From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.100866.1683525202996189414 for ; Sun, 07 May 2023 22:53:23 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jLKzIkWl; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: linus.liu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683525202; x=1715061202; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=0Obnz/UgExxDv6z3QyjtYrGDaix3dCa5ZqsbJnhk/2k=; b=jLKzIkWlqGCrUGseVOwD/UHm2LT4+xidzegQ3g6nuuZLs7qMClGh+yVB 8HrHvktVn/8HsMcxx5oWFWVZMSFjpEtK6guAwvVaC66o4OF4nYfVNSyoe MNspKwRpX56dDmOip5FVsxHN8DOHX9Bx6q/63zMxryZl60JIxH9zmE7W2 Ug5+XtWqSaKEib9rYM0kCJuD4yrpIpe1goc1JYzNEhrWOvzy7+HW5OXA2 ZXbpH8zXG0dVnEhXOXvUBa+adyLM6aM9bhSLV6+icftXijIL+bgw79UcS 7vK5QNiqEtiT8+IiaMpQHrDHRkJqx/M9hkEfj63eRKRvaeik3lWZpejjB w==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="349596584" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="349596584" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 22:53:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="872665362" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="872665362" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga005.jf.intel.com with ESMTP; 07 May 2023 22:53:21 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 7 May 2023 22:53:21 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 7 May 2023 22:53:21 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Sun, 7 May 2023 22:53:20 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Sun, 7 May 2023 22:53:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c+nxee1UUbfT8iw6LWwUI2v1oPxEV88GNRbgW8Be2+G3Bv8N08pR4+Gbg6aptx7bshMZmiAXs/pbgcZlnurBXCrqXx9a5bTh6Di/WAvPkHCUiyl7MIVynqmRDy90niLPnoG1Dqddag6pxBo7GeO+bObYU2h8CZ8Hp59WcGJH1Uxti32aXZnIgcUwBueNqkH67KtTSZKEHNpOpGfbPHfhNj7eEtrmTDmZE4hKSfzX/V8J+WhpKYnCkMy1iIKqnJinZmp8tKy0nSm5YoG6cNQML083ELQt6aHFWMf10uDsWv1mq6k4qnN+6z4WvcpoFH+kFVEZzDm54Hig/PIA49BHBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K4K5PmdYJD6GiXbAsoYj98ISbl6jPGfnGWv72uZbkTI=; b=HuBIcEzhjo5Vb4Yu65N3P1dnYb+UxPl+QUo9J5RBT67HBXYrVyCyhLKRIOt9Fa/huvrp3ZVYoCLrzWaGOlK9desnsNcff2llIiH0NGP775R63XkveQNv5Kw52SF9XOYBAt3yz00p+h7bNzvXQKIDSuy2hypyxTKgVbO7P7YnOR6e8n8dLtafjmxyJ3mXiQ5DmTwlriMfVovSHxSmQNV6pe6VdFpX0O327WLMj88sNm2dz39rtIN9Ra7zbHMMy3WPIajp5Bvafd8Az0HL+7//JSqj9nVjGcoSZ0/l/sf50HpkSM+gPEkG7Zj0wOhUTf8lmt/hgRNpHdxjvRnSO4g+eQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH7PR11MB5888.namprd11.prod.outlook.com (2603:10b6:510:137::11) by CY5PR11MB6139.namprd11.prod.outlook.com (2603:10b6:930:29::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.32; Mon, 8 May 2023 05:53:17 +0000 Received: from PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523]) by PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523%3]) with mapi id 15.20.6363.032; Mon, 8 May 2023 05:53:17 +0000 From: "Linus Liu" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: FST-FIR-PRC , FST FIR Server , "Chu, Maggie" Subject: Re: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbFwCEyp1DQojiUOhgZhU7VP89a9HSFQQgACNz0CAAAvGMIABu1PQgAFQMhCAAG/OsIAEW4cggAAGp7CAAEodQA== Date: Mon, 8 May 2023 05:53:17 +0000 