From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 85F9C941CE3 for ; Mon, 23 Oct 2023 18:15:43 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=BVXZAenbNhTL29QmLElB1C0h8Q/mXEs5FjWNklAn4U0=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:From:To:Cc:Reply-To:References:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1698084942; v=1; b=EU4G/JOMYUV1gBClMkVDr4YT9++pWsTGONUxZyLYDSHyGLpwXQZuDyhb/Bfgd6+iAoCLGrXZ TWDsYRXUNLPOUIOcw3EAmhsDrD8IhRVzLf2mNbXzhCm1IFVTg03NI/Xc/1nUTIOAz6746DRihMR 1Cn6Czz5HijUkvoXJFYOYYOw= X-Received: by 127.0.0.2 with SMTP id jbqYYY7687511x7tIbymSdud; Mon, 23 Oct 2023 11:15:42 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.128400.1698084941449808891 for ; Mon, 23 Oct 2023 11:15:41 -0700 X-Received: from [192.168.4.22] (unknown [47.201.241.95]) by linux.microsoft.com (Postfix) with ESMTPSA id 9290220B74C0; Mon, 23 Oct 2023 11:15:39 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9290220B74C0 Message-ID: Date: Mon, 23 Oct 2023 14:15:38 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v1 0/3] Add Variable Policy Audit and Shell Command From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Anatol Belski , Anthony Perard , Dandan Bi , Gerd Hoffmann , Hao A Wu , Jian J Wang , Jianyong Wu , Jiewen Yao , Jordan Justen , Julien Grall , Liming Gao , Michael D Kinney , Zhichao Gao Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com References: <178653656C780AFD.28522@groups.io> In-Reply-To: <178653656C780AFD.28522@groups.io> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 7n0VdXjM9pvyqRSvx9qadC9zx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="EU4G/JOM"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io A reminder to review this series. Regards, Michael On 9/19/2023 10:32 AM, Michael Kubacki wrote: > From: Michael Kubacki >=20 > Adds a new module (dynamic shell command) to ShellPkg that lists > variable policy information for all UEFI variables on the system. >=20 > Some other UEFI variable related functionality is also included to > give a greater sense of platform UEFI variable state. >=20 > Like all dynamic shell commands, a platform only needs to include > VariablePolicyDynamicCommand.inf in their flash image to have > the command registered in their UEFI shell. >=20 > The shell command is added to OvmfPkg so it is available in an > easily obtainable virtual platform. >=20 > This is being made available to ease auditing and enabling of UEFI > variable policy to encourage its adoption for securing UEFI > variables. >=20 > --- >=20 > Command Help: >=20 > Lists UEFI variable policy information. >=20 > VARPOLICY [-p] [-s] [-v] >=20 > -p - The policy flag will print variable policy info for each variable= . >=20 > -s - The stats flag will print overall UEFI variable policy statistics= . >=20 > -v - The verbose flag indicates all known information should be printe= d. >=20 > This includes a dump of the corresponding UEFI variable data in > addition to all other UEFI variable policy information. >=20 > EXAMPLES: >=20 > * To dump all active UEFI variables: > fs0:\> varpolicy >=20 > * To include UEFI variable policy information: > varpolicy -p >=20 > * To include UEFI variable statistics: > varpolicy -s >=20 > Press ENTER to continue or 'Q' break: >=20 > --- >=20 > Images showing example output are available in the PR: > https://github.com/tianocore/edk2/pull/4835 >=20 > Cc: Anatol Belski > Cc: Anthony Perard > Cc: Dandan Bi > Cc: Gerd Hoffmann > Cc: Hao A Wu > Cc: Jian J Wang > Cc: Jianyong Wu > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Julien Grall > Cc: Liming Gao > Cc: Michael D Kinney > Cc: Zhichao Gao >=20 > Michael Kubacki (3): > MdeModulePkg/VariablePolicy: Add more granular variable policy > querying > ShellPkg: Add varpolicy dynamic shell command > OvmfPkg: Add varpolicy shell command >=20 > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c = | 174 +++- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c = | 304 ++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c = | 4 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c = | 346 ++++++- > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDyna= micCommand.c | 1009 ++++++++++++++++++++ > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h = | 39 +- > MdeModulePkg/Include/Library/VariablePolicyLib.h = | 107 +++ > MdeModulePkg/Include/Protocol/VariablePolicy.h = | 133 ++- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf = | 1 + > OvmfPkg/CloudHv/CloudHvX64.dsc = | 4 + > OvmfPkg/Microvm/MicrovmX64.dsc = | 4 + > OvmfPkg/OvmfPkgIa32.dsc = | 4 + > OvmfPkg/OvmfPkgIa32X64.dsc = | 4 + > OvmfPkg/OvmfPkgX64.dsc = | 4 + > OvmfPkg/OvmfXen.dsc = | 4 + > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDyna= micCommand.h | 94 ++ > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDyna= micCommand.inf | 56 ++ > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDyna= micCommand.uni | 86 ++ > ShellPkg/ShellPkg.dsc = | 1 + > 19 files changed, 2332 insertions(+), 46 deletions(-) > create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand= /VariablePolicyDynamicCommand.c > create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand= /VariablePolicyDynamicCommand.h > create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand= /VariablePolicyDynamicCommand.inf > create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand= /VariablePolicyDynamicCommand.uni >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109949): https://edk2.groups.io/g/devel/message/109949 Mute This Topic: https://groups.io/mt/102141559/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-