From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web10.29509.1681874492701615229 for ; Tue, 18 Apr 2023 20:21:33 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Ok3Y4GX7; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: linus.liu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681874492; x=1713410492; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=piMFtxACgu+QFDUhb8d9jZP83Bn1xNiBTRNsFAJQnMw=; b=Ok3Y4GX7iNtzspjXELCLgtv7V+mnmWKutliIMbZM8las9Ww6s9s7E0cS 6WE/aqvcDTLahl7dhBuSiOoe7YWHVwzYjBNlOn9Y8SaPwmAJUroomhBO0 IfSAV2DWf32tjkcWeiL/Fr18yOHOzub0ZlkPNbvzIxqlzpVs7YYk/78NO y5N7gBBzBsNz9ADyHDojR9cEqBlVE9R65NAJBtKdtkCFh8owemAd4z7GI crwg1ZgnF4O7PrKkIQIyxKg1vIFl0GNgjK8XZCBomtQABamoOP+Jji94N CCVuJkl3KUcLXwqAJJSOI1J1CyT9a3Pe+nPQ6Jx10cRoKLwU+f9HwVERQ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10684"; a="329514642" X-IronPort-AV: E=Sophos;i="5.99,208,1677571200"; d="scan'208";a="329514642" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2023 20:21:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10684"; a="835114541" X-IronPort-AV: E=Sophos;i="5.99,208,1677571200"; d="scan'208";a="835114541" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga001.fm.intel.com with ESMTP; 18 Apr 2023 20:21:28 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 18 Apr 2023 20:21:28 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 18 Apr 2023 20:21:28 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Tue, 18 Apr 2023 20:21:28 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.173) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Tue, 18 Apr 2023 20:21:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MHY8TQpp00UGAHIicohLffKk/i7N5bRsaysUtxO6nmIFUMa2/GL/oanFgoixCJqGVKyYTmP+YiFQn/I13DNHr5d9M+M5n8zc7g67BF7i4uoDLsnD+fEGbUzUHVwKQGLERhd612+XoB2KI6XzWGoqJcWSGRSf2NLH7ny7JMh4odFLzXqEcu/8j0UYnzba+0XO98IXmRSWmW1LNFbmAGCvKf7/bnLfPKTjaSOgW3X6edKxhcNDHXT3x36Vb8Fi+P1JSXQAqjw91Xchj4Q3ZiLwj5bdeMZTr//anUnpRMCr6Rj/1bqBYQDB9VTceEg0lzU7oIHKZPYlZ8wVPoyDVAtrEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qi1H6GhIH9XntaCxPBhiqewoXJxA2rE4rTFFverIEmY=; b=DjpZCPrsWVgsUnKV85Y5TuzDQPws3mJvn1QuKLMiZj73+9fCqQ2GsA+PooqBgpQn/275pIfPB9IVjN5ySDykHDpk1/qLO2LmxCYHJbw9PmWaozJ5NeXNW/Y8NxhsOxSj0O1u/u58JJi7E/0ph+/GraoSDRF7nGBDjGwc+ZfTqrfOP1BENW2ECLGhaobvRUMkliAYWjaZncwRXHgLqvUEI4fMcOUZqvQMEIoxw8pBTHc1FwyiO4J+aANXbP4PjsYWoh1BTbh+jGwLB4ImekAhuJarVj5FQAJ4UsR1K8FRJf9x03Mc5VnjGvakx15lTjxW6fB3zE1WXD08ae7NIeK63Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH7PR11MB5888.namprd11.prod.outlook.com (2603:10b6:510:137::11) by IA1PR11MB7853.namprd11.prod.outlook.com (2603:10b6:208:3f7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Wed, 19 Apr 2023 03:21:25 +0000 Received: from PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523]) by PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523%8]) with mapi id 15.20.6298.045; Wed, 19 Apr 2023 03:21:25 +0000 From: "Linus Liu" To: "devel@edk2.groups.io" , "Liu, Linus" CC: "Yao, Jiewen" , "Chu, Maggie" , "Zhang, Qi" , "Kumar, Rahul R" Subject: Re: [edk2-devel] [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [edk2-devel] [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbWtKJT3ZFvnUck2HBwIkYZqnT68yAIXA Date: Wed, 19 Apr 2023 03:21:25 +0000 Message-ID: References: <175541A4396F6FE0.26696@groups.io> In-Reply-To: <175541A4396F6FE0.26696@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH7PR11MB5888:EE_|IA1PR11MB7853:EE_ x-ms-office365-filtering-correlation-id: 9a8da746-6411-4ce0-e905-08db40852835 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /7Y5Ph9lmKB9epREjflIe01T0jAUugMiUSFgYTFvFW7RCxhGCUwi6hF/4cmUMfACJG9i1KAxtV7+rlP+B8RS0MpC+w5dSmUt+nS0aqiB3UT7SrO0Gv5he5jQqI/6cu754P7Y5KGQ5gUmorSo5vIxDHENiPBaH1C8Tzh7TOn4SUsmEijf4mY/OcEJDW/Uho9ISo52/fWayf84UBfFkZdYNzuQMSTkQyZOTTayjours0SolQSbcNX5v4lQwcV8DuThZtjnw09izDSP3tHerTXz4Qqf4rNLuVZ8HPyKO1av5+JqvvMYDVWStHMB+mfyp/RCj676ElcbMnUIPr/bEKzb82OiaSUkIUnHIv1I/A1aXQWPvEezywfiVp5hmo7AL4DGL112m2eMDLPgcAl0lVskiYnw/Rg4qfn/WoPseQneFoQjknY/yBCqycoc1wRGN461V2H1t6pltSvYPj3py3FlngRo9rSNb+7IWzUf6M5c1YuYs0N/bhRwD7mkOLVz4iVZQ3G1q0Ww1n9y+IvvsuQfacEh4PYs71qmpP2S91z4C76J7ZuOkZ6WKgIN4AuFvu0ajxqlA4441irwKALGQJgFfsVkIquard9Bhu12npI/EgUov9autkWrAlJ52d632Q13zi/gq7nTxL6Jw/t7cSR6MQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB5888.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(39860400002)(396003)(136003)(346002)(366004)(451199021)(66476007)(478600001)(71200400001)(38100700002)(8936002)(66899021)(8676002)(316002)(82960400001)(41300700001)(4326008)(55016003)(76116006)(66946007)(66446008)(66556008)(54906003)(122000001)(110136005)(186003)(15650500001)(107886003)(2906002)(38070700005)(26005)(83380400001)(64756008)(9686003)(6506007)(86362001)(33656002)(5660300002)(52536014)(966005)(7696005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NlKD6gy6IywH2dXZ3dlmsjOfuqWQwNdsKI3v77iNWFEqZLS7jVeMte96fZoM?= =?us-ascii?Q?o9I+g/f3Stg6x12qmmOkiYBp3pLv0PgfoQC6UbCLQS5WfUH9t/4LPpW2kFc/?= =?us-ascii?Q?8YFEFsqrVSx5zAE3uTj6CWUe/klrcjObHxqT6YQOkbTLxO1x2JX5EizPVEBE?= =?us-ascii?Q?r7s5k8R86OC/e01AGvrDN88QEB3KHpcg5DCzUVGlebLm9ku922cV5NW+AxFY?= =?us-ascii?Q?GSpsR7MwXNtVL4vxaBNFvTDWUsudIbuoAHNFnNbXt+65+EZqoC0VmtKy1brr?= =?us-ascii?Q?K7J7vpUSMM5xrooBeCZ4m0+bjotZfICzBMZXXud++c/YEgIAyWD7sR2wzncs?= =?us-ascii?Q?/d0vVAAe5AwVaQqMRjmUIL9bJyrUG5V4tQzkBm880Vf4jESwQA5rbcff+zB9?= =?us-ascii?Q?FRKAB8Ee2fGQksRvpOuBGUy/gPFucPrtr1t0XAoDeanaWZakAJ6/KdyhBmZl?= =?us-ascii?Q?s7KWeY9S+W9RwF+RopJO538pydv1awQ2eK6uKEqSLzqB53Fr11S354fG7NUU?= =?us-ascii?Q?R1fdA3Kni4c9FTw51fASDsROaq5KMKhk5mxzhi2zny5padC1Nkpv4wHGFsSG?= =?us-ascii?Q?ikzMR+af83qNRwvlbr8j3fawAj2xyS42eaZnT3j51jYDO6174ywJ8GwegF/D?= =?us-ascii?Q?9wXFAfC+lsjnxUK+nQBgu7OrQ5Ua/rloczek/qKlqx9f6zQto7CiVpm5RQ6g?= =?us-ascii?Q?8vkgss95iON8PwbBavdIpez8m04l0hM9uE7JuBsjW8jpRqLDCrOsG2BWXLn9?= =?us-ascii?Q?n2A1nj5N0dljJD1UnA36ZBbyoCas4UFVdupejvoXi/YhupfpuTsXMyBmkPWK?= =?us-ascii?Q?jypMJgR6DVyjkGxYcIh6MAVmRN/1pes4sTHcoNXIeHp5jLH2oBPWlSxzu9Vg?= =?us-ascii?Q?UUjHTBpgjr334BoE8DZJkJwYzy/VQeLJWYAUUb3UVNlaOYJDN3TPIPt0BAS8?= =?us-ascii?Q?L4UfTSNcOxdpgtIrU842RrIt1qbwINEFijlJmGjJb1/PodrX1uI6gaqr+br+?= =?us-ascii?Q?63Zodf22GwazkCSW/Dcgs0fhVDrRrpNLu4linWv4zmUr0qiVaKmZPxUybIbY?= =?us-ascii?Q?EjsIgw9GCQKRJfeeGpCZJeKLzx7ejszy6kPtjcEay4+FnCk198p3HZvrEilY?= =?us-ascii?Q?99PxoM8aheZzx5xxdAUZea0BsGAlMgy1QUPfqfVUj8pHgTDX2GimMcyISsPj?= =?us-ascii?Q?DCuaJd4XlEWc/R0GCTbKKBElCOBuORCmRRa0tF860YrAIto7r7wvJl+vYl4E?= =?us-ascii?Q?9OHGpWFaCjSDqtgJlDWmD7oYfugIVEhHfDPlfJr6zeC/0CxXdsDE/CX56q44?= =?us-ascii?Q?V3VqGARwuDTA95vqSaGojTpuQ8mE7O0GH3pYlGHsRr97lpiVyjfZ0BFDQ9F5?= =?us-ascii?Q?X75n7MsPCqIsxTlgLe3tuk8KJEdKXFTJiqdsG2z19e7QzsJ7X399YK8bjDjY?= =?us-ascii?Q?qvoWhronpYc3kQHNcFynrIlHDKZUlOT9ifGwZ8Vz6HVMktA2SmhWsF3yll9a?= =?us-ascii?Q?mUEd7xxH/0upiUrLZbqZ4UA52jRiH+7d/8Xy2mWev0pZIITBoX4ng8qyUh88?= =?us-ascii?Q?ZjLCSfaEYgikC3usaYmLceELbHtZG+Y+IfQf/YwR?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5888.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a8da746-6411-4ce0-e905-08db40852835 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2023 03:21:25.1946 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: n4snEaVYA2ag3iyHoyrWzyA9haPCOxGsGQ09YqFiw9EtdEi/eTG5kRRFuGWpv7ZZfcF+EC+MKd8DbgpbZhSeDQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB7853 Return-Path: linus.liu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Zhang and Kumar Could you help to review this patch ? Thanks. From: Linus Liu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c Cc: Jiewen Yao Cc: Maggie Chu Signed-off-by: Linus Liu --- SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++----- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass= word/HddPasswordDxe.c index a1a63b67a4..c20fdbe83f 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ #include "HddPasswordDxe.h"+#include EFI_GUID mHddPasswordVendorGuid =3D HDD_PASSWORD_CONFIG_GU= ID; CHAR16 mHddPasswordVendorStorageName[] =3D L"HDD_PASSWORD_CONFIG";= @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( HDD_PASSWORD_DXE_PRIVATE_DATA *Private; VOID = *Registration; EFI_EVENT EndOfDxeEvent;- EDKII_VA= RIABLE_LOCK_PROTOCOL *VariableLock;+ EDKII_VARIABLE_POLICY_PROTOCOL *Var= iablePolicy; Private =3D NULL; @@ -2858,12 +2859,17 @@ HddPasswordDxeIni= t ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. //- Statu= s =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)= &VariableLock);+ Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProt= ocolGuid, NULL, (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) {- = Status =3D VariableLock->RequestToLock (- Vari= ableLock,+ Status =3D RegisterBasicVariablePolicy (+ = VariablePolicy,+ &mHddPasswordVendorGu= id, HDD_PASSWORD_VARIABLE_NAME,- = &mHddPasswordVendorGuid+ VARIABL= E_POLICY_NO_MIN_SIZE,+ VARIABLE_POLICY_NO_MAX_S= IZE,+ VARIABLE_POLICY_NO_MUST_ATTR,+ = VARIABLE_POLICY_NO_CANT_ATTR,+ = VARIABLE_POLICY_TYPE_LOCK_NOW ); DEBUG (= (DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __FUNCTION__, HDD_PASSWORD_VA= RIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status);diff --git a/SecurityP= kg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPassword/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include #include #include diff --git a/SecurityPkg/HddP= assword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib+ VariablePolicyHelperLib S3BootScript= Lib PciLib BaseCryptLib@@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassT= hruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid = ## CONSUMES- gEdkiiVariableLockProtocolGuid = ## CONSUMES+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES= [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUM= ESdiff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|= SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvis= ionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf+ VariablePolicyHelper= Lib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in= f [LibraryClasses.ARM, LibraryClasses.AARCH64] #--=20 2.33.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102903): https://edk2.groups.io/g/devel/message/102903 Mute This Topic: https://groups.io/mt/98224857/7575003 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [linus.liu@intel.com] -= =3D-=3D-=3D-=3D-=3D-=3D