/F4UBbEjlWSEQhFhRLuVGaNDVrlR5o=; b=G2GUcbM2u8ZdjDTjLqWcFiiBa0Mk25mqSb6uk4/Li/V6ZVT9J9vP7kg2 gReHaSd9uKIXnIKmuBgAeTRouvDkmAQl6ZVK58f5ufdoON5WfMGDFRdYF OkxPMC3i1EhGzly221m0NqhPDBu1ZK47xi7C78hm+vmaf6KTGARn4sxIJ 3nceC1La62VRlUeZ6r3fblYeAyuBC+vIO8LZNP+9ow9phrqA/o2bW2OcD 5NrTYYNX+NJBlWeCEO2tVAiDXMgU1dKSnbMHFHAjvCcUSTdJClCjiCMbA Jd0aqGAUTHC/o+fHRgYVl+SyuXPViDI4d/0c9XGf3QbpmrYFB/YwOj+TJ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10698"; a="346019005" X-IronPort-AV: E=Sophos;i="5.99,245,1677571200"; d="scan'208";a="346019005" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 May 2023 17:39:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10698"; a="942647142" X-IronPort-AV: E=Sophos;i="5.99,245,1677571200"; d="scan'208";a="942647142" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga006.fm.intel.com with ESMTP; 02 May 2023 17:39:43 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 2 May 2023 17:39:43 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Tue, 2 May 2023 17:39:43 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.176) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Tue, 2 May 2023 17:39:43 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fw8jSGtowbGX7W/98yFckDrL4GRtWBqlQ//3usrSOAEaOQHvv4arY42WslODO6Vcl+mYPPkj2Tt4BNP2AgGzgLNN0tue+Y+Rd+OmJi0QczOaXT1is9vq1UNth+iXW4+8f7AJdddxcBhTMXhvMnoZMhPvGe/MbGt9WJgBAPDX1P9ikGnzlqwwUa+6Affwt6oGNcqQz1zYPRvk7+UQhjnxA1x27233fhVH/Dj6IRJWdqNWbdtmKLme+b7rTNnUJfXIc1SLaUrJLCyeEVQ9a7Si7BpMwh8J7zszHTueI5YOGT0R0EKjjzh0ymmjyYQqaWhItb2TlWqydZ6U8ozR7cCQmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AbNMA/8Zkz236Ch4dEngh6jqYJNw33O5XB/G9p+h6Kc=; b=BdXH/fYWLZjpDaJNly/K1bFOmBd50epdnhDzVdZLSi3Uu+n4f/0hKhYi42nH8DH2tPY7/C3yovbqBEikz/r6jIbYGrXG7btNSmJ+gUgPUkMVjuJ6BkOBKZasQ3NLbASqyrjmRyfh6aavGNRLnK+04lUoWTAKBSIvK2aF9iCX0Rs9jDWNzGpOBJDZE998qf/NxgMOM4HjfE7MnCr3PBvmEv+RWGrvdbkdKrwV6lKIBeZd7OJhTO0K3wCkqOKWVTggplBiCv7tTWtv2koN5VpHthCkMQlRpo96BvQ4IzjPolrFDRZNtN5qCLH6fwa+P1XJZwsWA12AvVzyKVi2IxLnDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH7PR11MB5888.namprd11.prod.outlook.com (2603:10b6:510:137::11) by MW4PR11MB7162.namprd11.prod.outlook.com (2603:10b6:303:212::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.31; Wed, 3 May 2023 00:39:41 +0000 Received: from PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523]) by PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523%3]) with mapi id 15.20.6340.030; Wed, 3 May 2023 00:39:41 +0000 From: "Linus Liu" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: FST-FIR-PRC , FST FIR Server , "Chu, Maggie" Subject: Re: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbFwCEyp1DQojiUOhgZhU7VP89a9HSFQQgACNz0A= Date: Wed, 3 May 2023 00:39:41 +0000 Message-ID: References: <20230411095524.1668-1-linus.liu@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH7PR11MB5888:EE_|MW4PR11MB7162:EE_ x-ms-office365-filtering-correlation-id: ef019e22-322a-4891-f6fd-08db4b6ee1e4 