From nobody Mon Feb  9 09:34:34 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+65498+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)  smtp.mailfrom=bounce+27952+65498+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1600841328; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QoPmqQq97rNNnfXGmlKNlPT7LHnX3eML1RakPK/q6ejuODYKMTSyBydTGTE9B306/Xpv6hn7USmNO6qKovEHlXU4+UmDVZczEnECO27iqsV7wvf8pKbhervGP+nbg90Tw/tKbcAo/mOgALPg02lck4ahCRYboiHbacVGGf/GdP4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1600841328;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=sCwAsh5GMvdNz02t10TFNK4x4BptRebXj0HI2w9mQlM=;
	b=mKAihoAoR9ZEpBizf/qV2D8JvbpIC8tl2eIeGOVMHFiFiJWmZYborHxOzP1mrGTcXBqVSRwacqX1I/gtJ6ArNZzYKQN3sEkd/YpJtqlVfrchHshcSmcU7c6Gk++MXqLJnuPKRYDrrVDg4qaic+D45mFjbCzUF8QfgLBbO09U6E8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)  smtp.mailfrom=bounce+27952+65498+1787277+3901457@groups.io
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 16008413289881006.283345648791;
 Tue, 22 Sep 2020 23:08:48 -0700 (PDT)
Return-Path: <bounce+27952+65498+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id zM1XYY1788612xctYp3MrDkk;
 Tue, 22 Sep 2020 23:08:48 -0700
X-Received: from mail-pj1-f67.google.com (mail-pj1-f67.google.com
 [209.85.216.67])
 by mx.groups.io with SMTP id smtpd.web12.6836.1600841326267875456
 for <devel@edk2.groups.io>;
 Tue, 22 Sep 2020 23:08:46 -0700
X-Received: by mail-pj1-f67.google.com with SMTP id u3so2611594pjr.3
        for <devel@edk2.groups.io>; Tue, 22 Sep 2020 23:08:46 -0700 (PDT)
X-Gm-Message-State: gkXyfTU39gjmIGFG7YTlkoKix1787277AA=
X-Google-Smtp-Source: 
 ABdhPJyVaQK2LUyHp37Dr6mTVGJ8EyVBtITI1WIZNOhpnsfwjrgo0Uwf6a7+isEeaq/QcKCOeT1gTg==
X-Received: by 2002:a17:90b:4718:: with SMTP id
 jc24mr6598132pjb.214.1600841325345;
        Tue, 22 Sep 2020 23:08:45 -0700 (PDT)
X-Received: from localhost.localdomain (174-21-140-128.tukw.qwest.net.
 [174.21.140.128])
        by smtp.gmail.com with ESMTPSA id
 x4sm16960498pff.57.2020.09.22.23.08.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Sep 2020 23:08:44 -0700 (PDT)
From: "Bret Barkelew" <bret@corthon.com>
X-Google-Original-From: Bret Barkelew <bret.barkelew@microsoft.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Hao A Wu <hao.a.wu@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	Bret Barkelew <brbarkel@microsoft.com>,
	Dandan Bi <dandan.bi@intel.com>
Subject: [edk2-devel] [PATCH v8 04/14] MdeModulePkg: Define the
 VarCheckPolicyLib and SMM interface
Date: Tue, 22 Sep 2020 23:07:38 -0700
Message-Id: <20200923060748.3795-5-bret.barkelew@microsoft.com>
In-Reply-To: <20200923060748.3795-1-bret.barkelew@microsoft.com>
References: <20200923060748.3795-1-bret.barkelew@microsoft.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,bret@corthon.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1600841328;
 bh=AIe4TIV1dXXpPVfN0tMR4ELPh8bU7ydQqiZOSNtpT/g=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=t/xo++n9MRqEirk62wo/qobvvGC2KuRxmQ47pWVYCQDkiOtyX4iiMk0VTdJAWkkB/rx
 +NeNqkyp7b5bIjHPFpZKgod2ocQkWoGT0qU90pI/pSlmeAq9ABmV9jDWXUm5XUnKTxj+1
 lMC+n7z+M5qOow/BeknQm6GqOVw5zd3MOA0=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

From: Bret Barkelew <brbarkel@microsoft.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522

VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.

