From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.1478.1600788954027159001 for ; Tue, 22 Sep 2020 08:35:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Efcf8Odz; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jian.j.wang@intel.com) IronPort-SDR: YIrDm+XTpjWUE/3mM3APX+1iB3EfawuM0t6ifW9g5ln2pf0pwNtRkZ4zXioqzyfZTRaKSeNSt2 LBEgczyYkpFg== X-IronPort-AV: E=McAfee;i="6000,8403,9752"; a="160703846" X-IronPort-AV: E=Sophos;i="5.77,291,1596524400"; d="scan'208";a="160703846" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2020 08:35:52 -0700 IronPort-SDR: vTjNn6QollBaJvB56FAYJIlwSXzKl//9v79FSDte5YuEo16xNf2B0Q8MTmaE4ln/DBVG6j0mla L7PjGe/JhYPQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,291,1596524400"; d="scan'208";a="335062135" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga004.fm.intel.com with ESMTP; 22 Sep 2020 08:35:52 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 22 Sep 2020 08:35:52 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 22 Sep 2020 08:35:52 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.174) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 22 Sep 2020 08:35:49 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BsmGWdnHxxMbbojbUqgtY/Z65VxQOktajiOTRVFcFL1jn08mbc8c8fkqVPFhhNtNEEYr45VNaw4pO/aZ1DgPh+PVPp+n9CRzH2mAw8/zpqwlQLJmCYaSWdMnpljPSHboUSfUlA7PeEFLgJPryKcQoaMKoZbMBD32mHFSFPqjE/l/ECxvZsyxXU+gpGtaG7q9pZmsocv3nlH7cV10VoHxsERrv7pkYK7xLPyV+xKfV7r9DW91LCdbr1RuJuhPgz87r2Ny50Li+BOZFrUsrYLwg6+f5l2s/0toNz/doSzga94ez8Mqut6O8zPcCcQBH6LubBi1K0TaUEmuwnEqLfvJEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5sRFqGQokecIwjlJDq8LqZxsv7nhjno7I+b8shDL4Nw=; b=nYMTt0Xrr67PcjYUkr9a+KHFHkmE6OuUG6CpZcyukMyi72KRASLL3IU9vbGcO67d2lHr4jen2ru9GnZ3AoHknh5xyJlrYP0be3cE1WsbtHZcHgG/E0RPERIcPjEfORc91joxex3v7kVetgnnK/R//xZ0dfVv2PNznuxRKLJ3dU1vrgeNYtEgcK6TG7Bv5905nOeK8nCuVYeo01Eq9cpkmUlp3jxzbR3g8Y6oI98nK5NcysifOQ+XvDRCLHN/L57s6fIR2iGmrdAfMX7O/+yClxNxq/6ClqhmAiEmDrym0N2HhSJyh4ZL7AmLUNUfSpT0a2/YRYiLE6VEHxI7iB4rBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5sRFqGQokecIwjlJDq8LqZxsv7nhjno7I+b8shDL4Nw=; b=Efcf8OdzY8aOsDHnyTqXnIs6XMtkiLbBC3+YBwlPJnAx9iBdCYf8RdqicK3qP2Z6hulZ7+goidMyKdTuUWmLpmGRLq+0ZarQEmLFbxU9Elnnb1XYSlWBS762Ay/2shsydj6qNb6TJ+FKfDHgaruIMwKdESw6gY/Qu+axaMNbg1k= Received: from SN6PR11MB3312.namprd11.prod.outlook.com (2603:10b6:805:c8::14) by SA0PR11MB4637.namprd11.prod.outlook.com (2603:10b6:806:97::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.21; Tue, 22 Sep 2020 15:35:46 +0000 Received: from SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::a437:a214:838b:64f8]) by SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::a437:a214:838b:64f8%5]) with mapi id 15.20.3412.020; Tue, 22 Sep 2020 15:35:46 +0000 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "bret@corthon.com" CC: "Yao, Jiewen" , "Wu, Hao A" , "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , Andrew Fish , "Ni, Ray" , gaoliming Subject: Re: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature Thread-Topic: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature Thread-Index: AQHWfP9T194zYON1KEiiwG2cw0O8qal05VIg Date: Tue, 22 Sep 2020 15:35:46 +0000 Message-ID: References: <20200828055127.1610-1-brbarkel@microsoft.com> In-Reply-To: <20200828055127.1610-1-brbarkel@microsoft.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjM2NTAxYTUtODhjMy00Y2E5LWFkNTQtNGZlMWZiNDY1OTUxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiY1ZhQ3pxMGhzS3AyaHlRcVwvNStOT2dnKzlBUVNXWXFZMEdDXC9qSGpjRnJpMVY0YlNIRkxPSk5lV1p3WExBM1R2In0= dlp-reaction: no-action dlp-version: 11.5.1.3 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.229.184.76] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b0972358-5264-4f2b-57a7-08d85f0d2cba x-ms-traffictypediagnostic: SA0PR11MB4637: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1xzATflzd0SD3rM5AODoEgJC4xAZS/2xGiQrYg3MhXYwoMdgQEh7CTQlJJo6KW0zOmkrC5nxirD8smZ7PkGMZmjzpSIJI9bsuQZM6cWzaVhcHeJA/M/SqPj7EXMUAXHwe+BEcKL7TDgOrIO236snuaA1EeI9AA0eK6jy5CDwhNwLg7jtFmx3ru2/ld3B5ktHqwKQxAjttnYxzmotJsZ+ZrVFl0m5RJvlQ7cP8Pm9rRyHv4nM5FLxmRBXHE7X60jXJEtTLHSnlhEW0WyfUXq4adgR1STa+xY3zrHhJmpESxwO3pfrP1QjXF86izeFUNjTVaxTYycTs6FWyb/ulldOhH1/rtIHvZKfXe80Qxwv7PA1ztNEd9tCvdoGU/ty8dCq0S0TmxEE+IUs55xS3bLJUw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB3312.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(136003)(346002)(39860400002)(396003)(966005)(64756008)(19627235002)(71200400001)(4326008)(8936002)(8676002)(86362001)(2906002)(316002)(83380400001)(7696005)(53546011)(186003)(54906003)(66556008)(76116006)(52536014)(5660300002)(66446008)(66476007)(66946007)(6506007)(26005)(30864003)(478600001)(9686003)(110136005)(33656002)(55016002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: k5EbyIDmrqLRtB7+hu2b+RCU5IHcOHghh/hVcGQ9p4XGIeK9LV7O4qVOzjiRzwmgC39Q5eeoCcYfcGX2VUEANXK5zniYGrcfSXcd43UFwpIC/8i7XPaX/uTxPrDNxVTnC9CP78fogHjbVstNwBMDMOsiywFkzonDO3AIsRtvmv3/a9r55swhksjizGTp5eaINExRYycbP5qInxpsql7fQ7v9ffZzXfRUwK3sGGaEXwFRujA1+pUqnPtcY+ahTjZeWN+U2GLuXv/1E9Dt4sbOYfOdb3L14uksNL04DeHoOK/n1Th3p6u/h6Z1GZXCet9RC9OLzciXeJjFNSyfHgx4zirAtmOduNNDAdscjPXLNdBS6KIx61Bv+CQqYdCJdoHxYfTtdEZ/OLR0Yq47qktk/OUv1cEa5hqGjEDZPC7T2HpubCHPnEnW66q369nzfKJeCbvbF9A1zBblStil4obJ4e4OgGjKSTJatPxP/1taTv+C41HgluUmwJGku3SrN04nl5UQuNvGXUjyFswGVgHKLC5xh6EbmFtfmT5f2T85y4Y7lT9V2HyJmu2DXVLFwPdoJ3IIrNno8leqLdRcb0e2slKAArGaTRboqWkKpjViEGv0shC6rYf6rtKWDtrm/6LdN2x60SfoZx5DqZSvcg8ghA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3312.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0972358-5264-4f2b-57a7-08d85f0d2cba X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 15:35:46.0549 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UOR2koX4WqWmkaBokS5AWSQaBnUhxuicXdCNZD3sUCecCDVgL1/HMBgyXTGZpsGqza6JoWqR2a1TYrkI/u9NqQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4637 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Bret, If someone has given same comments as below, please just ignore them. Sorr= y for the late feedback. Patch 09: LockVariablePolicy () is called inside a debug macro. In release= build it will be replaced with empty. If this is really what you want, please add c= omments in code to explain your purpose. ASSERT_EFI_ERROR (LockVariablePolicy ()); Patch 13: The file name VariableLockRequstToLock.c has a typo 'Requst' -> 'Request' Patch 02, 03, 04, 09, 12, 13, 14 have many inconsistent coding style, espe= cially the spaces in function/macro calling. For example, AllocatePool( NewSize ); vs DumpVariablePolicy (NULL, &TempSize); Please refer to "EDK II C Coding Standards Specification" ch5.2.2 "Horizon= tal Spacing" for details. With above addressed (for patch 01-04, 09-14), Acked-by: Jian J Wang > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Bret > Barkelew > Sent: Friday, August 28, 2020 1:51 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Chao Zhang > ; Wang, Jian J ; Wu, Hao = A > ; Gao, Liming ; Justen, Jordan= L > ; Laszlo Ersek ; Ard Biesh= euvel > ; Andrew Fish ; Ni, Ray > > Subject: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature >=20 > The 14 patches in this series add the VariablePolicy feature to the core= , > deprecate Edk2VarLock (while adding a compatibility layer to reduce code > churn), and integrate the VariablePolicy libraries and protocols into > Variable Services. >=20 > Since the integration requires multiple changes, including adding librar= ies, > a protocol, an SMI communication handler, and VariableServices integrati= on, > the patches are broken up by individual library additions and then a fin= al > integration. Security-sensitive