From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web12.7583.1606986872316978178 for ; Thu, 03 Dec 2020 01:14:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Eho/vTgn; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606986871; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6JBiWV7T3ig+tZIlo7MNZnDNNlzrxrytOso9lZw4zio=; b=Eho/vTgnCOlAw34exSGQeVZlJKq2rhuAiBbdNSXlYZixEHF1kLb4CTTY79nzdJFzHNc8qu FOQgWo/vRjJvepS+Ln2SaBntbBo8WZtSAZLxS7MoQb+5p8bLy/SMioYtomEOjEgOWkuXX6 S9PinClFZJq/Vnq0oxtzeA2SODW0zGo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-457-htet3KF7Ne-13Tyay-I5pA-1; Thu, 03 Dec 2020 04:14:29 -0500 X-MC-Unique: htet3KF7Ne-13Tyay-I5pA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5A9DD805C0F; Thu, 3 Dec 2020 09:14:26 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-182.ams2.redhat.com [10.36.113.182]) by smtp.corp.redhat.com (Postfix) with ESMTP id E52F610023B1; Thu, 3 Dec 2020 09:14:23 +0000 (UTC) Subject: Re: VariablePolicy support in StandaloneMM To: "Yao, Jiewen" , gaoliming , 'Ard Biesheuvel' , 'Masahisa Kojima' , 'edk2-devel-groups-io' Cc: "Bret.Barkelew@microsoft.com" , "Wang, Jian J" , "Wu, Hao A" , 'Sami Mujawar' References: <26f3dd80-0cda-c592-2482-000beada4c91@arm.com> <001f01d6c88f$5e394b60$1aabe220$@byosoft.com.cn> From: "Laszlo Ersek" Message-ID: Date: Thu, 3 Dec 2020 10:14:22 +0100 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 12/02/20 13:06, Yao, Jiewen wrote: > There are two issues: > > 1) Current VarCheckPolicyLib.inf does have DxeServicesLib, although the VarCheckPolicyLib.c does not include DxeServicesLib.h. > > 2) The current lib construction is traditional MM style. > EFI_STATUS > EFIAPI > VarCheckPolicyLibConstructor ( > IN EFI_HANDLE ImageHandle, > IN EFI_SYSTEM_TABLE *SystemTable > ) > > =============================== > > I agree with Liming that we need StandaloneMM instance. > We can do below: > 0) Remove DxeServicesLib from INF. > > 1) Redefine > EFI_STATUS > EFIAPI > VarCheckPolicyLibConstructor ( > IN EFI_HANDLE ImageHandle, > IN EFI_SYSTEM_TABLE *SystemTable > ) > {} > to > EFI_STATUS > EFIAPI > VarCheckPolicyLibCommonConstructor ( > VOID > ) > {} > > 2) Create a VarCheckPolicyLibTraditional.c, with below > EFI_STATUS > EFIAPI > VarCheckPolicyLibConstructor ( > IN EFI_HANDLE ImageHandle, > IN EFI_SYSTEM_TABLE *SystemTable > ) > { > return VarCheckPolicyLibCommonConstructor(); > } > > 3) Create VarCheckPolicyLibStandaloneMm.inf and VarCheckPolicyLibStandaloneMm.c under MdeModulePkg\Library\VarCheckPolicyLib (same dir) > With below > EFI_STATUS > EFIAPI > VarCheckPolicyLibStandaloneConstructor ( > IN EFI_HANDLE ImageHandle, > IN EFI_MM_SYSTEM_TABLE *MmSystemTable > ) > { > return VarCheckPolicyLibCommonConstructor(); > } > > Maybe there is some other clean up needed. > > =============================== > > At same time, we may need think about how to avoid the similar issue. > 1) Maybe we should enable StandaloneMmPkg for CI build ? > 2) I am a little surprised, why this is a runtime error instead of a build error ? Thanks -- I have nothing to add. We need to extend CI coverage, and indeed a new lib instance for this specific standalone MM module type (if I understand correctly). Sorry I can't be of more help. Laszlo > > Thank you > Yao Jiewen > > >> -----Original Message----- >> From: gaoliming >> Sent: Wednesday, December 2, 2020 5:42 PM >> To: 'Ard Biesheuvel' ; 'Masahisa Kojima' >> ; 'edk2-devel-groups-io' >> >> Cc: Bret.Barkelew@microsoft.com; Wang, Jian J ; >> Wu, Hao A ; 'Sami Mujawar' >> ; Yao, Jiewen ; 'Laszlo >> Ersek' >> Subject: 回复: VariablePolicy support in StandaloneMM >> >> I just quick check. VarCheckPolicyLib doesn't consume DxeServicesLib. But, >> VarCheckPolicyLib library doesn't StandaloneMM type. >> >> So, I think StandaloneMM version VarCheckPolicyLib is required. >> >> Thanks >> Liming >>> -----邮件原件----- >>> 发件人: Ard Biesheuvel >>> 发送时间: 2020年12月2日 17:02 >>> 收件人: Masahisa Kojima ; >>> edk2-devel-groups-io >>> 抄送: Bret.Barkelew@microsoft.com; jian.j.wang@intel.com; >>> hao.a.wu@intel.com; gaoliming@byosoft.com.cn; Sami Mujawar >>> ; jiewen.yao@intel.com; Laszlo Ersek >>> >>> 主题: Re: VariablePolicy support in StandaloneMM >>> >>> (+ Laszlo) >>> >>> On 12/2/20 9:57 AM, Masahisa Kojima wrote: >>>> Hello All, >>>> >>>> VariablePolicy was introduced in November. >>>> When Developerbox(aarch64 platform) boots with UEFI secure boot >>> enabled, >>>> the following error appears. >>>> Note that this platform supports UEFI secure boot using the standalone >>>> MM framework. >>>> >>>> --- StandaloneMM log --- >>>> VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not >> Ready >>>> >>>> ASSERT_EFI_ERROR (Status = Not Ready) >>>> ASSERT [VariableStandaloneMm] >>>> >>> >> /home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeD >> x >>> e/VariableLockRequestToLock.c(64): >>>> !EFI_ERROR (Status) >>>> MmEntryPoint Done >>>> --- >>>> >>>> In my check, this is simply because >>>> >>> >> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePol >> i >>> cyLib() >>>> is not called. >>>> >>>> InitVariablePolicyLib() is called from the following two files. >>>> --- >>>> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c: >>> Status >>>> = InitVariablePolicyLib( VariableServiceGetVariable ); >>>> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c: Status >>> = >>>> InitVariablePolicyLib (VariableServiceGetVariable); >>>> --- >>>> VariableDxe.c is not for MM_STANDALONE, so I tried to use >>>> "VarCheckPolicyLib" as VarCheckLib, >>>> but "VarCheckPolicyLib" requires >>>> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and >>>> DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here. >>>> >>>> Could you please take a look at this error? >>>> >>> >>> Thanks for the report. >>> >>> Bret, could you please suggest a fix here? >> >