From nobody Sun May 19 15:58:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102907+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102907+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1681322212; cv=none; d=zohomail.com; s=zohoarc; b=Iphq47GFsvBs3cX13qaMJAxzilvJGhNkrWH39BMfsbKO98hozxB0N2j4X93EgjsbHRbBBE5/+s0MkNBFt5iFfPuTDYPvPN05sFqUKf4usiyjyi/CmobyfHNWWw3OCLzaPuop08E1MDhNEZeARmKzMHdxmvC71h9dUWsMmwFR9T0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1681322212; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=Hb9N3gJr6dLKkFy6e8JWUAUNt4i/MgrncyAyOP8cSzs=; b=S/kTMCx0TdXhGn8Z1Vk1KPrhXZn0qwv7N3aj7fNBs8zC5juhkl1chQuA/r6z2jBXFHxkF5OlxHspu8Fx419A11QBbOOjulThv4vnopWR7TzApeGX89bhaFjH1ABQlcSIOIQ1RdCElfeOINLAuoawR7SDJp+rOguT933fJMs01S8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102907+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1681322212174803.240852689108; Wed, 12 Apr 2023 10:56:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZLtBYY1788612xM8rU3ypuAd; Wed, 12 Apr 2023 10:56:51 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.35694.1681275607965036880 for ; Tue, 11 Apr 2023 22:00:08 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10677"; a="345594893" X-IronPort-AV: E=Sophos;i="5.98,338,1673942400"; d="scan'208";a="345594893" X-Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2023 22:00:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10677"; a="666208735" X-IronPort-AV: E=Sophos;i="5.98,338,1673942400"; d="scan'208";a="666208735" X-Received: from linusliu-desk1.gar.corp.intel.com ([10.5.215.134]) by orsmga006.jf.intel.com with ESMTP; 11 Apr 2023 22:00:06 -0700 From: "Linus Liu" To: devel@edk2.groups.io Cc: Linus Liu , Jiewen Yao , Maggie Chu Subject: [edk2-devel] [PATCH v1] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Date: Tue, 11 Apr 2023 22:00:01 -0700 Message-Id: <20230412050001.928-1-linus.liu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,linus.liu@intel.com X-Gm-Message-State: 9EfeBBBRDH3KW0NysDApZPfax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1681322211; bh=USRZSmBHqaFN26qmpu33dVksocQO/Iy93eyjRNNDPKE=; h=Cc:Date:From:Reply-To:Subject:To; b=kUz1CI2TKYuugm8mpg/PwiuhXCqt/dpj1A0yIQGk2Mr3zBwLwrLH93jTlcLK7xXShUN 5lCeiKOt91s8ZW4EFS8+RgVIwMvyb59gv0CVEo6GlIugHgMuvoUVQ2sEtAxI81Pw6eYbL alLk8yCADMc5m032lVEi38z7g1lnQbqgAaQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1681322213974100033 Content-Type: text/plain; charset="utf-8" From: Linus Liu REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c Cc: Jiewen Yao Cc: Maggie Chu Signed-off-by: Linus Liu --- SecurityPkg/HddPassword/HddPasswordDxe.c | 28 ++++++++++++-------- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass= word/HddPasswordDxe.c index 55dfb25886..6f36b5a0a2 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ =20 #include "HddPasswordDxe.h" +#include =20 EFI_GUID mHddPasswordVendorGuid =3D HDD_PASSWORD_CONFIG_GUID; CHAR16 mHddPasswordVendorStorageName[] =3D L"HDD_PASSWORD_CONFIG"; @@ -2818,11 +2819,11 @@ HddPasswordDxeInit ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - VOID *Registration; - EFI_EVENT EndOfDxeEvent; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + VOID *Registration; + EFI_EVENT EndOfDxeEvent; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; =20 Private =3D NULL; =20 @@ -2858,13 +2859,18 @@ HddPasswordDxeInit ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (= VOID **)&VariableLock); + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,= (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) { - Status =3D VariableLock->RequestToLock ( - VariableLock, - HDD_PASSWORD_VARIABLE_NAME, - &mHddPasswordVendorGuid - ); + Status =3D RegisterBasicVariablePolicy ( + VariablePolicy, + &mHddPasswordVendorGuid, + HDD_PASSWORD_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PAS= SWORD_VARIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status); } diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPass= word/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include =20 #include #include diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPa= ssword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib + VariablePolicyHelperLib S3BootScriptLib PciLib BaseCryptLib @@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassThruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid ## CONSUMES - gEdkiiVariableLockProtocolGuid ## CONSUMES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES =20 [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro= visionLib/SecureBootVariableProvisionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf =20 [LibraryClasses.ARM, LibraryClasses.AARCH64] # --=20 2.33.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102907): https://edk2.groups.io/g/devel/message/102907 Mute This Topic: https://groups.io/mt/98224857/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-