changes like bypassing Authenticated > Variable enforcement are also broken out into individual patches so that > attention can be called directly to them. >=20 > Platform porting instructions are described in this wiki entry: > https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Pro= tocol- > --Enhanced-Method-for-Managing-Variables#platform-porting >=20 > Discussion of the feature can be found in multiple places throughout > the last year on the RFC channel, staging branches, and in devel. >=20 > Most recently, this subject was discussed in this thread: > https://edk2.groups.io/g/devel/message/53712 > (the code branches shared in that discussion are now out of date, but th= e > whitepapers and discussion are relevant). >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Liming Gao > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Andrew Fish > Cc: Ray Ni > Cc: Bret Barkelew > Signed-off-by: Bret Barkelew >=20 > v7 changes: > * Address comments from Dandan about security of the MM handler > * Add readme > * Fix bug around hex characters in BOOT####, etc > * Add additional testing for hex characters > * Add additional testing for authenticated variables >=20 > v6 changes: > * Fix an issue with uninitialized Status in InitVariablePolicyLib() and > DeinitVariablePolicyLib() > * Fix GCC building in shell-based functional test > * Rebase on latest origin/master >=20 > v5 changes: > * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c > * Fix EFIAPI mismatches in the functional unittest > * Rebase on latest origin/master >=20 > v4 changes: > * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from > platforms > * Rebase on master > * Migrate to new MmCommunicate2 protocol > * Fix an oversight in the default return value for InitMmCommonCommBuffe= r > * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume varia= bles >=20 > V3 changes: > * Address all non-unittest issues with ECC > * Make additional style changes > * Include section name in hunk headers in "ini-style" files > * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver > (now allocates its own buffer) > * Change names from VARIABLE_POLICY_PROTOCOL and > gVariablePolicyProtocolGuid > to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid > * Fix GCC warning about initializing externs > * Add UNI strings for new PCD > * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg > * Reorder patches according to Liming's feedback about adding to platfor= ms > before changing variable driver >=20 > V2 changes: > * Fixed implementation for RuntimeDxe > * Add PCD to block DisableVariablePolicy > * Fix the DumpVariablePolicy pagination in SMM >=20 >=20 > Bret Barkelew (14): > MdeModulePkg: Define the VariablePolicy protocol interface > MdeModulePkg: Define the VariablePolicyLib > MdeModulePkg: Define the VariablePolicyHelperLib > MdeModulePkg: Define the VarCheckPolicyLib and SMM interface > OvmfPkg: Add VariablePolicy engine to OvmfPkg platform > EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform > ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform > UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform > MdeModulePkg: Connect VariablePolicy business logic to > VariableServices > MdeModulePkg: Allow VariablePolicy state to delete protected variables > SecurityPkg: Allow VariablePolicy state to delete authenticated > variables > MdeModulePkg: Change TCG MOR variables to use VariablePolicy > MdeModulePkg: Drop VarLock from RuntimeDxe variable driver > MdeModulePkg: Add a shell-based functional test for VariablePolicy >=20 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > | 345 +++ > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c > | 396 ++++ > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c > | 46 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx= e.c > | 85 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c = | > 830 +++++++ >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo= licy > UnitTest.c | 2452 ++++++++++++++++++++ >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFunc= T > estApp.c | 2226 ++++++++++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c > | 52 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c > | 60 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c > | 49 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > | 53 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c > | 71 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > | 642 +++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > | 14 + > SecurityPkg/Library/AuthVariableLib/AuthService.c = | 22 > +- > ArmVirtPkg/ArmVirt.dsc.inc = | 4 + > EmulatorPkg/EmulatorPkg.dsc = | 3 + > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h = | > 54 + > MdeModulePkg/Include/Library/VariablePolicyHelperLib.h = | > 164 ++ > MdeModulePkg/Include/Library/VariablePolicyLib.h = | 207 > ++ > MdeModulePkg/Include/Protocol/VariablePolicy.h = | 157 > ++ > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > | 42 + > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > | 12 + > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in= f > | 35 + > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un= i > | 12 + > MdeModulePkg/Library/VariablePolicyLib/ReadMe.md = | > 410 ++++ > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf = | > 49 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > | 12 + > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf > | 51 + >=20 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo= licy > UnitTest.inf | 45 + > MdeModulePkg/MdeModulePkg.ci.yaml = | 8 +- > MdeModulePkg/MdeModulePkg.dec = | 26 +- > MdeModulePkg/MdeModulePkg.dsc = | 9 + > MdeModulePkg/MdeModulePkg.uni = | 7 + > MdeModulePkg/Test/MdeModulePkgHostTest.dsc = | > 11 + > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md > | 55 + >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFunc= T > estApp.inf | 47 + >=20 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTest= Au > thVar.h | 128 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > | 5 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > | 4 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > | 11 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > | 4 + > OvmfPkg/OvmfPkgIa32.dsc = | 5 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 5 + > OvmfPkg/OvmfPkgX64.dsc = | 5 + > OvmfPkg/OvmfXen.dsc = | 4 + > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf = | 2 > + > UefiPayloadPkg/UefiPayloadPkgIa32.dsc = | 4 + > UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc = | 4 + > 49 files changed, 8865 insertions(+), 79 deletions(-) > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe= .c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo= licy > UnitTest.c > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFunc= T > estApp.c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c > create mode 100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib= .h > create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h > create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf > create mode 100644 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni > create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf > create mode 100644 > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo= licy > UnitTest.inf > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFunc= T > estApp.inf > create mode 100644 > MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTest= Au > thVar.h >=20 > -- > 2.28.0.windows.1 >=20 >=20 >=20