On Sat, 28 Oct 2023 at 03:18, Michael Kubacki
<mikuback@linux.microsoft.com> wrote:
>
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>
> Adds a new module (dynamic shell command) to ShellPkg that lists
> variable policy information for all UEFI variables on the system.
>
> Some other UEFI variable related functionality is also included to
> give a greater sense of platform UEFI variable state.
>
Thanks, this looks usefu.
For the series,
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Could we add it to ArmVirtPkg as well please?
> Like all dynamic shell commands, a platform only needs to include
> VariablePolicyDynamicCommand.inf in their flash image to have
> the command registered in their UEFI shell.
>
> The shell command is added to OvmfPkg so it is available in an
> easily obtainable virtual platform.
>
> The code can also be built as a standalone EFI application.
>
> This is being made available to ease auditing and enabling of UEFI
> variable policy to encourage its adoption for securing UEFI
> variables.
>
> ---
>
> Command Help:
>
> Lists UEFI variable policy information.
>
> VARPOLICY [-p] [-s] [-v]
>
> -p - The policy flag will print variable policy info for each variable.
>
> -s - The stats flag will print overall UEFI variable policy statistics.
>
> -v - The verbose flag indicates all known information should be printed.
>
> This includes a dump of the corresponding UEFI variable data in
> addition to all other UEFI variable policy information.
>
> EXAMPLES:
>
> * To dump all active UEFI variables:
> fs0:\> varpolicy
>
> * To include UEFI variable policy information:
> varpolicy -p
>
> * To include UEFI variable statistics:
> varpolicy -s
>
> Press ENTER to continue or 'Q' break:
>
> ---
>
> v2 changes:
>
> - Allow the variable policy dynamic command to also be built as a
> standalone EFI app.
>
> Images showing example output are available in the PR:
> https://github.com/tianocore/edk2/pull/4835
>
> Cc: Anatol Belski <anbelski@linux.microsoft.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jianyong Wu <jianyong.wu@arm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Julien Grall <julien@xen.org>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Zhichao Gao <zhichao.gao@intel.com>
>
> Michael Kubacki (3):
> MdeModulePkg/VariablePolicy: Add more granular variable policy
> querying
> ShellPkg: Add varpolicy dynamic shell command and app
> OvmfPkg: Add varpolicy shell command
>
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c | 174 +++-
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 304 +++++++
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 4 +-
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c | 346 +++++++-
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.c | 877 ++++++++++++++++++++
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.c | 59 ++
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.c | 157 ++++
> MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h | 39 +-
> MdeModulePkg/Include/Library/VariablePolicyLib.h | 107 +++
> MdeModulePkg/Include/Protocol/VariablePolicy.h | 133 ++-
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf | 1 +
> OvmfPkg/CloudHv/CloudHvX64.dsc | 4 +
> OvmfPkg/Microvm/MicrovmX64.dsc | 4 +
> OvmfPkg/OvmfPkgIa32.dsc | 4 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
> OvmfPkg/OvmfPkgX64.dsc | 4 +
> OvmfPkg/OvmfXen.dsc | 4 +
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.h | 126 +++
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.uni | 86 ++
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.inf | 58 ++
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf | 57 ++
> ShellPkg/ShellPkg.dsc | 5 +
> 22 files changed, 2511 insertions(+), 46 deletions(-)
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.c
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.c
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.c
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.h
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.uni
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.inf
> create mode 100644 ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
>
> --
> 2.42.0.windows.2
>
>
>
> ------------
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#110234): https://edk2.groups.io/g/devel/message/110234
> Mute This Topic: https://groups.io/mt/102234059/5717338
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [ardb+tianocore@kernel.org]
> ------------
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110238): https://edk2.groups.io/g/devel/message/110238
Mute This Topic: https://groups.io/mt/102234059/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-