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +ouMTMYbZAaXYILaPDL6xrINgK7NgC4yyCUVoe/zXKUoQdU2CpAHHjl7UEK/L1z9sX6Rno4sGMo1fr00RWE4aanUPqfeRs7xn/+7aOBwIzTZg2q5gjBYScmyZS3kpYB/CB93clclrimb7z7cPdgc7qE6v7WI6M6Unpu/zLTQyR0bCBnglBizGh7stz3qajKI+fNsacU+09O7LvzLoTs48vbRfDUJe/1Rb/MF++nVAcARZDK7EghiAHB+UnbuHmj28JY1fqV+YsdeLfPEboaiEygARlk31jt95nuYtVjtzs4xsttAmYH6ZIxR5oVh/+Cdeo/HgnwyZbx5ohn8FzgEmD3S4BDwDpeMqPBbtvW0OdFyRbF/IIzyt23C1Lc8GRKkUSv3Kj/yEUsjm+TYlJcv3ipXmxUGahf7vvqIo1K3HNCXEh3GuwfdofdbVowpUuFaCu4UUwuz8f3KrOEMku0rs4FOex2nBQ5xXTAGNZrTyl+EQ6TMFVh9gbv4e9tBA8EoVkDh0Af9+ALUAXBVQco5krTqvVYeOOAuqv9rJ1fD92MX05BWgXHxtXf4SGPssAl7DQabnPvC2a957efQW3Mh18U9SIroqZ0VRWhDFDaUHWs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB5888.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(346002)(396003)(39860400002)(366004)(376002)(451199021)(76116006)(66476007)(6506007)(186003)(26005)(9686003)(4326008)(66946007)(64756008)(66446008)(66556008)(316002)(33656002)(8676002)(41300700001)(107886003)(53546011)(38100700002)(55016003)(110136005)(8936002)(5660300002)(52536014)(966005)(7696005)(71200400001)(82960400001)(54906003)(86362001)(38070700005)(478600001)(122000001)(15650500001)(2906002)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?miFw/XnqkUNoLgAziU0gJnznckKAW78nyM22waIchUoKR4RRKn9WcijaKkcz?= =?us-ascii?Q?TkyISA9wFDQeD80vk9CZQirds1RPmkNh9E5KpiyG/vIalM+fDeaouBI6b8AR?= =?us-ascii?Q?YxFfSjt4v7ETG9OG3TwUEKDbcCaq4oxwJmasaBm//F9vK1i2RRgxLKZZvBeO?= =?us-ascii?Q?F6v+aIAaeB9zSF8Nu7iF+SMT/R3nMezmtlm4LP+ZJZ8sv811PuC4975lJ0/h?= =?us-ascii?Q?O+z0FfX2EIN+Er00XHAwvSrGbN+tafEQ0v6/Q5f+YlwzxSLdZE9jk+QOh7cN?= =?us-ascii?Q?rwwZTGoqM/Ch/tdC2ut9bDKMVkKBvn+80zLzMuYPNTWjEHALxgkfS8LsZj3c?= =?us-ascii?Q?j6kQb1jE8T9BwRFZoItk9EJ44tSCcNxAavHGZq8FvUjzlgrn10v2jF/WXJPb?= =?us-ascii?Q?o3coyE/+k+K5F1To5weaAYD6euf3aOV1W0oej0vdGCBI6yJHVazPGKbo3feE?= =?us-ascii?Q?63Nsh8ABESS3MvOX8jJfL43sJH1GgpZe/J600dg4kCJXKRis4l8ZREAWs34g?= =?us-ascii?Q?J7gjvC/jT154rNGkqPsmLiiCowQeVm0lxoWPiJM94QYBwrpKlMZM8OBbIj8d?= =?us-ascii?Q?4TImDLWZ8JDk5cbF1jCnqCD/qPPT4VrDmcZ/HHWyihC/TER8NNW6/mHcRhsd?= =?us-ascii?Q?Snvh2U0teTLD/Fyh6dmNCi5eP+qD8CYRiZP4DVVktpmQ7l1YN2KPWFycqK5k?= =?us-ascii?Q?r7uYluf1aJyIqCy262SQzakujftSOCT0pUws0kGV9LYrI+SMDghqvGH49aqT?= =?us-ascii?Q?800SFJWxSgLDeKhjPp1/zdoxM1jxMAYZBwYeS9Fr8BjQ2BOblRBEhu+YLcB6?= =?us-ascii?Q?M74gQYPTcGEpGC+B3nF4ubtJ6S2I1KhlLk9TosLfOEw9KtMGGwHiZF7HJfyk?= =?us-ascii?Q?f1d2mqk+hQ4MkJjFuh3+AANLnrBM1VEK2UpAmE4QudmNNHbo0U6I6rezGW3P?= =?us-ascii?Q?9UM+izjz3hZMQUZlPP57n6/7X2ccpeHEZd+7agnNnIZpqOSdqai4pd2u2kpm?= =?us-ascii?Q?SvoUOV1meJZFUwm/JL5De8S7gDOn21GxRQTUX7oRE/iBV9+6vrFXo6V3dvo4?= =?us-ascii?Q?4Tiq4VO50IZeVZp2wQbkmEkTowY9bmfwqCb4jMLK4CnEhy2pwAqUtbJzrVsv?= =?us-ascii?Q?qvTkM8ag4CMLx8ZKvVrNi8jwjF5G148A91SdLzescjmFZ6yCfF0dwVT/w1qM?= =?us-ascii?Q?CwuNA9mP6+VmxqJ017dUyiiF4qWuA+7kxdKpAv/9bVEH00Cehn96aI9JEOHw?= =?us-ascii?Q?P3mBIuR326jVgSUI3dm70ihaN3NOR07RsxE499pXjaljbYIM3KDRrRT+BI6I?= =?us-ascii?Q?aIMlBoJMMFQKwRY67FXzzpzGByxBmgaJhCp30oUT3vE8PrzFv+BS2qaFbDHZ?= =?us-ascii?Q?ahrr68WuYzwHBtKcotCpxLiRnU+OSIJJn0vgPaO/V8LBT++OHWJGd4oeJlBA?= =?us-ascii?Q?rrmHpXBE/hXbhnECZ8AwfxV196msbjUINw+PRYZElHsYc8uPHt/iBFHZYUth?