From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.12422.1682658422212970035 for ; Thu, 27 Apr 2023 22:07:02 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=lwE2QKML; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: linus.liu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682658422; x=1714194422; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=eCAWumOJGAYrHUdDAxHltR/i1gIwNfK6rKboJwJESQ0=; b=lwE2QKML5ihfYiUES9sa7/JxSsVAUJOTk1QDXHcuMH7r/jb1Eh6mn2ZD GYeu62GPMD50QE+HVXI+V9jmmQKzU2NuR9ATEg0pVKM6r/RwYbMG3AHbu ky4MvEKzahwzcnuQl5uNEvIIPA9jOyD6F1YODXJWx0clvS+RQlTmLw7iS O7/+X+UNk8THPUKDicpFkSgnp2BVNJAf/mKXc4CP42wkbHBbW9OnijukX a90yRtKFDfI1vScU3K8qRlVy4TQqT33YuE9icd5C/PJ11wzqDk5mnwYMB c6Fm+xNi8zGmGelcubt8YngW3IHXWEo3VMEDzw3/9s6bm13erfa+AB39g Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10693"; a="346410689" X-IronPort-AV: E=Sophos;i="5.99,233,1677571200"; d="scan'208";a="346410689" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2023 22:07:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10693"; a="672024134" X-IronPort-AV: E=Sophos;i="5.99,233,1677571200"; d="scan'208";a="672024134" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga006.jf.intel.com with ESMTP; 27 Apr 2023 22:06:59 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 27 Apr 2023 22:06:59 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Thu, 27 Apr 2023 22:06:59 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.104) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Thu, 27 Apr 2023 22:06:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G1V8/bKfgFupVq0K72aTLXIbKP59InoYGHkG0NtzhbARjc9FakLcFK97r81SvIgO1q2hrylU9LTMxfbnjFx7eePCngtOkFkd4xkc3XUVWs0aWlGtiFXwoXH4WKBzVIX1c5l7U+KS83dVmW4CMaCXg6If3xOPUM1SMC+N/gny4koi7PYp6dmaG9/Sz+d/CwJhEzIr3wM8UJVnuoKDKDnc1OJpp6xRK39/paylNfdUXmdljJxHnzpyIcsB4PVOxf6O7f7KgsWis6Fvz9MiNpD2+xa3nu3H9xjxvg2NibeFH+kRKMDGR1kWCn/tVLoC6fCJ7/xUWfCg8F8PPxw366vmqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xLdfP5+IjWHiWOFl0S9g8BTMLWEQesRb77OI5dgPjVY=; b=THMBZsXKhlhG4SIFKT3aU3DrQM2LiB2v4vxSFkY86CKYl/xc/AaQbcx7Ro13LTR6KKCfPNH/+gCBnJGNfEeyOsboZ2xvOxeAY95DaBnVvq0khubVD9jnDeWxXCQjTYsigZN761OkPVLGduTqv2ciGk5Qw/54uoq3ZsMaIkbwrlI/AGOcF/Vrqs0DnHpFwSTyesZO0z39pwvKoAJd7YHnodiCLSiU0C5neLHWVFp6f1CCof5QJ7xJWOatvXs7Yia298ypTiOjUdNugXgW3HPkUtUtYXyqq0KUUFosiQ41vNWzBHJ8OwQxyGGtzR+ctA+U0e6YAMbdmPKJIfExpdVRyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH7PR11MB5888.namprd11.prod.outlook.com (2603:10b6:510:137::11) by LV2PR11MB5975.namprd11.prod.outlook.com (2603:10b6:408:17d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.22; Fri, 28 Apr 2023 05:06:57 +0000 Received: from PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523]) by PH7PR11MB5888.namprd11.prod.outlook.com ([fe80::ba8a:2867:509:b523%5]) with mapi id 15.20.6340.022; Fri, 28 Apr 2023 05:06:57 +0000 From: "Linus Liu" To: "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Chu, Maggie" , "Kumar, Rahul R" Subject: Re: [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZeXz3RXnN9bLXVUysNhhID6lvaa9AK2EQ Date: Fri, 28 Apr 2023 05:06:56 +0000 Message-ID: References: <20230428025543.127-1-linus.liu@intel.com> In-Reply-To: <20230428025543.127-1-linus.liu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH7PR11MB5888:EE_|LV2PR11MB5975:EE_ x-ms-office365-filtering-correlation-id: c0d69e3c-42d3-4333-2e09-08db47a6639f x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1r5QE3H3Pun3zbrwZJ1B3Xs5b2Q3mYLaEfxZLLgqWoz0qFeq3oTkhqPMzEo9eOSwyh+vHTSQX342pToDJWJTg1yhwibH0OdiPOru294BCMVXo5YxkXqJKxooDbOurvzqe1aWXxpbWfzX/nad5QyrJyFJb3NZnx7kWIg7EcsPWBwK6UHdHqFx8oArhj82n+cBrW5CcJ6DUGaAMReD7tZgVRi3/fZ/WVsRpvE2IydhnCWHYkw82I/C/iXtKtE34/btfPn40mfP3/kNEtjLlgOi1x/7S/0HRCgKDP4PkXYGsHqxYauEjMN9ag05lyuH1vELtyFDXzn++Bpmz47og9b8pbBdQgYFsaiWdWxPOn/LF5gYL/KsxO21ybdODdtcXDu9bfzAWyCHSHW/HCMzh46WyKvK5rvd043jA5RmAXO1xdIqFVdw0DTFUsy2zvzezoek8k4TrFMlOwHFtvSYS8U6mWxRsmUt3VMidGSBLHph3/ug7CwU6GCoDnX+fAosn4wxIWLgzoXehYKME3m4EGNkCcNsupbWsUNXvqdV8bITLOJ8sgjNVLhRz4A7cGN4iafZGYJjUsh9adlrAls7t93yRyaNIiuUakoY/5LeAiwX43c= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB5888.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(346002)(136003)(366004)(376002)(39860400002)(396003)(451199021)(38100700002)(82960400001)(71200400001)(478600001)(83380400001)(54906003)(7696005)(186003)(66946007)(76116006)(66556008)(64756008)(66476007)(316002)(6916009)(4326008)(66446008)(41300700001)(6506007)(26005)(9686003)(107886003)(86362001)(53546011)(8676002)(8936002)(122000001)(33656002)(38070700005)(2906002)(55016003)(966005)(52536014)(5660300002)(15650500001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?mOSjSMqWpD5F0uTQjvkac/ocV/UZ/FDEeLXlaT3xFR6j/RYPPHOVmH9G9GD4?= =?us-ascii?Q?kn0TRoVb0gudwO2FOU3EhTyQbC5a6qIxsF3r/cjyhcOPURZ0GKh6Hq75qjFz?= =?us-ascii?Q?RmAo4JoKyk84htHp9ZaAMWS/RwHjZHFJ4/2YjoT5jLZ+CRV6dEXuGpAolNRi?= =?us-ascii?Q?lkQHar4Zad2AEK3Pol3R/qNPYNVfuygNHkJCCTKqpd1sNGZLGVj4JMCNSPGu?= =?us-ascii?Q?al9207c5VEuo+wUekNGy5ZaKg2NpKU7VYMUqtjEWQw/zIAtAlOS2ckgCWPxg?= =?us-ascii?Q?I1y6uxZLrmhP57qOhcreG3ZS9P4ssRCqn+OUUEzqzBw/QDE1XgQ9xrT5JKWf?= =?us-ascii?Q?xDt20kzCaKu/k83s6d/pvqJ6HuV442bAylgcTevw+caM+srBt8g4gaEPg4lO?= =?us-ascii?Q?MP8GddXRUWe/anU0j9fMTlZEOT9ISM/Fm3m+DzaSSLf4jn1wU9wQk1DWZOCp?= =?us-ascii?Q?seFx954U2h8au3gUSz6N4L7yWJBCIfxazOtQShZxF9cUh+R6K+tNqUdKC2CO?= =?us-ascii?Q?Vix1tby//8oF6M2LvkFPNbqe5Y4jgLX/+elX5Tj/DncSmyZ5CnunUjvgJHph?= =?us-ascii?Q?oJklKG6Q/nt1uuK49ChPBixuiM9OVU4M/4aI7/hZazbxsCfa8Gg6adqfZFZu?= =?us-ascii?Q?rBVwRAV/RpEL0hrp1dOKKCnM4TpMj7M9wPob2npITjKrSlYPXaTHdRY5cyQv?= =?us-ascii?Q?wyujC05evi+1DMdo0YM7c+BxG2L0oT3GEMJY/lI2GEbZXQcYyZFYbUQo7lYK?= =?us-ascii?Q?Pw3M38+mjD9RPFN5ngqeGDxCNfY39XQ5Dmh8zADCYpv6nFKnRjvoeggquAgc?= =?us-ascii?Q?8BlweIR9EJ++td0LDu/yW0IE5n+43yP8GmWDHrLMHNUx+ixtbIPuTE+UZwoj?= =?us-ascii?Q?uwqAoL40YK81e1x1NSr0ubQGw/XwsUJuVsyabiU6Q/oZzrfg8cGz3+QQrxG0?= =?us-ascii?Q?UyTYGhmlyYCRyVzNc0GPZwOr5dDn6rJej0vEYtOWBx30YiY6wQIp7oNLhPHM?= =?us-ascii?Q?RbLf77zw2JwQwTkM5MJTxPUlYUpC+5jkavZ1Wg6HFL2g9Fv6G/h/e4+v+g/J?= =?us-ascii?Q?SX0t42Z55yymLMs3lk8X9kR4lb6pTX9h9TVTmpPpjopBRO5gfz6R0SfIDA3h?= =?us-ascii?Q?Ge0N/aisiHErg9pepF1jIKcxU+w5zrDvxz9suFUnUv8zv/PkmTi04cm1rl3J?= =?us-ascii?Q?5C6siKx2ExGNcdr0mNT3zy0vGYbTvNszDMEnyFPM/uVRd9tib6i9sKZIt/uz?= =?us-ascii?Q?dVuZ54WhDsONzg0PVX5AmzpcZejo/X82qXRBofhaHRdi6r3OtyGhQCmMEKqS?= =?us-ascii?Q?p60n5QOrB82qyc6oIpIoa6y0h4OvjdHHoT7xAqSotUhKYhF/pX/mrww4ej7A?= =?us-ascii?Q?dWJSC76FacsdTcDKb+ngbvV2wymE2ywbILW80AQxd+aCDKCQmWmFIig/Io+C?= =?us-ascii?Q?gnROUBll2iskaFfSb2uX0VbXx3GZIExM7xUHQJCBwrrrKwQLk3T5WKWKlOnC?= =?us-ascii?Q?mJAOMjEzfcRIPoHwk/LiUQR1IwQfiOx+zXW1Pg94WMsg+GQHY+aghAQ8vr3C?= =?us-ascii?Q?6VpOYI5DBJTtis5gOvU8nl0TMmjKndXYD6scTKXB?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB5888.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c0d69e3c-42d3-4333-2e09-08db47a6639f X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2023 05:06:56.4561 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: t5W8mWcpB/MKImweEopBi7APHMz1FRwXEVCRmjVYuiiwcMqx/xg+2FaYvEXA8Ie2JEhOufN+J+aNe3yPOP2GJQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR11MB5975 Return-Path: linus.liu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jiewen and Rahul R Please help to review the patch. Thanks -----Original Message----- From: Liu, Linus =20 Sent: Friday, April 28, 2023 10:56 AM To: devel@edk2.groups.io Cc: Liu, Linus ; Yao, Jiewen ; C= hu, Maggie ; Kumar, Rahul R Subject: [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to u= se Variable Policy From: Linus Liu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 Cc: Jiewen Yao Cc: Maggie Chu Cc: Kumar Rahul Signed-off-by: Linus Liu --- SecurityPkg/HddPassword/HddPasswordDxe.c | 20 +++++++++++++------- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass= word/HddPasswordDxe.c index 55dfb25886..86c11c749f 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ =20 #include "HddPasswordDxe.h" +#include =20 EFI_GUID mHddPasswordVendorGuid =3D HDD_PASSWORD_CONFIG_GUID; CHAR16 mHddPasswordVendorStorageName[] =3D L"HDD_PASSWORD_CONFIG"; @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( HDD_PASSWORD_DXE_PRIVATE_DATA *Private; VOID *Registration; EFI_EVENT EndOfDxeEvent; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; =20 Private =3D NULL; =20 @@ -2858,13 +2859,18 @@ HddPasswordDxeInit ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLock); + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,= (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) { - Status =3D VariableLock->RequestToLock ( - VariableLock, - HDD_PASSWORD_VARIABLE_NAME, - &mHddPasswordVendorGuid - ); + Status =3D RegisterBasicVariablePolicy ( + VariablePolicy, + &mHddPasswordVendorGuid, + HDD_PASSWORD_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PAS= SWORD_VARIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status); } diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPass= word/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include =20 #include #include diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPa= ssword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib + VariablePolicyHelperLib S3BootScriptLib PciLib BaseCryptLib @@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassThruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid ## CONSUMES - gEdkiiVariableLockProtocolGuid ## CONSUMES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES =20 [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro= visionLib/SecureBootVariableProvisionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf =20 [LibraryClasses.ARM, LibraryClasses.AARCH64] # --=20 2.39.2.windows.1