Message-ID: References: <20230411095524.1668-1-linus.liu@intel.com> <175C15AECAAF6F6F.898@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH7PR11MB5888:EE_|CY5PR11MB6139:EE_ x-ms-office365-filtering-correlation-id: dfac8ee6-9d30-4d46-71e1-08db4f888589 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: W2j0jZMK5ZZTdFSPJNBnhv+3UNDrCvfV+C9v6lYcBsSKgKlRTEMFeyraXZg9mGBRf7ooWFIPo+LQ8+DorciE53GXgWsDETi8ZNwTA4p3EEwt9nuf/eTtvfFeoZmqr6fpQ/QosR2tewHAHmgtd6k31EtH3g3Mz2lpCftH6KZGAngd2MPor4AlglF4/DoJKbKGZW+odNlb/wpybJjrSROAc93wal6IcI9+v/oCkhcbfHMORhwPZIk6aMczxnwYc2a7Yt10loFWDWhW2WDk/XN4hYLDIwMNVEcQOI3LDPMFtsIfdtLr6ClNqB5FjIC1UxS3I/PSBazhPKFgAfnLs7RCAagB1MuqvzW4V0ZpcDKH6yU47ZIE3pFXLsDPMEybr3Cy2PRj+Y+Xr+J9mf0PFnw+QeiB2xnlZAw6Gtx1hAhIpTQyqWi+hfUTWQ0EiJlpxuBJ5gI6m24IBQ+5cenLCBGOMq0UgYHJ/urqhoFg6iatycShALhom+dtI6E0Gn6UWGQ1RSsbV7QkwmLi+O3uaPGkHqr+9uQGrS6ElO7eG4ly6dkrd3BwCtNvghrEOWL17yach7C31d3XLJYgj/GIYD1jgGHfaNYFGK6ioTlnNjuPHMpYS6BSd1UypSko6jeqTrlWKaFIhNXcveHwVPYP8+VYdg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB5888.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(346002)(39860400002)(376002)(366004)(396003)(451199021)(86362001)(33656002)(110136005)(54906003)(316002)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(4326008)(966005)(7696005)(478600001)(55016003)(8676002)(8936002)(5660300002)(52536014)(71200400001)(30864003)(2906002)(15650500001)(41300700001)(38070700005)(99936003)(82960400001)(38100700002)(122000001)(186003)(107886003)(53546011)(9686003)(6506007)(26005)(83380400001)(66899021);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?QSHY37AzSOFK9brafpEPOyVTrKVYhRwoKV6UGyObc4hA51tchpKHKuWKJUM/?= =?us-ascii?Q?y8BIEWqc+PAo5jmx90nqZEBzL59ofEzEu1NrMiLAA+LAgeXSKO2+CLrsBNUU?= =?us-ascii?Q?6OhC657mzrUE7KXgqJGYdAroN+z0b7eEUFmYuEUXzlMuCJFSke0/eYudLUXe?= =?us-ascii?Q?oaunzx1qrqrE3I+jIGZ0dusBCR4GRyktssbjaqXVlH0mBMqjL7y1KKevaMKt?= =?us-ascii?Q?rX5TJmRxxB7NN0s7LuFXtWOqhqn88scgKzrEL6iUn/V4D7Hv8i49KJTRD6kM?= =?us-ascii?Q?VE8pkyR24m/7zR29h1flsOFlGhktvL/cTbJYW9ANt1ttINAiBfht5Vqo2UF9?= =?us-ascii?Q?Iwf9/PkGcYddZNV7cIQZD/FdzTT/a6SiG7FCLkMT3Q/8yb3Znmj5SHTfx9yy?= =?us-ascii?Q?hYGHZK1/vWLJkuWqpTbyluxDiCGK4GOLCR5RL7UomVOuil8OOabMWlOSbmih?= =?us-ascii?Q?H3g1YCiMhjNqyT6lvURzOS0kcZ8HlzqxsdFXRhtClvV5PYQrQNRcCvSsRZOW?= =?us-ascii?Q?j7i+iCD76iV8O/TWTLaPLMKC1+/GA4y54HySkyFQsVU2wW53jztCqYQtIthv?= =?us-ascii?Q?yzK3T+KFGdAUHpdse57YVlJ6hFB8q5nM5cnLeFpi+M3xZwj4u8Vp/btg8nDn?= =?us-ascii?Q?NHFBvhZkc0iU57uuqA1VVLlXC67C1JGN3sJSFBWedHo+QjHNjNjFIQ3gJv51?= =?us-ascii?Q?iI0O5qkPjjI0Sl5WF/AP8mbJHxrR3VkgATy0ehvyj3asVI1I1xwBNOsMUkR1?= =?us-ascii?Q?x9rPT+9ihmWt7JlgTZP+3bATT8/pdHAPoR/41kVKgRvhjHvY+KM8S+T+6M6q?= =?us-ascii?Q?lXO/XlwytXJ/zoXFClb2QKqa9gi1rta4FbnH1C/DggUCYr+JGnlMzFHVH7rH?= =?us-ascii?Q?mNfVCOym1FKxYpEYsIlkE5GTdNwHko2T10TUoKEZQ1K1d4U/pGN7+/A+fYfI?= =?us-ascii?Q?Ni7lhJwQxJxxTzEmdfZIeJUrV6ZsGNcNKhPe6mCM6j3IF88yaoq6k9os9T+Z?= =?us-ascii?Q?Ta+CM26Ui6YNCbRuJFU0Hr2qbBbV0VjWduseIStKxZcQY0/FxBkjCS5leRPN?= =?us-ascii?Q?E3p5EMKCDwBxdWoHjnmC0cP93iSzZIxhp4OJtz9ZwWMwJAj/bLHY9PAm3ukO?= =?us-ascii?Q?U65DeGYdVyDuFvO5qdrBh3VPO1NSQS+FTVzX1zvsgxyGk3S5yVXaAmAd5bUM?= =?us-ascii?Q?sVc3sVCkUIVqysOTkESJleGGviIFCSGhUku4JT3GY0UpHFfdYOzh7PEW+cas?= =?us-ascii?Q?5kjr5QZBpyod2N1IHtG3bLGm6Xaf4RVeNPdpMeLDuCFpNf7ZoTQ/ePmPXRZb?= =?us-ascii?Q?7YBs5cToDo3uh4qXPP6Otf46CDKGP0IyhNb4XT76MqgEDptFuVeEDki6u584?= =?us-ascii?Q?UWSXD5iTEXZun3NC6et/Cy0Fq7LizrSZDeO1DNjiSnRZKBd21KoY0BrYzM3L?= =?us-ascii?Q?YMMsFjuZlnFW9gp/7149FLjxazT3qnbIfX+FkWfYTKEC7m1J7wYboBqpjZ4b?= =?us-ascii?Q?GAAjvj6CqCMQaMU7Swj3cyPZp1YAK4mrckBkKcjqIzrBl4ojUVaqfbZD2cWU?= =?us-ascii?Q?3TRT1/fwHbjZNapzWdjkTOBA8jvhHaCyc6c/CSc+?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5888.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dfac8ee6-9d30-4d46-71e1-08db4f888589 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2023 05:53:17.7425 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bQpHaO5ckP/YjoeHehaj4Te8Cw0gued09TFxXwxVJwnoPm61cvRb70tGORimp90IKq+YMjyegHIK+FIDq8KWYQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR11MB6139 Return-Path: linus.liu@intel.com X-OriginatorOrg: intel.com X-Groupsio-MsgNum: 104247 Content-Language: en-US Content-Type: multipart/mixed; boundary="_002_PH7PR11MB58889C18656979DFA70DE2B1FC719PH7PR11MB5888namp_" --_002_PH7PR11MB58889C18656979DFA70DE2B1FC719PH7PR11MB5888namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jiewen I've resent the patch and verify the patch. https://github.com/tianocore/edk2/pull/4354 Thanks. -----Original Message----- From: Yao, Jiewen =20 Sent: Monday, May 8, 2023 9:30 AM To: Liu, Linus ; devel@edk2.groups.io Cc: FST-FIR-PRC ; FST FIR Server ; Chu, Maggie Subject: RE: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update HddPasswo= rdDxeInit to use Variable Policy https://github.com/tianocore/edk2/pull/4264 is from last month and it is ou= t of date. https://github.com/tianocore/edk2/pull/4334 failed in latest branch. Please try it again. Also, I see you always use [V1] in the patch title. That is very confusing. Please use V2, V3, etc whenever you send a new patch. Thank you Yao, Jiewen > -----Original Message----- > From: Liu, Linus > Sent: Monday, May 8, 2023 9:09 AM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: FST-FIR-PRC ; FST FIR Server=20 > ; Chu, Maggie > Subject: RE: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update=20 > HddPasswordDxeInit to use Variable Policy >=20 > Hi Jiewen > I did. > https://github.com/tianocore/edk2/pull/4264 >=20 > I think you used the previous patch. I've attached the latest patch. > Please help to check this . >=20 > Thanks. >=20 >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Friday, May 5, 2023 2:30 PM > To: devel@edk2.groups.io; Yao, Jiewen ; Liu,=20 > Linus > Cc: FST-FIR-PRC ; FST FIR Server=20 > ; Chu, Maggie > Subject: RE: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update=20 > HddPasswordDxeInit to use Variable Policy >=20 > It seems CI failure - https://github.com/tianocore/edk2/pull/4334 >=20 > Have you run CI before? >=20 >=20 >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Yao,=20 > > Jiewen > > Sent: Friday, May 5, 2023 7:50 AM > > To: Liu, Linus ; devel@edk2.groups.io > > Cc: FST-FIR-PRC ; FST FIR Server=20 > > ; Chu, Maggie > > Subject: Re: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update=20 > > HddPasswordDxeInit to use Variable Policy > > > > Sounds good. Thank you very much! > > > > Reviewed-by: Jiewen Yao > > > > > -----Original Message----- > > > From: Liu, Linus > > > Sent: Thursday, May 4, 2023 11:51 AM > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > Cc: FST-FIR-PRC ; FST FIR Server=20 > > > ; Chu, Maggie > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit > > > to use Variable Policy > > > > > > Hi Jieewn > > > Please refer the below reply. > > > > > > Have you done any function test? For example: > > > 1) The HDD password feature still works? > > > Linus : yes , HDD password feature still works. > > > > > > 2) The variable is really locked? > > > Linus : I've tried using dmpstore command to write HDDPassword in=20 > > > UEFI Shell. Can't override it. > > > > > > Please refer to the below log. > > > [2023-05-04 11:42:11.046] FS1:\> dmpstore -guid=20 > > > 737cded7-448b-4801- b57d-b19483ec606F -s HDDHDDPwd.txt > > > [2023-05-04 11:42:18.835] Save variable to file: HDDPwd.txt. > > > [2023-05-04 11:42:18.909] Variable NV+BS '737CDED7-448B-4801-B57D-=20 > > > B19483EC606F:HddPassword' DataSize =3D 0x48 > > > [2023-05-04 11:42:42.859] Load and set variables from file: HDDPwd.tx= t. > > > [2023-05-04 11:42:42.934] Variable NV+BS '737CDED7-448B-4801-B57D-=20 > > > B19483EC606F:HddPassword' DataSize =3D 0x48 > > > [2023-05-04 11:42:43.082] dmpstore: Failed to set variable HddPasswor= d: > > > Write Protected. > > > > > > > > > Thanks. > > > > > > -----Original Message----- > > > From: Yao, Jiewen > > > Sent: Wednesday, May 3, 2023 9:21 AM > > > To: Liu, Linus ; devel@edk2.groups.io > > > Cc: FST-FIR-PRC ; FST FIR Server=20 > > > ; Chu, Maggie > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit > > > to use Variable Policy > > > > > > That only proves that you did change the interface. But that=20 > > > cannot prove you change it right. > > > > > > Have you done any function test? For example: > > > 1) The HDD password feature still works? > > > 2) The variable is really locked? > > > > > > > > > > -----Original Message----- > > > > From: Liu, Linus > > > > Sent: Wednesday, May 3, 2023 8:40 AM > > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > > Cc: FST-FIR-PRC ; FST FIR Server=20 > > > > ; Chu, Maggie > > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update=20 > > > > HddPasswordDxeInit to use Variable Policy > > > > > > > > Hi Jiewen > > > > I add this patch into MTLS platform and collect the log. > > > > The below is before adding patch and after adding patch. There=20 > > > > is no warring message. > > > > > > > > > > > > Before > > > > > > > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B > > > > 67E4C490 > > > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 > > > > 68180030 > > > > !!! DEPRECATED INTERFACE !!! VariableLockRequestToLock() will go > > away > > > > soon! > > > > !!! DEPRECATED INTERFACE !!! Please move to use Variable Policy! > > > > !!! DEPRECATED INTERFACE !!! Variable: 737CDED7-448B-4801-B57D-=20 > > > > B19483EC606F