From nobody Mon Feb 9 09:52:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67156+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67156+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1604904403; cv=none; d=zohomail.com; s=zohoarc; b=BZ6Svn5OH13q+Hluvl3o3hyXKp78uFA4J3Q1nrtf0pxIddbqZI3tK+UMK3nmbCexdr21yRaiIG0JAPqQeEfWNiKI31nGKLPmhPMYKfyi/zPaHYek3Dyh2Xb6vC9fBRYJf7yh1HMypML6PS32TTyVlLqR8SXBekLURlUGgYaWnM8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1604904403; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FQof/DzdeZQM2ktI7ssVuQ9jUbSTR4Me9sqBKJUlhcI=; b=gz/IC3mYsxdceX9DxnVVyDThFUDxdy/jQcoGGOlblEu7CVgCKiQkbanecJwC84r4E0FmCnoj4MwmbVmVU1ASdGo52t10jvFSuyuU8gYio0L3bJYeeGUuxUad0Hela6zO6g7z9NkNd1j7VzPKfNJFuIynzc9m22Bz8kMi7kSgGw0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67156+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1604904403051390.95451322315637; Sun, 8 Nov 2020 22:46:43 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9tbgYY1788612xVOXTdl9zdk; Sun, 08 Nov 2020 22:46:42 -0800 X-Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by mx.groups.io with SMTP id smtpd.web11.8063.1604904402364531418 for ; Sun, 08 Nov 2020 22:46:42 -0800 X-Received: by mail-pg1-f193.google.com with SMTP id w4so6275841pgg.13 for ; Sun, 08 Nov 2020 22:46:42 -0800 (PST) X-Gm-Message-State: 7pSouPRSTRLG3lMkv6tcyXxyx1787277AA= X-Google-Smtp-Source: ABdhPJylSg/WCzE4Kd/1FmDUydosCZYTBWn7dBGwWjkVHaTUeWTXYpVTrjdqAXsRq8ucHqIWRjD6og== X-Received: by 2002:aa7:870e:0:b029:18b:f46:9ca9 with SMTP id b14-20020aa7870e0000b029018b0f469ca9mr12418832pfo.3.1604904401719; Sun, 08 Nov 2020 22:46:41 -0800 (PST) X-Received: from localhost.localdomain ([71.212.128.184]) by smtp.gmail.com with ESMTPSA id s145sm10215111pfs.187.2020.11.08.22.46.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Nov 2020 22:46:41 -0800 (PST) From: "Bret Barkelew" X-Google-Original-From: Bret Barkelew To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Liming Gao , Bret Barkelew , Dandan Bi Subject: [edk2-devel] [PATCH v9 10/13] MdeModulePkg: Allow VariablePolicy state to delete protected variables Date: Sun, 8 Nov 2020 22:45:19 -0800 Message-Id: <20201109064522.919-11-bret.barkelew@microsoft.com> In-Reply-To: <20201109064522.919-1-bret.barkelew@microsoft.com> References: <20201109064522.919-1-bret.barkelew@microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,bret@corthon.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1604904402; bh=ibgiJdn8/3Gx9mUnliMUPsm+qu7E0NJ2kvXlOgMYyJk=; h=Cc:Date:From:Reply-To:Subject:To; b=bsx9haTC8h0GcD5SQqGrwIgtjpmmKFhnBKVXUCuewmHuwBmkCA8Z+7VlJE418TrAI1V 2gjqxZ+M7t6sPgBItlcHiDOeU/kVsqH32Eu15xM85BDlsUlGPB5FTOqtdYrtAppWQlbVK FBHItghAyrp4XpyOSp65yG7EhsaxUY87gyo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 TcgMorLockSmm provides special protections for the TCG MOR variables. This will check IsVariablePolicyEnabled() before enforcing them to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Bret Barkelew Reviewed-by: Dandan Bi Acked-by: Jian J Wang --- MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 10 += +++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 2 ++ 2 files changed, 12 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/M= deModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index 6d80eb64341a..085f82035f4b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -5,6 +5,7 @@ This module adds Variable Hook and check MemoryOverwriteRequestControlLo= ck. =20 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include "Variable.h" =20 +#include + +#include + typedef struct { CHAR16 *VariableName; EFI_GUID *VendorGuid; @@ -341,6 +346,11 @@ SetVariableCheckHandlerMor ( return EFI_SUCCESS; } =20 + // Permit deletion when policy is disabled. + if (!IsVariablePolicyEnabled() && ((Attributes =3D=3D 0) || (DataSize = =3D=3D 0))) { + return EFI_SUCCESS; + } + // // MorLock variable // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneM= m.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 6e17f6cdf588..d8f480be27cc 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -20,6 +20,7 @@ # # Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
# Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+# Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -74,6 +75,7 @@ [LibraryClasses] StandaloneMmDriverEntryPoint SynchronizationLib VarCheckLib + VariablePolicyLib =20 [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES --=20 2.28.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67156): https://edk2.groups.io/g/devel/message/67156 Mute This Topic: https://groups.io/mt/78130780/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-