From nobody Mon Feb 9 00:30:56 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+60530+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+60530+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1591031805; cv=none; d=zohomail.com; s=zohoarc; b=bgCdvnJ5QTGNXnmEf20OXGMagEkelJoFO8xxFP5d/Vl+crvTxIBuaoZCS+xCriF6Sdjxn2JbubP+g9TckGdSNhFEa60GCz95htSm96WIyj95BVsDL2BUSEloaM3J3I2DgwNryTcCZlupGv9wy7otOIJa8REy8RKxkeSL18pQ5hg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1591031805; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=VOEEyuM412BWE1Y86YJa8FiuiFLQawjapCBmJvdxlEE=; b=WX5RMXcoDZ+bJcf2HZYtjZ0Vb3AtXX+AMdHbRHqjOWzEf7AhNOq+srN0mtcU0eFqBBXRJizkMwv/c8R78rj5gV4LQZMRcdt0JEKA2yEu+RRIBKQ3+s+VvZVulGqQCe9dgHjyHsAspuIeFDrTBmvLuHaplWKG/sDV7fimYyJvEVM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+60530+1787277+3901457@groups.io Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1591031805148635.754061530839; Mon, 1 Jun 2020 10:16:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id trkLYY1788612xcVocI43HmN; Mon, 01 Jun 2020 10:16:44 -0700 X-Received: from mail-pj1-f65.google.com (mail-pj1-f65.google.com [209.85.216.65]) by mx.groups.io with SMTP id smtpd.web12.41414.1591029214904072224 for ; Mon, 01 Jun 2020 09:33:34 -0700 X-Received: by mail-pj1-f65.google.com with SMTP id h95so57229pje.4 for ; Mon, 01 Jun 2020 09:33:34 -0700 (PDT) X-Gm-Message-State: FquYm8dGDY4JXlkk68MndJQwx1787277AA= X-Google-Smtp-Source: ABdhPJx32kfU3pqWslG6F6b+ywn4mItNFaN73arkRBBu6TqYhFsni+UiXXddiym1tH5EmPUSYTe1AQ== X-Received: by 2002:a17:902:7281:: with SMTP id d1mr21740991pll.78.1591029214263; Mon, 01 Jun 2020 09:33:34 -0700 (PDT) X-Received: from localhost.localdomain ([71.212.144.72]) by smtp.gmail.com with ESMTPSA id np5sm91178pjb.43.2020.06.01.09.33.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jun 2020 09:33:33 -0700 (PDT) From: Bret Barkelew X-Google-Original-From: Bret Barkelew To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao Subject: [edk2-devel] [PATCH v4 10/14] MdeModulePkg: Allow VariablePolicy state to delete protected variables Date: Mon, 1 Jun 2020 09:33:06 -0700 Message-Id: <20200601163310.1718-11-brbarkel@microsoft.com> In-Reply-To: <20200601163310.1718-1-brbarkel@microsoft.com> References: <20200601163310.1718-1-brbarkel@microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,bret@corthon.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1591031804; bh=fcxw1gY8ZeWDKZSvTJK0MFhuLQmPqiIuox/41ePKOPw=; h=Cc:Date:From:Reply-To:Subject:To; b=VlbOwrfjNReuwVZCKp9nb3jsLu2YH1K/RV+Kv5shYbsSS+O+kjznVOol9fkLrajgW+G u1L9+gpHc2Jyi5ZEkGowK4lvC/5foigHZLMDLrV9ArPIaeyZXhtgq1LKIB9w7kWmWDmM9 IW5XtW1rOoqUkF0zPGZ3uVOV2MnSkfYRwzo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 TcgMorLockSmm provides special protections for the TCG MOR variables. This will check IsVariablePolicyEnabled() before enforcing them to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Bret Barkelew --- MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 10 += +++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 2 ++ 2 files changed, 12 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/M= deModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index 6d80eb64341a..085f82035f4b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -5,6 +5,7 @@ This module adds Variable Hook and check MemoryOverwriteRequestControlLo= ck. =20 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include "Variable.h" =20 +#include + +#include + typedef struct { CHAR16 *VariableName; EFI_GUID *VendorGuid; @@ -341,6 +346,11 @@ SetVariableCheckHandlerMor ( return EFI_SUCCESS; } =20 + // Permit deletion when policy is disabled. + if (!IsVariablePolicyEnabled() && ((Attributes =3D=3D 0) || (DataSize = =3D=3D 0))) { + return EFI_SUCCESS; + } + // // MorLock variable // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneM= m.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 6e17f6cdf588..d8f480be27cc 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -20,6 +20,7 @@ # # Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
# Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+# Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -74,6 +75,7 @@ [LibraryClasses] StandaloneMmDriverEntryPoint SynchronizationLib VarCheckLib + VariablePolicyLib =20 [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES --=20 2.26.2.windows.1.8.g01c50adf56.20200515075929 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#60530): https://edk2.groups.io/g/devel/message/60530 Mute This Topic: https://groups.io/mt/74609732/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-