This is an instance of a VarCheckLib that is backed by the
VariablePolicyLib business logic. It also publishes the SMM
calling interface for messages from the DXE protocol.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c   | 345 +++++++=
+++++++++++++
 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h                |  54 +++
 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf |  42 +++
 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni |  12 +
 MdeModulePkg/MdeModulePkg.dec                                |   4 +
 MdeModulePkg/MdeModulePkg.dsc                                |   2 +
 6 files changed, 459 insertions(+)

diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c b/M=
deModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
new file mode 100644
index 000000000000..5a0a1599ab41
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
@@ -0,0 +1,345 @@
+/** @file -- VarCheckPolicyLib.c
+This is a NULL library instance that leverages the VarCheck interface
+and the business logic behind the VariablePolicy code to make its decision=
s.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/VarCheckLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/SafeIntLib.h>
+#include <Library/MmServicesTableLib.h>
+#include <Library/SmmMemLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+
+#include <Protocol/MmCommunication.h>
+
+#include <Protocol/VariablePolicy.h>
+#include <Library/VariablePolicyLib.h>
+
+#include <Guid/VarCheckPolicyMmi.h>
+
+//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+// As a VarCheck library, we're linked into the VariableServices
+// and may not be able to call them indirectly. To get around this,
+// use the internal GetVariable function to query the variable store.
+//=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+EFI_STATUS
+EFIAPI
+VariableServiceGetVariable (
+  IN      CHAR16            *VariableName,
+  IN      EFI_GUID          *VendorGuid,
+  OUT     UINT32            *Attributes OPTIONAL,
+  IN OUT  UINTN             *DataSize,
+  OUT     VOID              *Data
+  );
+
+
+UINT8     mSecurityEvalBuffer[VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE];
+
+
+/**
+  MM Communication Handler to recieve commands from the DXE protocol for
+  Variable Policies. This communication channel is used to register new po=
licies
+  and poll and toggle the enforcement of variable policies.
+
+  @param[in]      DispatchHandle      All parameters standard to MM commun=
ications convention.
+  @param[in]      RegisterContext     All parameters standard to MM commun=
ications convention.
+  @param[in,out]  CommBuffer          All parameters standard to MM commun=
ications convention.
+  @param[in,out]  CommBufferSize      All parameters standard to MM commun=
ications convention.
+
+  @retval     EFI_SUCCESS
+  @retval     EFI_INVALID_PARAMETER   CommBuffer or CommBufferSize is null=
 pointer.
+  @retval     EFI_INVALID_PARAMETER   CommBuffer size is wrong.
+  @retval     EFI_INVALID_PARAMETER   Revision or signature don't match.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+VarCheckPolicyLibMmiHandler (
+  IN     EFI_HANDLE                   DispatchHandle,
+  IN     CONST VOID                   *RegisterContext,
+  IN OUT VOID                         *CommBuffer,
+  IN OUT UINTN                        *CommBufferSize
+  )
+{
+  UINTN                                     InternalCommBufferSize;
+  VOID                                      *InternalCommBuffer;
+  EFI_STATUS                                Status;
+  EFI_STATUS                                SubCommandStatus;
+  VAR_CHECK_POLICY_COMM_HEADER              *PolicyCommmHeader;
+  VAR_CHECK_POLICY_COMM_HEADER              *InternalPolicyCommmHeader;
+  VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS   *IsEnabledParams;
+  VAR_CHECK_POLICY_COMM_DUMP_PARAMS         *DumpParamsIn;
+  VAR_CHECK_POLICY_COMM_DUMP_PARAMS         *DumpParamsOut;
+  UINT8                                     *DumpInputBuffer;
+  UINT8                                     *DumpOutputBuffer;
+  UINTN                                     DumpTotalPages;
+  VARIABLE_POLICY_ENTRY                     *PolicyEntry;
+  UINTN                                     ExpectedSize;
+  UINT32                                    TempSize;
+  // Pagination Cache Variables
+  static UINT8                              *PaginationCache =3D NULL;
+  static UINTN                              PaginationCacheSize =3D 0;
+  static UINT32                             CurrentPaginationCommand =3D 0;
+
+  Status =3D EFI_SUCCESS;
+
+  //
+  // Validate some input parameters.
+  //
+  // If either of the pointers are NULL, we can't proceed.
+  if (CommBuffer =3D=3D NULL || CommBufferSize =3D=3D NULL) {
+    DEBUG(( DEBUG_INFO, "%a - Invalid comm buffer pointers!\n", __FUNCTION=
__ ));
+    return EFI_INVALID_PARAMETER;
+  }
+  // Make sure that the buffer does not overlap SMM.
+  // This should be covered by the SmiManage infrastructure, but just to b=
e safe...
+  InternalCommBufferSize =3D *CommBufferSize;
+  if (InternalCommBufferSize > VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE || !Sm=
mIsBufferOutsideSmmValid((UINTN)CommBuffer, (UINT64)InternalCommBufferSize)=
) {
+    DEBUG ((DEBUG_ERROR, "%a - Invalid CommBuffer supplied! 0x%016lX[0x%01=
6lX]\n", __FUNCTION__, CommBuffer, InternalCommBufferSize));
+    return EFI_INVALID_PARAMETER;
+  }
+  // If the size does not meet a minimum threshold, we cannot proceed.
+  ExpectedSize =3D sizeof(VAR_CHECK_POLICY_COMM_HEADER);
+  if (InternalCommBufferSize < ExpectedSize) {
+    DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNCTION=
__, InternalCommBufferSize, ExpectedSize ));
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // Before proceeding any further, copy the buffer internally so that we =
can compare
+  // without worrying about TOCTOU.
+  //
+  InternalCommBuffer =3D &mSecurityEvalBuffer[0];
+  CopyMem(InternalCommBuffer, CommBuffer, InternalCommBufferSize);
+  PolicyCommmHeader =3D CommBuffer;
+  InternalPolicyCommmHeader =3D InternalCommBuffer;
+  // Check the revision and the signature of the comm header.
+  if (InternalPolicyCommmHeader->Signature !=3D VAR_CHECK_POLICY_COMM_SIG =
||
+      InternalPolicyCommmHeader->Revision !=3D VAR_CHECK_POLICY_COMM_REVIS=
ION) {
+    DEBUG(( DEBUG_INFO, "%a - Signature or revision are incorrect!\n", __F=
UNCTION__ ));
+    // We have verified the buffer is not null and have enough size to hol=
d Result field.
+    PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
+    return EFI_SUCCESS;
+  }
+
+  // If we're in the middle of a paginated dump and any other command is s=
ent,
+  // pagination cache must be cleared.
+  if (PaginationCache !=3D NULL && InternalPolicyCommmHeader->Command !=3D=
 CurrentPaginationCommand) {
+    FreePool (PaginationCache);
+    PaginationCache =3D NULL;
+    PaginationCacheSize =3D 0;
+    CurrentPaginationCommand =3D 0;
+  }
+
+  //
+  // Now we can process the command as it was sent.
+  //
+  PolicyCommmHeader->Result =3D EFI_ABORTED;    // Set a default return fo=
r incomplete commands.
+  switch(InternalPolicyCommmHeader->Command) {
+    case VAR_CHECK_POLICY_COMMAND_DISABLE:
+      PolicyCommmHeader->Result =3D DisableVariablePolicy();
+      break;
+
+    case VAR_CHECK_POLICY_COMMAND_IS_ENABLED:
+      // Make sure that we're dealing with a reasonable size.
+      // This add should be safe because these are fixed sizes so far.
+      ExpectedSize +=3D sizeof(VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS);
+      if (InternalCommBufferSize < ExpectedSize) {
+        DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNC=
TION__, InternalCommBufferSize, ExpectedSize ));
+        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
+        break;
+      }
+
+      // Now that we know we've got a valid size, we can fill in the rest =
of the data.
+      IsEnabledParams =3D (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)((UINT=
8*)CommBuffer + sizeof(VAR_CHECK_POLICY_COMM_HEADER));
+      IsEnabledParams->State =3D IsVariablePolicyEnabled();
+      PolicyCommmHeader->Result =3D EFI_SUCCESS;
+      break;
+
+    case VAR_CHECK_POLICY_COMMAND_REGISTER:
+      // Make sure that we're dealing with a reasonable size.
+      // This add should be safe because these are fixed sizes so far.
+      ExpectedSize +=3D sizeof(VARIABLE_POLICY_ENTRY);
+      if (InternalCommBufferSize < ExpectedSize) {
+        DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNC=
TION__, InternalCommBufferSize, ExpectedSize ));
+        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
+        break;
+      }
+
+      // At the very least, we can assume that we're working with a valid =
policy entry.
+      // Time to compare its internal size.
+      PolicyEntry =3D (VARIABLE_POLICY_ENTRY*)((UINT8*)InternalCommBuffer =
+ sizeof(VAR_CHECK_POLICY_COMM_HEADER));
+      if (PolicyEntry->Version !=3D VARIABLE_POLICY_ENTRY_REVISION ||
+          PolicyEntry->Size < sizeof(VARIABLE_POLICY_ENTRY) ||
+          EFI_ERROR(SafeUintnAdd(sizeof(VAR_CHECK_POLICY_COMM_HEADER), Pol=
icyEntry->Size, &ExpectedSize)) ||
+          InternalCommBufferSize < ExpectedSize) {
+        DEBUG(( DEBUG_INFO, "%a - Bad policy entry contents!\n", __FUNCTIO=
N__ ));
+        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
+        break;
+      }
+
+      PolicyCommmHeader->Result =3D RegisterVariablePolicy( PolicyEntry );
+      break;
+
+    case VAR_CHECK_POLICY_COMMAND_DUMP:
+      // Make sure that we're dealing with a reasonable size.
+      // This add should be safe because these are fixed sizes so far.
+      ExpectedSize +=3D sizeof(VAR_CHECK_POLICY_COMM_DUMP_PARAMS) + VAR_CH=
ECK_POLICY_MM_DUMP_BUFFER_SIZE;
+      if (InternalCommBufferSize < ExpectedSize) {
+        DEBUG(( DEBUG_INFO, "%a - Bad comm buffer size! %d < %d\n", __FUNC=
TION__, InternalCommBufferSize, ExpectedSize ));
+        PolicyCommmHeader->Result =3D EFI_INVALID_PARAMETER;
+        break;
+      }
+
+      // Now that we know we've got a valid size, we can fill in the rest =
of the data.
+      DumpParamsIn =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(InternalPolicy=
CommmHeader + 1);
+      DumpParamsOut =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(PolicyCommmHe=
ader + 1);
+
+      // If we're requesting the first page, initialize the cache and get =
the sizes.
+      if (DumpParamsIn->PageRequested =3D=3D 0) {
+        if (PaginationCache !=3D NULL) {
+          FreePool (PaginationCache);
+          PaginationCache =3D NULL;
+        }
+
+        // Determine what the required size is going to be.
+        DumpParamsOut->TotalSize =3D 0;
+        DumpParamsOut->PageSize =3D 0;
+        DumpParamsOut->HasMore =3D FALSE;
+        SubCommandStatus =3D DumpVariablePolicy (NULL, &TempSize);
+        if (SubCommandStatus =3D=3D EFI_BUFFER_TOO_SMALL && TempSize > 0) {
+          CurrentPaginationCommand =3D VAR_CHECK_POLICY_COMMAND_DUMP;
+          PaginationCacheSize =3D TempSize;
+          DumpParamsOut->TotalSize =3D TempSize;
+          PaginationCache =3D AllocatePool (PaginationCacheSize);
+          if (PaginationCache =3D=3D NULL) {
+            SubCommandStatus =3D EFI_OUT_OF_RESOURCES;
+          }
+        }
+
+        // If we've allocated our pagination cache, we're good to cache.
+        if (PaginationCache !=3D NULL) {
+          SubCommandStatus =3D DumpVariablePolicy (PaginationCache, &TempS=
ize);
+        }
+
+        // Populate the remaining fields and we can boogie.
+        if (!EFI_ERROR (SubCommandStatus) && PaginationCache !=3D NULL) {
+          DumpParamsOut->HasMore =3D TRUE;
+        }
+      } else if (PaginationCache !=3D NULL) {
+        DumpParamsOut->TotalSize =3D (UINT32)PaginationCacheSize;
+        DumpOutputBuffer =3D (UINT8*)(DumpParamsOut + 1);
+
+        // Make sure that we don't over-index the cache.
+        DumpTotalPages =3D PaginationCacheSize / VAR_CHECK_POLICY_MM_DUMP_=
BUFFER_SIZE;
+        if (PaginationCacheSize % VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE) {
+          DumpTotalPages++;
+        }
+        if (DumpParamsIn->PageRequested > DumpTotalPages) {
+          SubCommandStatus =3D EFI_INVALID_PARAMETER;
+        } else {
+          // Figure out how far into the page cache we need to go for our =
next page.
+          // We know the blind subtraction won't be bad because we already=
 checked for page 0.
+          DumpInputBuffer =3D &PaginationCache[VAR_CHECK_POLICY_MM_DUMP_BU=
FFER_SIZE * (DumpParamsIn->PageRequested - 1)];
+          TempSize =3D VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE;
+          // If we're getting the last page, adjust the PageSize.
+          if (DumpParamsIn->PageRequested =3D=3D DumpTotalPages) {
+            TempSize =3D PaginationCacheSize % VAR_CHECK_POLICY_MM_DUMP_BU=
FFER_SIZE;
+          }
+          CopyMem (DumpOutputBuffer, DumpInputBuffer, TempSize);
+          DumpParamsOut->PageSize =3D TempSize;
+          // If we just got the last page, settle up the cache.
+          if (DumpParamsIn->PageRequested =3D=3D DumpTotalPages) {
+            DumpParamsOut->HasMore =3D FALSE;
+            FreePool (PaginationCache);
+            PaginationCache =3D NULL;
+            PaginationCacheSize =3D 0;
+            CurrentPaginationCommand =3D 0;
+          // Otherwise, we could do more here.
+          } else {
+            DumpParamsOut->HasMore =3D TRUE;
+          }
+
+          // If we made it this far, we're basically good.
+          SubCommandStatus =3D EFI_SUCCESS;
+        }
+      // If we've requested any other page than 0 and the cache is empty, =
we must have timed out.
+      } else {
+        DumpParamsOut->TotalSize =3D 0;
+        DumpParamsOut->PageSize =3D 0;
+        DumpParamsOut->HasMore =3D FALSE;
+        SubCommandStatus =3D EFI_TIMEOUT;
+      }
+
+      // There's currently no use for this, but it shouldn't be hard to im=
plement.
+      PolicyCommmHeader->Result =3D SubCommandStatus;
+      break;
+
+    case VAR_CHECK_POLICY_COMMAND_LOCK:
+      PolicyCommmHeader->Result =3D LockVariablePolicy();
+      break;
+
+    default:
+      // Mark unknown requested command as EFI_UNSUPPORTED.
