From: "Laszlo Ersek" <lersek@redhat.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
gaoliming <gaoliming@byosoft.com.cn>,
'Ard Biesheuvel' <ard.biesheuvel@arm.com>,
'Masahisa Kojima' <masahisa.kojima@linaro.org>,
'edk2-devel-groups-io' <devel@edk2.groups.io>
Cc: "Bret.Barkelew@microsoft.com" <Bret.Barkelew@microsoft.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Wu, Hao A" <hao.a.wu@intel.com>,
'Sami Mujawar' <sami.mujawar@arm.com>
Subject: Re: VariablePolicy support in StandaloneMM
Date: Thu, 3 Dec 2020 10:14:22 +0100 [thread overview]
Message-ID: <c23fdcdd-7fcc-e270-dc86-4dc38839d24e@redhat.com> (raw)
In-Reply-To: <CY4PR11MB12883D369B5738233164FCFC8CF30@CY4PR11MB1288.namprd11.prod.outlook.com>
On 12/02/20 13:06, Yao, Jiewen wrote:
> There are two issues:
>
> 1) Current VarCheckPolicyLib.inf does have DxeServicesLib, although the VarCheckPolicyLib.c does not include DxeServicesLib.h.
>
> 2) The current lib construction is traditional MM style.
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
> IN EFI_HANDLE ImageHandle,
> IN EFI_SYSTEM_TABLE *SystemTable
> )
>
> ===============================
>
> I agree with Liming that we need StandaloneMM instance.
> We can do below:
> 0) Remove DxeServicesLib from INF.
>
> 1) Redefine
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
> IN EFI_HANDLE ImageHandle,
> IN EFI_SYSTEM_TABLE *SystemTable
> )
> {}
> to
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibCommonConstructor (
> VOID
> )
> {}
>
> 2) Create a VarCheckPolicyLibTraditional.c, with below
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibConstructor (
> IN EFI_HANDLE ImageHandle,
> IN EFI_SYSTEM_TABLE *SystemTable
> )
> {
> return VarCheckPolicyLibCommonConstructor();
> }
>
> 3) Create VarCheckPolicyLibStandaloneMm.inf and VarCheckPolicyLibStandaloneMm.c under MdeModulePkg\Library\VarCheckPolicyLib (same dir)
> With below
> EFI_STATUS
> EFIAPI
> VarCheckPolicyLibStandaloneConstructor (
> IN EFI_HANDLE ImageHandle,
> IN EFI_MM_SYSTEM_TABLE *MmSystemTable
> )
> {
> return VarCheckPolicyLibCommonConstructor();
> }
>
> Maybe there is some other clean up needed.
>
> ===============================
>
> At same time, we may need think about how to avoid the similar issue.
> 1) Maybe we should enable StandaloneMmPkg for CI build ?
> 2) I am a little surprised, why this is a runtime error instead of a build error ?
Thanks -- I have nothing to add. We need to extend CI coverage, and
indeed a new lib instance for this specific standalone MM module type
(if I understand correctly).
Sorry I can't be of more help.
Laszlo
>
> Thank you
> Yao Jiewen
>
>
>> -----Original Message-----
>> From: gaoliming <gaoliming@byosoft.com.cn>
>> Sent: Wednesday, December 2, 2020 5:42 PM
>> To: 'Ard Biesheuvel' <ard.biesheuvel@arm.com>; 'Masahisa Kojima'
>> <masahisa.kojima@linaro.org>; 'edk2-devel-groups-io'
>> <devel@edk2.groups.io>
>> Cc: Bret.Barkelew@microsoft.com; Wang, Jian J <jian.j.wang@intel.com>;
>> Wu, Hao A <hao.a.wu@intel.com>; 'Sami Mujawar'
>> <sami.mujawar@arm.com>; Yao, Jiewen <jiewen.yao@intel.com>; 'Laszlo
>> Ersek' <lersek@redhat.com>
>> Subject: 回复: VariablePolicy support in StandaloneMM
>>
>> I just quick check. VarCheckPolicyLib doesn't consume DxeServicesLib. But,
>> VarCheckPolicyLib library doesn't StandaloneMM type.
>>
>> So, I think StandaloneMM version VarCheckPolicyLib is required.
>>
>> Thanks
>> Liming
>>> -----邮件原件-----
>>> 发件人: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>> 发送时间: 2020年12月2日 17:02
>>> 收件人: Masahisa Kojima <masahisa.kojima@linaro.org>;
>>> edk2-devel-groups-io <devel@edk2.groups.io>
>>> 抄送: Bret.Barkelew@microsoft.com; jian.j.wang@intel.com;
>>> hao.a.wu@intel.com; gaoliming@byosoft.com.cn; Sami Mujawar
>>> <sami.mujawar@arm.com>; jiewen.yao@intel.com; Laszlo Ersek
>>> <lersek@redhat.com>
>>> 主题: Re: VariablePolicy support in StandaloneMM
>>>
>>> (+ Laszlo)
>>>
>>> On 12/2/20 9:57 AM, Masahisa Kojima wrote:
>>>> Hello All,
>>>>
>>>> VariablePolicy was introduced in November.
>>>> When Developerbox(aarch64 platform) boots with UEFI secure boot
>>> enabled,
>>>> the following error appears.
>>>> Note that this platform supports UEFI secure boot using the standalone
>>>> MM framework.
>>>>
>>>> --- StandaloneMM log ---
>>>> VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not
>> Ready
>>>>
>>>> ASSERT_EFI_ERROR (Status = Not Ready)
>>>> ASSERT [VariableStandaloneMm]
>>>>
>>>
>> /home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeD
>> x
>>> e/VariableLockRequestToLock.c(64):
>>>> !EFI_ERROR (Status)
>>>> MmEntryPoint Done
>>>> ---
>>>>
>>>> In my check, this is simply because
>>>>
>>>
>> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePol
>> i
>>> cyLib()
>>>> is not called.
>>>>
>>>> InitVariablePolicyLib() is called from the following two files.
>>>> ---
>>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c:
>>> Status
>>>> = InitVariablePolicyLib( VariableServiceGetVariable );
>>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c: Status
>>> =
>>>> InitVariablePolicyLib (VariableServiceGetVariable);
>>>> ---
>>>> VariableDxe.c is not for MM_STANDALONE, so I tried to use
>>>> "VarCheckPolicyLib" as VarCheckLib,
>>>> but "VarCheckPolicyLib" requires
>>>> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and
>>>> DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here.
>>>>
>>>> Could you please take a look at this error?
>>>>
>>>
>>> Thanks for the report.
>>>
>>> Bret, could you please suggest a fix here?
>>
>
next prev parent reply other threads:[~2020-12-03 9:14 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 8:57 VariablePolicy support in StandaloneMM Masahisa Kojima
2020-12-02 9:02 ` Ard Biesheuvel
2020-12-02 9:41 ` 回复: " gaoliming
2020-12-02 12:06 ` Yao, Jiewen
2020-12-03 9:14 ` Laszlo Ersek [this message]
2020-12-03 21:58 ` [edk2-devel] " Kun Qin
2020-12-14 6:14 ` Masahisa Kojima
2020-12-14 22:20 ` Kun Qin
2020-12-16 11:53 ` Masahisa Kojima
2020-12-16 17:52 ` Kun Qin
2020-12-17 1:10 ` 回复: " gaoliming
2020-12-17 1:56 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c23fdcdd-7fcc-e270-dc86-4dc38839d24e@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox