From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Mon, 22 Jul 2019 13:27:19 -0700
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7002985376;
	Mon, 22 Jul 2019 20:27:18 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-23.ams2.redhat.com [10.36.117.23])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 24D2E19C6A;
	Mon, 22 Jul 2019 20:27:15 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH 1/5] MdeModulePkg: Add header file for SecurityLockAuditLib
To: devel@edk2.groups.io, zhichao.gao@intel.com
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>,
 Jian J Wang <jian.j.wang@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Ray Ni <ray.ni@intel.com>, Star Zeng <star.zeng@intel.com>,
 Liming gao <liming.gao@intel.com>, Sean Brogan <sean.brogan@microsoft.com>,
 Michael Turner <Michael.Turner@microsoft.com>
References: <20190722040204.33108-1-zhichao.gao@intel.com>
 <20190722040204.33108-2-zhichao.gao@intel.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <bb43dcc9-e005-665f-fe3a-5b4431a2946c@redhat.com>
Date: Mon, 22 Jul 2019 22:27:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20190722040204.33108-2-zhichao.gao@intel.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 22 Jul 2019 20:27:18 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 07/22/19 06:02, Gao, Zhichao wrote:
> From: Bret Barkelew <Bret.Barkelew@microsoft.com>
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2006
> 
> Add header file for SecurityLockAuditLib and add its
> file path to dec file.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Liming gao <liming.gao@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Michael Turner <Michael.Turner@microsoft.com>
> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  .../Include/Library/SecurityLockAuditLib.h    | 47 +++++++++++++++++++
>  MdeModulePkg/MdeModulePkg.dec                 |  4 ++
>  2 files changed, 51 insertions(+)
>  create mode 100644 MdeModulePkg/Include/Library/SecurityLockAuditLib.h
> 
> diff --git a/MdeModulePkg/Include/Library/SecurityLockAuditLib.h b/MdeModulePkg/Include/Library/SecurityLockAuditLib.h
> new file mode 100644
> index 0000000000..db3b145aba
> --- /dev/null
> +++ b/MdeModulePkg/Include/Library/SecurityLockAuditLib.h
> @@ -0,0 +1,47 @@
> +/** @file
> +
> +  This library implements the necessary functions
> +  to log hardware and software security locks for post-processing
> +
> +  Copyright (c) 2018, Microsoft Corporation
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __SECURITY_LOCK_LIB_H__
> +#define __SECURITY_LOCK_LIB_H__
> +
> +
> +#define SECURITY_LOCK_REPORT_EVENT(LockMessage,LockType) \
> +      SecurityLockReportEvent (&gEfiCallerIdGuid, __FUNCTION__, LockMessage, LockType);
> +
> +/**
> +  Enum to hold the various lock types for use in post-processing
> +
> +**/
> +typedef enum {
> +  SOFTWARE_LOCK = 0,
> +  HARDWARE_LOCK,
> +} LOCK_TYPE;
> +
> +
> +/**
> +  Function for security Lock event logging and reporting
> +
> +  @param[in] Module                   GUID of calling module
> +  @param[in] Function                 Name of calling function
> +  @param[in] LockEventText            Event text explaining what is locked
> +  @param[in] LockType                 Enumerated lock type for differentiation
> +
> +**/
> +VOID
> +EFIAPI
> +SecurityLockReportEvent (
> +  IN GUID           *Module,
> +  IN CONST CHAR8    *Function,
> +  IN CONST CHAR8    *LockEventText,
> +  IN LOCK_TYPE      LockType
> +  );
> +
> +#endif

(1) Has support for conversion specifiers (i.e., a format string) been
considered?

Thanks!
Laszlo

> diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
> index 12e0bbf579..ee2828dd8e 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -153,6 +153,10 @@
>    #
>    DisplayUpdateProgressLib|Include/Library/DisplayUpdateProgressLib.h
>  
> +  ##  @libraryclass  Provides a way for logging security locks
> +  #
> +  SecurityLockAuditLib|Include/Library/SecurityLockAuditLib.h
> +
>  [Guids]
>    ## MdeModule package token space guid
>    # Include/Guid/MdeModulePkgTokenSpace.h
>