public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Laszlo Ersek" <lersek@redhat.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
	gaoliming <gaoliming@byosoft.com.cn>,
	'Ard Biesheuvel' <ard.biesheuvel@arm.com>,
	'Masahisa Kojima' <masahisa.kojima@linaro.org>,
	'edk2-devel-groups-io' <devel@edk2.groups.io>
Cc: "Bret.Barkelew@microsoft.com" <Bret.Barkelew@microsoft.com>,
	"Wang, Jian J" <jian.j.wang@intel.com>,
	"Wu, Hao A" <hao.a.wu@intel.com>,
	'Sami Mujawar' <sami.mujawar@arm.com>
Subject: Re: VariablePolicy support in StandaloneMM
Date: Thu, 3 Dec 2020 10:14:22 +0100	[thread overview]
Message-ID: <c23fdcdd-7fcc-e270-dc86-4dc38839d24e@redhat.com> (raw)
In-Reply-To: <CY4PR11MB12883D369B5738233164FCFC8CF30@CY4PR11MB1288.namprd11.prod.outlook.com>

On 12/02/20 13:06, Yao, Jiewen wrote:
> There are two issues:
> 
> 1) Current VarCheckPolicyLib.inf does have DxeServicesLib, although the VarCheckPolicyLib.c does not include DxeServicesLib.h.
> 
> 2) The current lib construction is traditional MM style.
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_SYSTEM_TABLE       *SystemTable
>   )
> 
> ===============================
> 
> I agree with Liming that we need StandaloneMM instance. 
> We can do below:
> 0) Remove DxeServicesLib from INF.
> 
> 1) Redefine
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_SYSTEM_TABLE       *SystemTable
>   )
> {}
> to 
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibCommonConstructor (
>   VOID
>   )
> {}
> 
> 2) Create a VarCheckPolicyLibTraditional.c, with below
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_SYSTEM_TABLE       *SystemTable
>   )
> {
>   return VarCheckPolicyLibCommonConstructor();
> }
> 
> 3) Create VarCheckPolicyLibStandaloneMm.inf and VarCheckPolicyLibStandaloneMm.c under MdeModulePkg\Library\VarCheckPolicyLib (same dir)
> With below
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibStandaloneConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_MM_SYSTEM_TABLE       *MmSystemTable
>   )
> {
>   return VarCheckPolicyLibCommonConstructor();
> }
> 
> Maybe there is some other clean up needed.
> 
> ===============================
> 
> At same time, we may need think about how to avoid the similar issue.
> 1) Maybe we should enable StandaloneMmPkg for CI build ?
> 2) I am a little surprised, why this is a runtime error instead of a build error ?

Thanks -- I have nothing to add. We need to extend CI coverage, and
indeed a new lib instance for this specific standalone MM module type
(if I understand correctly).

Sorry I can't be of more help.

Laszlo

> 
> Thank you
> Yao Jiewen
> 
> 
>> -----Original Message-----
>> From: gaoliming <gaoliming@byosoft.com.cn>
>> Sent: Wednesday, December 2, 2020 5:42 PM
>> To: 'Ard Biesheuvel' <ard.biesheuvel@arm.com>; 'Masahisa Kojima'
>> <masahisa.kojima@linaro.org>; 'edk2-devel-groups-io'
>> <devel@edk2.groups.io>
>> Cc: Bret.Barkelew@microsoft.com; Wang, Jian J <jian.j.wang@intel.com>;
>> Wu, Hao A <hao.a.wu@intel.com>; 'Sami Mujawar'
>> <sami.mujawar@arm.com>; Yao, Jiewen <jiewen.yao@intel.com>; 'Laszlo
>> Ersek' <lersek@redhat.com>
>> Subject: 回复: VariablePolicy support in StandaloneMM
>>
>> I just quick check. VarCheckPolicyLib doesn't consume DxeServicesLib. But,
>> VarCheckPolicyLib library doesn't StandaloneMM type.
>>
>> So, I think StandaloneMM version VarCheckPolicyLib is required.
>>
>> Thanks
>> Liming
>>> -----邮件原件-----
>>> 发件人: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>> 发送时间: 2020年12月2日 17:02
>>> 收件人: Masahisa Kojima <masahisa.kojima@linaro.org>;
>>> edk2-devel-groups-io <devel@edk2.groups.io>
>>> 抄送: Bret.Barkelew@microsoft.com; jian.j.wang@intel.com;
>>> hao.a.wu@intel.com; gaoliming@byosoft.com.cn; Sami Mujawar
>>> <sami.mujawar@arm.com>; jiewen.yao@intel.com; Laszlo Ersek
>>> <lersek@redhat.com>
>>> 主题: Re: VariablePolicy support in StandaloneMM
>>>
>>> (+ Laszlo)
>>>
>>> On 12/2/20 9:57 AM, Masahisa Kojima wrote:
>>>> Hello All,
>>>>
>>>> VariablePolicy was introduced in November.
>>>> When Developerbox(aarch64 platform) boots with UEFI secure boot
>>> enabled,
>>>> the following error appears.
>>>> Note that this platform supports UEFI secure boot using the standalone
>>>> MM framework.
>>>>
>>>> --- StandaloneMM log ---
>>>> VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not
>> Ready
>>>>
>>>> ASSERT_EFI_ERROR (Status = Not Ready)
>>>> ASSERT [VariableStandaloneMm]
>>>>
>>>
>> /home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeD
>> x
>>> e/VariableLockRequestToLock.c(64):
>>>> !EFI_ERROR (Status)
>>>> MmEntryPoint Done
>>>> ---
>>>>
>>>> In my check, this is simply because
>>>>
>>>
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePol
>> i
>>> cyLib()
>>>> is not called.
>>>>
>>>> InitVariablePolicyLib() is called from the following two files.
>>>> ---
>>>>   MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c:
>>> Status
>>>> = InitVariablePolicyLib( VariableServiceGetVariable );
>>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c:  Status
>>> =
>>>> InitVariablePolicyLib (VariableServiceGetVariable);
>>>> ---
>>>> VariableDxe.c is not for MM_STANDALONE, so I tried to use
>>>> "VarCheckPolicyLib" as VarCheckLib,
>>>> but "VarCheckPolicyLib" requires
>>>> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and
>>>> DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here.
>>>>
>>>> Could you please take a look at this error?
>>>>
>>>
>>> Thanks for the report.
>>>
>>> Bret, could you please suggest a fix here?
>>
> 


  reply	other threads:[~2020-12-03  9:14 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-02  8:57 VariablePolicy support in StandaloneMM Masahisa Kojima
2020-12-02  9:02 ` Ard Biesheuvel
2020-12-02  9:41   ` 回复: " gaoliming
2020-12-02 12:06     ` Yao, Jiewen
2020-12-03  9:14       ` Laszlo Ersek [this message]
2020-12-03 21:58       ` [edk2-devel] " Kun Qin
2020-12-14  6:14         ` Masahisa Kojima
2020-12-14 22:20           ` Kun Qin
2020-12-16 11:53             ` Masahisa Kojima
2020-12-16 17:52               ` Kun Qin
2020-12-17  1:10               ` 回复: " gaoliming
2020-12-17  1:56                 ` Masahisa Kojima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c23fdcdd-7fcc-e270-dc86-4dc38839d24e@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox