From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Mon, 22 Jul 2019 13:27:19 -0700 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7002985376; Mon, 22 Jul 2019 20:27:18 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-23.ams2.redhat.com [10.36.117.23]) by smtp.corp.redhat.com (Postfix) with ESMTP id 24D2E19C6A; Mon, 22 Jul 2019 20:27:15 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 1/5] MdeModulePkg: Add header file for SecurityLockAuditLib To: devel@edk2.groups.io, zhichao.gao@intel.com Cc: Bret Barkelew , Jian J Wang , Hao A Wu , Ray Ni , Star Zeng , Liming gao , Sean Brogan , Michael Turner References: <20190722040204.33108-1-zhichao.gao@intel.com> <20190722040204.33108-2-zhichao.gao@intel.com> From: "Laszlo Ersek" Message-ID: Date: Mon, 22 Jul 2019 22:27:15 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190722040204.33108-2-zhichao.gao@intel.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 22 Jul 2019 20:27:18 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 07/22/19 06:02, Gao, Zhichao wrote: > From: Bret Barkelew > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2006 > > Add header file for SecurityLockAuditLib and add its > file path to dec file. > > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Ray Ni > Cc: Star Zeng > Cc: Liming gao > Cc: Sean Brogan > Cc: Michael Turner > Cc: Bret Barkelew > Signed-off-by: Zhichao Gao > --- > .../Include/Library/SecurityLockAuditLib.h | 47 +++++++++++++++++++ > MdeModulePkg/MdeModulePkg.dec | 4 ++ > 2 files changed, 51 insertions(+) > create mode 100644 MdeModulePkg/Include/Library/SecurityLockAuditLib.h > > diff --git a/MdeModulePkg/Include/Library/SecurityLockAuditLib.h b/MdeModulePkg/Include/Library/SecurityLockAuditLib.h > new file mode 100644 > index 0000000000..db3b145aba > --- /dev/null > +++ b/MdeModulePkg/Include/Library/SecurityLockAuditLib.h > @@ -0,0 +1,47 @@ > +/** @file > + > + This library implements the necessary functions > + to log hardware and software security locks for post-processing > + > + Copyright (c) 2018, Microsoft Corporation > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __SECURITY_LOCK_LIB_H__ > +#define __SECURITY_LOCK_LIB_H__ > + > + > +#define SECURITY_LOCK_REPORT_EVENT(LockMessage,LockType) \ > + SecurityLockReportEvent (&gEfiCallerIdGuid, __FUNCTION__, LockMessage, LockType); > + > +/** > + Enum to hold the various lock types for use in post-processing > + > +**/ > +typedef enum { > + SOFTWARE_LOCK = 0, > + HARDWARE_LOCK, > +} LOCK_TYPE; > + > + > +/** > + Function for security Lock event logging and reporting > + > + @param[in] Module GUID of calling module > + @param[in] Function Name of calling function > + @param[in] LockEventText Event text explaining what is locked > + @param[in] LockType Enumerated lock type for differentiation > + > +**/ > +VOID > +EFIAPI > +SecurityLockReportEvent ( > + IN GUID *Module, > + IN CONST CHAR8 *Function, > + IN CONST CHAR8 *LockEventText, > + IN LOCK_TYPE LockType > + ); > + > +#endif (1) Has support for conversion specifiers (i.e., a format string) been considered? Thanks! Laszlo > diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec > index 12e0bbf579..ee2828dd8e 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -153,6 +153,10 @@ > # > DisplayUpdateProgressLib|Include/Library/DisplayUpdateProgressLib.h > > + ## @libraryclass Provides a way for logging security locks > + # > + SecurityLockAuditLib|Include/Library/SecurityLockAuditLib.h > + > [Guids] > ## MdeModule package token space guid > # Include/Guid/MdeModulePkgTokenSpace.h >