HddPassword > > > > HddPasswordDxeInit(): Lock HddPassword variable (Success) > > > > > > > > > > > > After > > > > > > > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B > > > > 67EA1370 > > > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 > > > > 68153DB0 > > > > HddPasswordDxeInit(): Lock HddPassword variable (Success) > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Yao, Jiewen > > > > Sent: Wednesday, May 3, 2023 12:11 AM > > > > To: Liu, Linus ; devel@edk2.groups.io > > > > Cc: FST-FIR-PRC ; FST FIR Server=20 > > > > ; Chu, Maggie > > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update=20 > > > > HddPasswordDxeInit to use Variable Policy > > > > > > > > Thanks. The patch loos good to me. > > > > > > > > Would you please share with us, how you validate the patch? > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Liu, Linus > > > > > Sent: Tuesday, April 11, 2023 5:55 PM > > > > > To: devel@edk2.groups.io > > > > > Cc: Yao, Jiewen ; FST-FIR-PRC > > > > prc@intel.com>; FST FIR Server ;=20 > > > > > Chu, Maggie > > > > > Subject: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit > > > > to > > > > > use Variable Policy > > > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 > > > > > > > > > > Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c > > > > > Cc: Jiewen Yao > > > > > Cc: FST-FIR-PRC > > > > > Cc: FST FIR Server C > > > > > Cc: Maggie Chu > > > > > Signed-off-by: Linus Liu > > > > > --- > > > > > SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++---- > - > > > > > SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - > > > > > SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- > > > > > SecurityPkg/SecurityPkg.dsc | 1 + > > > > > 4 files changed, 14 insertions(+), 7 deletions(-) > > > > > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > b/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > index a1a63b67a4..c20fdbe83f 100644 > > > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > @@ -9,6 +9,7 @@ > > > > > **/ > > > > > > > > > > > > > > > > > > > > #include "HddPasswordDxe.h" > > > > > > > > > > +#include > > > > > > > > > > > > > > > > > > > > EFI_GUID mHddPasswordVendorGuid =3D > > > > > HDD_PASSWORD_CONFIG_GUID; > > > > > > > > > > CHAR16 mHddPasswordVendorStorageName[] =3D > > > > > L"HDD_PASSWORD_CONFIG"; > > > > > > > > > > @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( > > > > > HDD_PASSWORD_DXE_PRIVATE_DATA *Private; > > > > > > > > > > VOID *Registration; > > > > > > > > > > EFI_EVENT EndOfDxeEvent; > > > > > > > > > > - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; > > > > > > > > > > + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; > > > > > > > > > > > > > > > > > > > > Private =3D NULL; > > > > > > > > > > > > > > > > > > > > @@ -2858,12 +2859,17 @@ HddPasswordDxeInit ( > > > > > // > > > > > > > > > > // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. > > > > > > > > > > // > > > > > > > > > > - Status =3D gBS->LocateProtocol=20 > > > > > (&gEdkiiVariableLockProtocolGuid, NULL, (VOID=20 > > > > > **)&VariableLock); > > > > > > > > > > + Status =3D gBS->LocateProtocol=20 > > > > > + (&gEdkiiVariablePolicyProtocolGuid, > > > > > + NULL, > > > > > (VOID **)&VariablePolicy); > > > > > > > > > > if (!EFI_ERROR (Status)) { > > > > > > > > > > - Status =3D VariableLock->RequestToLock ( > > > > > > > > > > - VariableLock, > > > > > > > > > > + Status =3D RegisterBasicVariablePolicy ( > > > > > > > > > > + VariablePolicy, > > > > > > > > > > + &mHddPasswordVendorGuid, > > > > > > > > > > HDD_PASSWORD_VARIABLE_NAME, > > > > > > > > > > - &mHddPasswordVendorGuid > > > > > > > > > > + VARIABLE_POLICY_NO_MIN_SIZE, > > > > > > > > > > + VARIABLE_POLICY_NO_MAX_SIZE, > > > > > > > > > > + VARIABLE_POLICY_NO_MUST_ATTR, > > > > > > > > > > + VARIABLE_POLICY_NO_CANT_ATTR, > > > > > > > > > > + VARIABLE_POLICY_TYPE_LOCK_NOW > > > > > > > > > > ); > > > > > > > > > > DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n",=20 > > > > > __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status)); > > > > > > > > > > ASSERT_EFI_ERROR (Status); > > > > > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > b/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > index 231533e737..049a208794 100644 > > > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > @@ -17,7 +17,6 @@ > > > > > #include > > > > > > > > > > #include > > > > > > > > > > #include > > > > > > > > > > -#include > > > > > > > > > > > > > > > > > > > > #include > > > > > > > > > > #include > > > > > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > b/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > index 06e8755ffc..2c0ebbcc78 100644 > > > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > @@ -50,6 +50,7 @@ > > > > > PrintLib > > > > > > > > > > UefiLib > > > > > > > > > > LockBoxLib > > > > > > > > > > + VariablePolicyHelperLib > > > > > > > > > > S3BootScriptLib > > > > > > > > > > PciLib > > > > > > > > > > BaseCryptLib > > > > > > > > > > @@ -63,7 +64,7 @@ > > > > > gEfiHiiConfigAccessProtocolGuid ## PRODUCES > > > > > > > > > > gEfiAtaPassThruProtocolGuid ## CONSUMES > > > > > > > > > > gEfiPciIoProtocolGuid ## CONSUMES > > > > > > > > > > - gEdkiiVariableLockProtocolGuid ## CONSUMES > > > > > > > > > > + gEdkiiVariablePolicyProtocolGuid ## CONSUMES > > > > > > > > > > > > > > > > > > > > [Pcd] > > > > > > > > > > gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## > > > > CONSUMES > > > > > > > > > > diff --git a/SecurityPkg/SecurityPkg.dsc=20 > > > > > b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 > > > > > 100644 > > > > > --- a/SecurityPkg/SecurityPkg.dsc > > > > > +++ b/SecurityPkg/SecurityPkg.dsc > > > > > @@ -74,6 +74,7 @@ > > > > > > > > > > > > PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibV > > > > > PlatformPKProtectionLib|ar > > > > > PlatformPKProtectionLib|Po > > > > > licy/PlatformPKProtectionLibVarPolicy.inf > > > > > > > > > > > > > > > > > SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariabl > > > > > SecureBootVariableProvisionLib|eP ro > > > > > visionLib/SecureBootVariableProvisionLib.inf > > > > > > > > > > TdxLib|MdePkg/Library/TdxLib/TdxLib.inf > > > > > > > > > > + > > > > > > > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib > > > > > VariablePolicyHelperLib|/V > > > > > VariablePolicyHelperLib|ar > > > > > iablePolicyHelperLib.inf > > > > > > > > > > > > > > > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > > > > > > > > # > > > > > > > > > > -- > > > > > 2.33.1.windows.1 > > > > > > > >=20 > > --_002_PH7PR11MB58889C18656979DFA70DE2B1FC719PH7PR11MB5888namp_ Content-Type: message/rfc822 Content-Disposition: attachment; creation-date="Mon, 08 May 2023 05:53:12 GMT"; modification-date="Mon, 08 May 2023 05:53:16 GMT" Received: from CY8PR11MB7797.namprd11.prod.outlook.com (2603:10b6:930:76::21) by PH7PR11MB5888.namprd11.prod.outlook.com with HTTPS; Mon, 8 May 2023 04:21:09 +0000 Received: from SA1P222CA0146.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c2::28) by CY8PR11MB7797.namprd11.prod.outlook.com (2603:10b6:930:76::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.31; Mon, 8 May 2023 04:21:08 +0000 Received: from SN1NAM02FT0010.eop-nam02.prod.protection.outlook.com (2603:10b6:806:3c2:cafe::75) by SA1P222CA0146.outlook.office365.com (2603:10b6:806:3c2::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.32 via Frontend Transport; Mon, 8 May 2023 04:21:08 +0000 Received: from edgegateway.intel.com (134.134.137.103) by SN1NAM02FT0010.mail.protection.outlook.com (10.97.4.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.17 via Frontend Transport; Mon, 8 May 2023 04:21:08 +0000 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by edgegateway.intel.com (10.7.248.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 7 May 2023 21:21:03 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 7 May 2023 21:21:02 -0700 Received: from orsmga003.jf.intel.com (10.7.209.27) by orsmsx603.amr.corp.intel.com (10.22.229.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Sun, 7 May 2023 21:21:02 -0700 Received: from linusliu-desk1.gar.corp.intel.com ([10.5.215.134]) by orsmga003.jf.intel.com with ESMTP; 07 May 2023 21:21:00 -0700 From: "Liu, Linus" To: "devel@edk2.group.io" CC: "Liu, Linus" , "Yao, Jiewen" , "Chu, Maggie" , "Kumar, Rahul R" Subject: [PATCH v4] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [PATCH v4] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZgWSDN+HpL0rQdUGH5inhGgw0rQ== Date: Mon, 8 May 2023 04:20:51 +0000 Message-ID: <20230508042051.1934-1-linus.liu@intel.com> Content-Language: en-US X-MS-Exchange-Organization-AuthMechanism: 10 X-MS-Exchange-Organization-AuthSource: ORSMSX603.amr.corp.intel.com X-MS-Exchange-Organization-ComplianceLabelId: 12ee4da9-25d2-4141-a122-b55133cf49dd X-MS-Has-Attach: X-MS-Exchange-Organization-Network-Message-Id: 52e6402f-595f-40e7-8dcd-08db4f7ba5b4 X-MS-TNEF-Correlator: X-MS-Exchange-Organization-RecordReviewCfmType: 0 x-ms-exchange-organization-originalclientipaddress: 10.7.209.27 x-ms-exchange-organization-originalserveripaddress: 10.97.4.76 received-spf: Fail (protection.outlook.com: domain of intel.com does not designate 134.134.137.103 as permitted sender) receiver=protection.outlook.com; client-ip=134.134.137.103; helo=edgegateway.intel.com; x-ms-publictraffictype: Email X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097); X-Microsoft-Antispam-Message-Info: /3U6q23mwx2s3AhFp1iR0y9knx6bUnNpr+w1oxpUC2FAUMr8qxOlN60YT59cHygA75wRkBPmVKUO+tAno6NIM7qtUCsm2Q9E7BbR8v0IZKl1CeUYXUdgW/nSnule/JemICX8XSF4WImoFtmRMGKmMGeQHgtEO/Kocl7o/l9mqQFIW+MIknZD+MqO7bKcVtqgqedM22Gm5aqfzK9lqcOJj3FANxuWoeCOOXTCSPAWdm4nmHONnDDkbkNpu1oHqxYatzALklwbULa2zus5TzoT/IX7Pa+JF3zXaY0nCiufUN667S6YxHuB0Pu5Qf7V3GbX/mOSJ51Y2n3NUoLEyEDqEr+CbVfUpBm8Qw2xji4LPari3Ci7CdAZzpZp+p+ZGYnUlCvXjxTNqhSK+EvtKAD/iiFAHmD2YFG8t7tSj4jscuvtbplb8SmqM1QCIey4bAgN/a50nRP+QNqGCHRYQl3Z+6sW2M58Q5PSZ1IpLR0naAsxPOLeOtkYWABwrdDLez3LgVaDOfWj60yuV6157haULVMjddwiorfqX3l/GsHNYAMJ0DwCXkpHr4EjzwyxH6z79sHl+8EjwAPOTm6Mw2H22SZu55o6/Cs0WdhNU9cABd0xwTBI570JIe4fEm5FFS82GY/gZFcNq8oTC0+af52vdlHpUjIhruOnYiIPyvlB0m563MAWmEo6n1Koyz6wQXy1+SXS8C++NijpJ0E/NB8bmTalw1SpVY+Ba1r0j3b/sBORgVgLimHe6jERANBiZdSw Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 From: Linus Liu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 Cc: Jiewen Yao Cc: Maggie Chu Cc: Kumar Rahul Signed-off-by: Linus Liu --- SecurityPkg/HddPassword/HddPasswordDxe.c | 28 ++++++++++++-------- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass= word/HddPasswordDxe.c index 55dfb25886..6f36b5a0a2 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ #include "HddPasswordDxe.h" +#include EFI_GUID mHddPasswordVendorGuid =3D HDD_PASSWORD_CONFIG_GUID; CHAR16 mHddPasswordVendorStorageName[] =3D L"HDD_PASSWORD_CONFIG"; @@ -2818,11 +2819,11 @@ HddPasswordDxeInit ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - VOID *Registration; - EFI_EVENT EndOfDxeEvent; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + VOID *Registration; + EFI_EVENT EndOfDxeEvent; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; Private =3D NULL; @@ -2858,13 +2859,18 @@ HddPasswordDxeInit ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLock); + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,= (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) { - Status =3D VariableLock->RequestToLock ( - VariableLock, - HDD_PASSWORD_VARIABLE_NAME, - &mHddPasswordVendorGuid - ); + Status =3D RegisterBasicVariablePolicy ( + VariablePolicy, + &mHddPasswordVendorGuid, + HDD_PASSWORD_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PAS= SWORD_VARIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status); } diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPass= word/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include #include #include diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPa= ssword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib + VariablePolicyHelperLib S3BootScriptLib PciLib BaseCryptLib @@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassThruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid ## CONSUMES - gEdkiiVariableLockProtocolGuid ## CONSUMES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro= visionLib/SecureBootVariableProvisionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] # -- 2.39.2.windows.1 --_002_PH7PR11MB58889C18656979DFA70DE2B1FC719PH7PR11MB5888namp_--