Re: VariablePolicy support in StandaloneMM

["Laszlo Ersek" <lersek@redhat.com>]

On 12/02/20 13:06, Yao, Jiewen wrote:
> There are two issues:
> 
> 1) Current VarCheckPolicyLib.inf does have DxeServicesLib, although the VarCheckPolicyLib.c does not include DxeServicesLib.h.
> 
> 2) The current lib construction is traditional MM style.
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_SYSTEM_TABLE       *SystemTable
>   )
> 
> ===============================
> 
> I agree with Liming that we need StandaloneMM instance. 
> We can do below:
> 0) Remove DxeServicesLib from INF.
> 
> 1) Redefine
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_SYSTEM_TABLE       *SystemTable
>   )
> {}
> to 
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibCommonConstructor (
>   VOID
>   )
> {}
> 
> 2) Create a VarCheckPolicyLibTraditional.c, with below
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_SYSTEM_TABLE       *SystemTable
>   )
> {
>   return VarCheckPolicyLibCommonConstructor();
> }
> 
> 3) Create VarCheckPolicyLibStandaloneMm.inf and VarCheckPolicyLibStandaloneMm.c under MdeModulePkg\Library\VarCheckPolicyLib (same dir)
> With below
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibStandaloneConstructor (
>   IN EFI_HANDLE             ImageHandle,
>   IN EFI_MM_SYSTEM_TABLE       *MmSystemTable
>   )
> {
>   return VarCheckPolicyLibCommonConstructor();
> }
> 
> Maybe there is some other clean up needed.
> 
> ===============================
> 
> At same time, we may need think about how to avoid the similar issue.
> 1) Maybe we should enable StandaloneMmPkg for CI build ?
> 2) I am a little surprised, why this is a runtime error instead of a build error ?

Thanks -- I have nothing to add. We need to extend CI coverage, and
indeed a new lib instance for this specific standalone MM module type
(if I understand correctly).

Sorry I can't be of more help.

Laszlo

> 
> Thank you
> Yao Jiewen
> 
> 
>> -----Original Message-----
>> From: gaoliming <gaoliming@byosoft.com.cn>
>> Sent: Wednesday, December 2, 2020 5:42 PM
>> To: 'Ard Biesheuvel' <ard.biesheuvel@arm.com>; 'Masahisa Kojima'
>> <masahisa.kojima@linaro.org>; 'edk2-devel-groups-io'
>> <devel@edk2.groups.io>
>> Cc: Bret.Barkelew@microsoft.com; Wang, Jian J <jian.j.wang@intel.com>;
>> Wu, Hao A <hao.a.wu@intel.com>; 'Sami Mujawar'
>> <sami.mujawar@arm.com>; Yao, Jiewen <jiewen.yao@intel.com>; 'Laszlo
>> Ersek' <lersek@redhat.com>
>> Subject: 回复: VariablePolicy support in StandaloneMM
>>
>> I just quick check. VarCheckPolicyLib doesn't consume DxeServicesLib. But,
>> VarCheckPolicyLib library doesn't StandaloneMM type.
>>
>> So, I think StandaloneMM version VarCheckPolicyLib is required.
>>
>> Thanks
>> Liming
>>> -----邮件原件-----
>>> 发件人: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>> 发送时间: 2020年12月2日 17:02
>>> 收件人: Masahisa Kojima <masahisa.kojima@linaro.org>;
>>> edk2-devel-groups-io <devel@edk2.groups.io>
>>> 抄送: Bret.Barkelew@microsoft.com; jian.j.wang@intel.com;
>>> hao.a.wu@intel.com; gaoliming@byosoft.com.cn; Sami Mujawar
>>> <sami.mujawar@arm.com>; jiewen.yao@intel.com; Laszlo Ersek
>>> <lersek@redhat.com>
>>> 主题: Re: VariablePolicy support in StandaloneMM
>>>
>>> (+ Laszlo)
>>>
>>> On 12/2/20 9:57 AM, Masahisa Kojima wrote:
>>>> Hello All,
>>>>
>>>> VariablePolicy was introduced in November.
>>>> When Developerbox(aarch64 platform) boots with UEFI secure boot
>>> enabled,
>>>> the following error appears.
>>>> Note that this platform supports UEFI secure boot using the standalone
>>>> MM framework.
>>>>
>>>> --- StandaloneMM log ---
>>>> VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not
>> Ready
>>>>
>>>> ASSERT_EFI_ERROR (Status = Not Ready)
>>>> ASSERT [VariableStandaloneMm]
>>>>
>>>
>> /home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeD
>> x
>>> e/VariableLockRequestToLock.c(64):
>>>> !EFI_ERROR (Status)
>>>> MmEntryPoint Done
>>>> ---
>>>>
>>>> In my check, this is simply because
>>>>
>>>
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePol
>> i
>>> cyLib()
>>>> is not called.
>>>>
>>>> InitVariablePolicyLib() is called from the following two files.
>>>> ---
>>>>   MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c:
>>> Status
>>>> = InitVariablePolicyLib( VariableServiceGetVariable );
>>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c:  Status
>>> =
>>>> InitVariablePolicyLib (VariableServiceGetVariable);
>>>> ---
>>>> VariableDxe.c is not for MM_STANDALONE, so I tried to use
>>>> "VarCheckPolicyLib" as VarCheckLib,
>>>> but "VarCheckPolicyLib" requires
>>>> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and
>>>> DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here.
>>>>
>>>> Could you please take a look at this error?
>>>>
>>>
>>> Thanks for the report.
>>>
>>> Bret, could you please suggest a fix here?
>>
>