+      DEBUG(( DEBUG_INFO, "%a - Invalid command requested! %d\n", __FUNCTI=
ON__, PolicyCommmHeader->Command ));
+      PolicyCommmHeader->Result =3D EFI_UNSUPPORTED;
+      break;
+  }
+
+  DEBUG(( DEBUG_VERBOSE, "%a - Command %d returning %r.\n", __FUNCTION__,
+          PolicyCommmHeader->Command, PolicyCommmHeader->Result ));
+
+  return Status;
+}
+
+
+/**
+  Constructor function of VarCheckPolicyLib to register VarCheck handler a=
nd
+  SW MMI handlers.
+
+  @param[in] ImageHandle    The firmware allocated handle for the EFI imag=
e.
+  @param[in] SystemTable    A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS       The constructor executed correctly.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckPolicyLibConstructor (
+  IN EFI_HANDLE             ImageHandle,
+  IN EFI_SYSTEM_TABLE       *SystemTable
+  )
+{
+  EFI_STATUS    Status;
+  EFI_HANDLE    DiscardedHandle;
+
+  // Initialize the business logic with the internal GetVariable handler.
+  Status =3D InitVariablePolicyLib( VariableServiceGetVariable );
+
+  // Only proceed with init if the business logic could be initialized.
+  if (!EFI_ERROR( Status )) {
+    // Register the VarCheck handler for SetVariable filtering.
+    // Forward the check to the business logic of the library.
+    VarCheckLibRegisterSetVariableCheckHandler( ValidateSetVariable );
+
+    // Register the MMI handlers for receiving policy commands.
+    DiscardedHandle =3D NULL;
+    Status =3D gMmst->MmiHandlerRegister( VarCheckPolicyLibMmiHandler,
+                                        &gVarCheckPolicyLibMmiHandlerGuid,
+                                        &DiscardedHandle );
+  }
+  // Otherwise, there's not much we can do.
+  else {
+    DEBUG(( DEBUG_ERROR, "%a - Cannot Initialize VariablePolicyLib! %r\n",=
 __FUNCTION__, Status ));
+    ASSERT_EFI_ERROR( Status );
+  }
+
+  return Status;
+}
diff --git a/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h b/MdeModulePkg/I=
nclude/Guid/VarCheckPolicyMmi.h
new file mode 100644
index 000000000000..77bcc62f3ccf
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
@@ -0,0 +1,54 @@
+/** @file -- VarCheckPolicyMmiCommon.h
+This header contains communication definitions that are shared between DXE
+and the MM component of VarCheckPolicy.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _VAR_CHECK_POLICY_MMI_COMMON_H_
+#define _VAR_CHECK_POLICY_MMI_COMMON_H_
+
+#define   VAR_CHECK_POLICY_COMM_SIG       SIGNATURE_32('V', 'C', 'P', 'C')
+#define   VAR_CHECK_POLICY_COMM_REVISION  1
+
+#pragma pack(push, 1)
+
+typedef struct _VAR_CHECK_POLICY_COMM_HEADER {
+  UINT32      Signature;
+  UINT32      Revision;
+  UINT32      Command;
+  EFI_STATUS  Result;
+} VAR_CHECK_POLICY_COMM_HEADER;
+
+typedef struct _VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS {
+  BOOLEAN     State;
+} VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS;
+
+typedef struct _VAR_CHECK_POLICY_COMM_DUMP_PARAMS {
+  UINT32      PageRequested;
+  UINT32      TotalSize;
+  UINT32      PageSize;
+  BOOLEAN     HasMore;
+} VAR_CHECK_POLICY_COMM_DUMP_PARAMS;
+
+#pragma pack(pop)
+
+// Make sure that we will hold at least the headers.
+#define   VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE  MAX((OFFSET_OF(EFI_MM_COMM=
UNICATE_HEADER, Data) + sizeof (VAR_CHECK_POLICY_COMM_HEADER) + EFI_PAGES_T=
O_SIZE(1)), EFI_PAGES_TO_SIZE(4))
+#define   VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE  (VAR_CHECK_POLICY_MM_COMM_=
BUFFER_SIZE - \
+                                                    (OFFSET_OF(EFI_MM_COMM=
UNICATE_HEADER, Data) + \
+                                                      sizeof(VAR_CHECK_POL=
ICY_COMM_HEADER) + \
+                                                      sizeof(VAR_CHECK_POL=
ICY_COMM_DUMP_PARAMS)))
+STATIC_ASSERT (
+  VAR_CHECK_POLICY_MM_DUMP_BUFFER_SIZE < VAR_CHECK_POLICY_MM_COMM_BUFFER_S=
IZE,
+  "an integer underflow may have occurred calculating VAR_CHECK_POLICY_MM_=
DUMP_BUFFER_SIZE"
+  );
+
+#define   VAR_CHECK_POLICY_COMMAND_DISABLE      0x0001
+#define   VAR_CHECK_POLICY_COMMAND_IS_ENABLED   0x0002
+#define   VAR_CHECK_POLICY_COMMAND_REGISTER     0x0003
+#define   VAR_CHECK_POLICY_COMMAND_DUMP         0x0004
+#define   VAR_CHECK_POLICY_COMMAND_LOCK         0x0005
+
+#endif // _VAR_CHECK_POLICY_MMI_COMMON_H_
diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf b=
/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
new file mode 100644
index 000000000000..077bcc8990ca
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
@@ -0,0 +1,42 @@
+## @file VarCheckPolicyLib.inf
+# This is an instance of a VarCheck lib that leverages the business logic =
behind
+# the VariablePolicy code to make its decisions.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D VarCheckPolicyLib
+  FILE_GUID                      =3D 9C28A48F-C884-4B1F-8B95-DEF125448023
+  MODULE_TYPE                    =3D DXE_RUNTIME_DRIVER
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D NULL|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER
+  CONSTRUCTOR                    =3D VarCheckPolicyLibConstructor
+
+
+[Sources]
+  VarCheckPolicyLib.c
+
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  BaseMemoryLib
+  DxeServicesLib
+  MemoryAllocationLib
+  VarCheckLib
+  VariablePolicyLib
+  VariablePolicyHelperLib
+  SafeIntLib
+  MmServicesTableLib
+
+
+[Guids]
+  gVarCheckPolicyLibMmiHandlerGuid        ## CONSUME ## Used to register f=
or MM Communication events.
diff --git a/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni b=
/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
new file mode 100644
index 000000000000..eedeeed15d31
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
@@ -0,0 +1,12 @@
+// /** @file
+// VarCheckPolicyLib.uni
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "NULL library impl=
ementation that conforms to the VarCheck interface to allow VariablePolicy =
engine to enforce policies"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "NULL library impl=
ementation that conforms to the VarCheck interface to allow VariablePolicy =
engine to enforce policies"
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 51f7f9d7246a..00075528198d 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -385,6 +385,10 @@ [Guids]
   ## Include/Guid/EndofS3Resume.h
   gEdkiiEndOfS3ResumeGuid =3D { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0=
xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }
=20
+  ## Used (similar to Variable Services) to communicate policies to the en=
forcement engine.
+  # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}
+  gVarCheckPolicyLibMmiHandlerGuid =3D { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9=
d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}
+
   ## Include/Guid/S3SmmInitDone.h
   gEdkiiS3SmmInitDoneGuid =3D { 0x8f9d4825, 0x797d, 0x48fc, { 0x84, 0x71, =
0x84, 0x50, 0x25, 0x79, 0x2e, 0xf6 } }
=20
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 37795b9e4f58..f0a75a3b337b 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -313,6 +313,7 @@ [Components]
   MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
   MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
   MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
+  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
   MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
   MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
   MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
@@ -458,6 +459,7 @@ [Components.IA32, Components.X64]
   MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
     <LibraryClasses>
+      NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
       NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
       NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf
       NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf
--=20
2.28.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65498): https://edk2.groups.io/g/devel/message/65498
Mute This Topic: https://groups.io/mt/77029615/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-