From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.57406.1681958872981609872 for ; Wed, 19 Apr 2023 19:47:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jyjHXJmw; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: linus.liu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681958873; x=1713494873; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NTIB6Yaczp4jvgdridhuMbKjVCFkhmXMx8UnezJ25cs=; b=jyjHXJmw7LKtBfgtkcp+seuhOc/I/6OdR0n/R+cU9MfYK6bFnE9fA3RF Ci+Q8GSMqGfypj00oqL0QFHDLlDaLvaHJCbiPO72BXqaJz9d8Ljco9OdJ vIa5LVOXKd37Rum9k8Kbq033DXR70TK6xQ477jjdnlT9FCY85sFxiBC8u NAAUzZ75kk8602/1ktmSfVKGIOkaG7HyypdxkO5mkaXJWUEISuifHI9bk fdJC+zuclq6wkPQSi1jb0QS6woB4Ogefip7XEg2A5Y2fD++77Rng1sB+O R/xoou7mjJDAh96b2wJUmULgbi51bXBRCf/BsAl88QnDtk+WlauHsyyBo g==; X-IronPort-AV: E=McAfee;i="6600,9927,10685"; a="410852001" X-IronPort-AV: E=Sophos;i="5.99,211,1677571200"; d="scan'208";a="410852001" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2023 19:47:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10685"; a="760974550" X-IronPort-AV: E=Sophos;i="5.99,211,1677571200"; d="scan'208";a="760974550" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga004.fm.intel.com with ESMTP; 19 Apr 2023 19:47:50 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Wed, 19 Apr 2023 19:47:51 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Wed, 19 Apr 2023 19:47:50 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Wed, 19 Apr 2023 19:47:50 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.177) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Wed, 19 Apr 2023 19:47:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jDymP4AUgHSKTHwlASdprzLL0OW+EF667ITtdrMPRt9jk9TOfgZp/dqyHhpuAhS9/tp4j9AAg0S1N7l2VhTTXTWK0MqLwvA3RrE61bmvnsTfty5TiR+lDjNQxy+8qJq4+sf3K20tsblr+ZYFOo7LweMLICePkNnBflYEet1xDkNuHqeWJsclgM0DOh9vsw0aqUvCrT+fm8d3fstZ9Xp1EqnRrJtIwUJZD8PB+gq6rLMze3Cu2F0UQzP0tFHDrGvIBXv1PdJtVrqOb4ITJ+TtNNoEawEdOwrpf+p4RiOa1PcOVGwPqYwmUhmICh+kNJQk7W9t6E3KK742xWv/T0n0rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OCKSLCMI/jI2vJ99MSwwYeEfLCUXI4n+i4LNeRRa/Ls=; b=IeV3twwREdqeSL+Ke/lr/m26MXHY88Iik6HEjUjsdNKGnsSrvyIU0U2Jzo25JVNHDAJwO+EOEHII2yX/K4b/pCg6JjwEVccU16ufm8xyL30V3Ptqy8A+HsXUsUVZkvpSj61+xDlx3h3vPZK6c8G5dspjvEjTbHW3cnWCiPO99TDPNkWrXBsc0TPGTGGKMIAZvFbmfoCY8vdM7qtNwU0eL1ogaSqDxP/ls2UBy2DJ/+4TLzHS43PeB7gxfLiHVRMuHCEmGbyS8lExQDVWhJiqv522E7mYIB6ggjixmMtgzl9SicH170PCcSYNsyFSgGIzZiytm+69S7S7VpvY6h8Zwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH7PR11MB5888.namprd11.prod.outlook.com (2603:10b6:510:137::11) by MW5PR11MB5859.namprd11.prod.outlook.com (2603:10b6:303:19e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Thu, 20 Apr 2023 02:47:49 +0000 Received: from PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523]) by PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523%8]) with mapi id 15.20.6298.045; Thu, 20 Apr 2023 02:47:48 +0000 From: "Linus Liu" To: "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Chu, Maggie" , "Kumar, Rahul R" , "Zhang, Qi1" Subject: Re: [edk2-devel] [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [edk2-devel] [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbWtKJT3ZFvnUck2HBwIkYZqnT68yAIXAgAGJcBA= Date: Thu, 20 Apr 2023 02:47:48 +0000 Message-ID: References: <175541A4396F6FE0.26696@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH7PR11MB5888:EE_|MW5PR11MB5859:EE_ x-ms-office365-filtering-correlation-id: 13ba3ec8-d89e-4972-627e-08db4149a085 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DlrrW1BupoctW6bmazNmbpEwmS8vmnzBO2ol6EH9KpES/MSL0rudtrSfUMWgUMqNIDo8eaBco2/MvnzCyzEbuT2UztXIYIo8LwTgRKMWEGwXQrYdENAcWGVGf6mkdTcD42upwenZifwPoQd2xRuqOvw0KrjMQcEJASzt7JPmJoTp9sQGU6YEAJJkBVLo9I0uU6Na3y5YxWZUGrxPQyMJCv0AgFROwrSJP5kTRtxpBZL4ijYKuvM/JSs+8TUO4F7p2fSk5btk/QKBoNtYAbaRzI6kfA7belPfcjy4IQ45pdUictSOIcSGPxcfn9XLAn27qyHQYzDbv568BrX04MAxExactI046J60bPA9OU3EIuYOhv09cWbIAHfZp+iPl+auO+r+NEQFXHhZyds9T35siowxbQj7uwhsJLxfSOcJnd13uvbtv6FqRTeqc3vEXtjidcOGjrFIEiemyFdGJHwcW3UgxcsCVvr9XCXzoKhcwPbt2udjmt7sApX93MHIkCwlQpzRFyES7btCaeQ1AgGkqQHMLTh8mpbrDyDyTvtMrUsSgjHeZG51FTmM2n3cOOc7icDpQu0v1aSHTSAXuTSMvczIGgVSNElKkAWoimdcaqyr+A0Qrr73yEZheL4aDkx025Xx/nce9EKPLOLopxTf/g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB5888.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(376002)(346002)(136003)(396003)(39860400002)(451199021)(6506007)(86362001)(9686003)(38070700005)(83380400001)(26005)(64756008)(33656002)(186003)(2906002)(107886003)(15650500001)(5660300002)(7696005)(966005)(52536014)(71200400001)(66899021)(8676002)(8936002)(66476007)(478600001)(54906003)(122000001)(38100700002)(82960400001)(41300700001)(66446008)(316002)(66556008)(66946007)(76116006)(4326008)(55016003)(6916009);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?BmBt8tUnkNkh/7GghgN+7yExmddYzQ28t0FN6YHMeKWKiRkOXL7DHowFXT4E?= =?us-ascii?Q?3UR85p6U/Mv1fjk2Nk+NEDhBFQMp60m9RurKtcJlX/9wV4jVonpnmoxfsp5b?= =?us-ascii?Q?/K3AkcfXkVg6xVv4l+kX4cnZ+Mtv8YBQzAirJoPN6uOts8Q2ZWyv4ZoEzWtv?= =?us-ascii?Q?SOFW5wtD1bsP8kpnXI8Zc/GkmWJyj4jiUqBLgRjWir6Gsa0WOInm1SpSZdeD?= =?us-ascii?Q?On8P5TZzu5sjPdHgapBgCEVlo3tFc9K630CDu5xRqz6zLvLNCVHyTEHgla2/?= =?us-ascii?Q?1fIFvF1511kR6fjCb6dMCNfcBuBpaAktnf6DI5cpYe+Ewxg84L0UUYesOQfX?= =?us-ascii?Q?xjy7OGTb9hyVQxh2L2YMnBOybIZpwOzMxSFbzEmp2GNxvnghnE6fK8JEsoFM?= =?us-ascii?Q?sWKG4PJnduh0YIqrOdvW4/MYc+mK7zLo1w1Zy2C6JAxVX5oDgRxIqffMhDnz?= =?us-ascii?Q?lRlnSSvSpDd4x71d32BYITBv9zFcC8DYCynPGyC75STAwza+DhdboLRgB6Zg?= =?us-ascii?Q?DRS08+rWXmOW3U4oxSNdt9Uf4Qi8LswUvStZe59iIND7W6jQxYEVobWHMbji?= =?us-ascii?Q?NkHc2inNLJ8/NdUWthtGn8W7NYsZmT60A9XDP0Y+u9Lw3YP69iIXLoQ0jYd2?= =?us-ascii?Q?E4tGw5BTx8hdBjcs5ob4spcH+EPlsVWmT2PHbnL+nfUGcnZJ51wAiZLr7xbL?= =?us-ascii?Q?AJ7LMFMlgzXc+lJeasocMoo2NwM9KTugRiEzfZSjTmf4vL1FO6Q+uKl3Wbdw?= =?us-ascii?Q?z6+E7RyYXoTdG3KxfRNDbZ3cTL5o+QRca5qkLQjRddU0CkoxiyWiI5noUf03?= =?us-ascii?Q?dD3BG8oLASVC9y94rwuIS+jLy0tPAd6CByWe/eaDGKtIFL5nErsqYJl2clHF?= =?us-ascii?Q?0yz3D0nNeEyRiMvSWo+SMA/eDvKsrq1XCUXlQzgZOTO88TJbQXHPG77K+TPt?= =?us-ascii?Q?GAARUCRZS0cSJzY46dfkzLo7XZu+Zj0ETgKyby5/rBNfingOcNWAB320W9Mh?= =?us-ascii?Q?KqMk9480yZ3VaEs3iO7JyqnzY40/PMLiKJXGFjdNmmi1XdkLYhrdt+T5s3md?= =?us-ascii?Q?m0D6+88DjaqMVz9jlFTq4l5SgG46lZGwJs5qXuy1Pyw/bq5Cdhb5QUGLCdDQ?= =?us-ascii?Q?L+67/8GZmpC7nKmOLyChMaxt7zY9c33AZJ/ikMrGfh1BdIuaK5OXDQOCqdw9?= =?us-ascii?Q?aryiErAimgPrWOzK6IWNxUzncpbNQi0spY+/0aAVvcez2Y+0E6TsRFX5xlVu?= =?us-ascii?Q?xDTiVA1LGUV2RxY7iLNfCxLlJWDrmGiJw5YfTlfdS6xwrtFuUypnMijxHgEA?= =?us-ascii?Q?K7/txtY5hCJGL6R796trvW7e5cCQ7muQ4ioD+5ArJDQyky5mQ8AnClPlQnND?= =?us-ascii?Q?SqSXpasBg8kKx7zacMQC2uULEqaSm/RhUG3PUN3K9kVPvrvUbJzk1dYFRWAY?= =?us-ascii?Q?tWARLeSS0Iv8CfaGN3Ut6wt3EX/UgeHIU7pcxTYz6WAKU43eeVA0ginKoWSi?= =?us-ascii?Q?9d1uqiYYrW98jOvhTw0bkVA21E5DIiUWlPj5E9TEYvVZ02/IKItAz7WVJfTu?= =?us-ascii?Q?c0Zp4kDbqK7neK2JqTpAAvv7n1rIn3VQgffsNfey?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5888.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 13ba3ec8-d89e-4972-627e-08db4149a085 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2023 02:47:48.4357 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: V8Cr0spVk4dolj/XmwxvVQj0rILFe5yY9ExpDwOWquD7y9UAqwRKfWvky5B0IdFeiTHyvIKDcPP152SIhvqnQg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR11MB5859 Return-Path: linus.liu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Qi1 and Jiewen Could you help to review this patch ? Thanks. From: Linus Liu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c Cc: Jiewen Yao Cc: Maggie Chu Signed-off-by: Linus Liu --- SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++----- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass= word/HddPasswordDxe.c index a1a63b67a4..c20fdbe83f 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ #include "HddPasswordDxe.h"+#include EFI_GUID mHddPasswordVendorGuid =3D HDD_PASSWORD_CONFIG_GU= ID; CHAR16 mHddPasswordVendorStorageName[] =3D L"HDD_PASSWORD_CONFIG";= @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( HDD_PASSWORD_DXE_PRIVATE_DATA *Private; VOID = *Registration; EFI_EVENT EndOfDxeEvent;- EDKII_VA= RIABLE_LOCK_PROTOCOL *VariableLock;+ EDKII_VARIABLE_POLICY_PROTOCOL *Var= iablePolicy; Private =3D NULL; @@ -2858,12 +2859,17 @@ HddPasswordDxeIni= t ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. //- Statu= s =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)= &VariableLock);+ Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProt= ocolGuid, NULL, (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) {- = Status =3D VariableLock->RequestToLock (- Vari= ableLock,+ Status =3D RegisterBasicVariablePolicy (+ = VariablePolicy,+ &mHddPasswordVendorGu= id, HDD_PASSWORD_VARIABLE_NAME,- = &mHddPasswordVendorGuid+ VARIABL= E_POLICY_NO_MIN_SIZE,+ VARIABLE_POLICY_NO_MAX_S= IZE,+ VARIABLE_POLICY_NO_MUST_ATTR,+ = VARIABLE_POLICY_NO_CANT_ATTR,+ = VARIABLE_POLICY_TYPE_LOCK_NOW ); DEBUG (= (DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __FUNCTION__, HDD_PASSWORD_VA= RIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status);diff --git a/SecurityP= kg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPassword/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include #include #include diff --git a/SecurityPkg/HddP= assword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib+ VariablePolicyHelperLib S3BootScript= Lib PciLib BaseCryptLib@@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassT= hruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid = ## CONSUMES- gEdkiiVariableLockProtocolGuid = ## CONSUMES+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES= [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUM= ESdiff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|= SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvis= ionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf+ VariablePolicyHelper= Lib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in= f [LibraryClasses.ARM, LibraryClasses.AARCH64] #--=20 2.33.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102903): https://edk2.groups.io/g/devel/message/102903 Mute This Topic: https://groups.io/mt/98224857/7575003 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [linus.liu@intel.com] -= =3D-=3D-=3D-=3D-=3D-=3D