= =?us-ascii?Q?VKgInctAjy1OCa05dPYGCdtJxXaqIi97CcSU1Iu3ufre66q1DtF37tY+7RtG?= =?us-ascii?Q?HdFnnJLKSxSPrGC1yP4K8nH7N0ghee+tteBYCX7w?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5888.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ef019e22-322a-4891-f6fd-08db4b6ee1e4 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 May 2023 00:39:41.1293 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: gxtwXu7jR4INrvcMcmmLb5BYcbrrBV01idijg54hgEyoJgPhp8+M1uezYzZNqXV7Jy4CZx2qABeQqFbEzoUOLQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB7162 Return-Path: linus.liu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jiewen I add this patch into MTLS platform and collect the log. The below is before adding patch and after adding patch. There is no warrin= g message. Before InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B 67E4C490 InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 68180030 !!! DEPRECATED INTERFACE !!! VariableLockRequestToLock() will go away soon! !!! DEPRECATED INTERFACE !!! Please move to use Variable Policy! !!! DEPRECATED INTERFACE !!! Variable: 737CDED7-448B-4801-B57D-B19483EC606F= HddPassword HddPasswordDxeInit(): Lock HddPassword variable (Success) After=20 InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B 67EA1370 InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 68153DB0 HddPasswordDxeInit(): Lock HddPassword variable (Success) Thanks -----Original Message----- From: Yao, Jiewen =20 Sent: Wednesday, May 3, 2023 12:11 AM To: Liu, Linus ; devel@edk2.groups.io Cc: FST-FIR-PRC ; FST FIR Server ; Chu, Maggie Subject: RE: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to = use Variable Policy Thanks. The patch loos good to me. Would you please share with us, how you validate the patch? > -----Original Message----- > From: Liu, Linus > Sent: Tuesday, April 11, 2023 5:55 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; FST-FIR-PRC prc@intel.com>; FST FIR Server ; Chu, Maggie=20 > > Subject: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to=20 > use Variable Policy >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 >=20 > Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c > Cc: Jiewen Yao > Cc: FST-FIR-PRC > Cc: FST FIR Server C > Cc: Maggie Chu > Signed-off-by: Linus Liu > --- > SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++----- > SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - > SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- > SecurityPkg/SecurityPkg.dsc | 1 + > 4 files changed, 14 insertions(+), 7 deletions(-) >=20 > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c > b/SecurityPkg/HddPassword/HddPasswordDxe.c > index a1a63b67a4..c20fdbe83f 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c > @@ -9,6 +9,7 @@ > **/ >=20 >=20 >=20 > #include "HddPasswordDxe.h" >=20 > +#include >=20 >=20 >=20 > EFI_GUID mHddPasswordVendorGuid =3D > HDD_PASSWORD_CONFIG_GUID; >=20 > CHAR16 mHddPasswordVendorStorageName[] =3D > L"HDD_PASSWORD_CONFIG"; >=20 > @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( > HDD_PASSWORD_DXE_PRIVATE_DATA *Private; >=20 > VOID *Registration; >=20 > EFI_EVENT EndOfDxeEvent; >=20 > - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; >=20 > + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; >=20 >=20 >=20 > Private =3D NULL; >=20 >=20 >=20 > @@ -2858,12 +2859,17 @@ HddPasswordDxeInit ( > // >=20 > // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. >=20 > // >=20 > - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid,=20 > NULL, (VOID **)&VariableLock); >=20 > + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid,=20 > + NULL, > (VOID **)&VariablePolicy); >=20 > if (!EFI_ERROR (Status)) { >=20 > - Status =3D VariableLock->RequestToLock ( >=20 > - VariableLock, >=20 > + Status =3D RegisterBasicVariablePolicy ( >=20 > + VariablePolicy, >=20 > + &mHddPasswordVendorGuid, >=20 > HDD_PASSWORD_VARIABLE_NAME, >=20 > - &mHddPasswordVendorGuid >=20 > + VARIABLE_POLICY_NO_MIN_SIZE, >=20 > + VARIABLE_POLICY_NO_MAX_SIZE, >=20 > + VARIABLE_POLICY_NO_MUST_ATTR, >=20 > + VARIABLE_POLICY_NO_CANT_ATTR, >=20 > + VARIABLE_POLICY_TYPE_LOCK_NOW >=20 > ); >=20 > DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n",=20 > __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status)); >=20 > ASSERT_EFI_ERROR (Status); >=20 > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h > b/SecurityPkg/HddPassword/HddPasswordDxe.h > index 231533e737..049a208794 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.h > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h > @@ -17,7 +17,6 @@ > #include >=20 > #include >=20 > #include >=20 > -#include >=20 >=20 >=20 > #include >=20 > #include >=20 > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf > b/SecurityPkg/HddPassword/HddPasswordDxe.inf > index 06e8755ffc..2c0ebbcc78 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf > @@ -50,6 +50,7 @@ > PrintLib >=20 > UefiLib >=20 > LockBoxLib >=20 > + VariablePolicyHelperLib >=20 > S3BootScriptLib >=20 > PciLib >=20 > BaseCryptLib >=20 > @@ -63,7 +64,7 @@ > gEfiHiiConfigAccessProtocolGuid ## PRODUCES >=20 > gEfiAtaPassThruProtocolGuid ## CONSUMES >=20 > gEfiPciIoProtocolGuid ## CONSUMES >=20 > - gEdkiiVariableLockProtocolGuid ## CONSUMES >=20 > + gEdkiiVariablePolicyProtocolGuid ## CONSUMES >=20 >=20 >=20 > [Pcd] >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES >=20 > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc=20 > index 3bad5375c0..3c62205162 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -74,6 +74,7 @@ >=20 > PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVar > PlatformPKProtectionLib|Po > licy/PlatformPKProtectionLibVarPolicy.inf >=20 >=20 > SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableP > SecureBootVariableProvisionLib|ro > visionLib/SecureBootVariableProvisionLib.inf >=20 > TdxLib|MdePkg/Library/TdxLib/TdxLib.inf >=20 > + > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/V > VariablePolicyHelperLib|ar > iablePolicyHelperLib.inf >=20 >=20 >=20 > [LibraryClasses.ARM, LibraryClasses.AARCH64] >=20 > # >=20 > -- > 2.33.1.windows.1