]>
Commit | Line | Data |
---|---|---|
355b181f BB |
1 | /** @file -- VariablePolicyLib.h\r |
2 | Business logic for Variable Policy enforcement.\r | |
3 | \r | |
4 | Copyright (c) Microsoft Corporation.\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | **/\r | |
8 | \r | |
9 | #ifndef _VARIABLE_POLICY_LIB_H_\r | |
10 | #define _VARIABLE_POLICY_LIB_H_\r | |
11 | \r | |
12 | #include <Protocol/VariablePolicy.h>\r | |
13 | \r | |
14 | /**\r | |
15 | This API function validates and registers a new policy with\r | |
16 | the policy enforcement engine.\r | |
17 | \r | |
18 | @param[in] NewPolicy Pointer to the incoming policy structure.\r | |
19 | \r | |
20 | @retval EFI_SUCCESS\r | |
21 | @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.\r | |
22 | @retval EFI_ALREADY_STARTED An identical matching policy already exists.\r | |
23 | @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.\r | |
24 | @retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.\r | |
25 | @retval EFI_ABORTED A calculation error has prevented this function from completing.\r | |
26 | @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.\r | |
27 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
28 | \r | |
29 | **/\r | |
30 | EFI_STATUS\r | |
31 | EFIAPI\r | |
32 | RegisterVariablePolicy (\r | |
33 | IN CONST VARIABLE_POLICY_ENTRY *NewPolicy\r | |
34 | );\r | |
35 | \r | |
36 | \r | |
37 | /**\r | |
38 | This API function checks to see whether the parameters to SetVariable would\r | |
39 | be allowed according to the current variable policies.\r | |
40 | \r | |
41 | @param[in] VariableName Same as EFI_SET_VARIABLE.\r | |
42 | @param[in] VendorGuid Same as EFI_SET_VARIABLE.\r | |
43 | @param[in] Attributes Same as EFI_SET_VARIABLE.\r | |
44 | @param[in] DataSize Same as EFI_SET_VARIABLE.\r | |
45 | @param[in] Data Same as EFI_SET_VARIABLE.\r | |
46 | \r | |
47 | @retval EFI_SUCCESS A matching policy allows this update.\r | |
48 | @retval EFI_SUCCESS There are currently no policies that restrict this update.\r | |
49 | @retval EFI_SUCCESS The protections have been disable until the next reboot.\r | |
50 | @retval EFI_WRITE_PROTECTED Variable is currently locked.\r | |
51 | @retval EFI_INVALID_PARAMETER Attributes or size are invalid.\r | |
52 | @retval EFI_ABORTED A lock policy exists, but an error prevented evaluation.\r | |
53 | @retval EFI_NOT_READY Library has not been initialized.\r | |
54 | \r | |
55 | **/\r | |
56 | EFI_STATUS\r | |
57 | EFIAPI\r | |
58 | ValidateSetVariable (\r | |
59 | IN CHAR16 *VariableName,\r | |
60 | IN EFI_GUID *VendorGuid,\r | |
61 | IN UINT32 Attributes,\r | |
62 | IN UINTN DataSize,\r | |
63 | IN VOID *Data\r | |
64 | );\r | |
65 | \r | |
66 | \r | |
67 | /**\r | |
68 | This API function disables the variable policy enforcement. If it's\r | |
69 | already been called once, will return EFI_ALREADY_STARTED.\r | |
70 | \r | |
71 | @retval EFI_SUCCESS\r | |
72 | @retval EFI_ALREADY_STARTED Has already been called once this boot.\r | |
73 | @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.\r | |
74 | @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.\r | |
75 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
76 | \r | |
77 | **/\r | |
78 | EFI_STATUS\r | |
79 | EFIAPI\r | |
80 | DisableVariablePolicy (\r | |
81 | VOID\r | |
82 | );\r | |
83 | \r | |
84 | \r | |
85 | /**\r | |
86 | This API function will dump the entire contents of the variable policy table.\r | |
87 | \r | |
88 | Similar to GetVariable, the first call can be made with a 0 size and it will return\r | |
89 | the size of the buffer required to hold the entire table.\r | |
90 | \r | |
91 | @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.\r | |
92 | @param[in,out] Size On input, the size of the output buffer. On output, the size\r | |
93 | of the data returned.\r | |
94 | \r | |
95 | @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.\r | |
96 | @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.\r | |
97 | @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.\r | |
98 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
99 | \r | |
100 | **/\r | |
101 | EFI_STATUS\r | |
102 | EFIAPI\r | |
103 | DumpVariablePolicy (\r | |
104 | OUT UINT8 *Policy,\r | |
105 | IN OUT UINT32 *Size\r | |
106 | );\r | |
107 | \r | |
108 | \r | |
109 | /**\r | |
110 | This API function returns whether or not the policy engine is\r | |
111 | currently being enforced.\r | |
112 | \r | |
113 | @retval TRUE\r | |
114 | @retval FALSE\r | |
115 | @retval FALSE Library has not yet been initialized.\r | |
116 | \r | |
117 | **/\r | |
118 | BOOLEAN\r | |
119 | EFIAPI\r | |
120 | IsVariablePolicyEnabled (\r | |
121 | VOID\r | |
122 | );\r | |
123 | \r | |
124 | \r | |
125 | /**\r | |
126 | This API function locks the interface so that no more policy updates\r | |
127 | can be performed or changes made to the enforcement until the next boot.\r | |
128 | \r | |
129 | @retval EFI_SUCCESS\r | |
130 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
131 | \r | |
132 | **/\r | |
133 | EFI_STATUS\r | |
134 | EFIAPI\r | |
135 | LockVariablePolicy (\r | |
136 | VOID\r | |
137 | );\r | |
138 | \r | |
139 | \r | |
140 | /**\r | |
141 | This API function returns whether or not the policy interface is locked\r | |
142 | for the remainder of the boot.\r | |
143 | \r | |
144 | @retval TRUE\r | |
145 | @retval FALSE\r | |
146 | @retval FALSE Library has not yet been initialized.\r | |
147 | \r | |
148 | **/\r | |
149 | BOOLEAN\r | |
150 | EFIAPI\r | |
151 | IsVariablePolicyInterfaceLocked (\r | |
152 | VOID\r | |
153 | );\r | |
154 | \r | |
155 | \r | |
156 | /**\r | |
157 | This helper function initializes the library and sets\r | |
158 | up any required internal structures or handlers.\r | |
159 | \r | |
160 | Also registers the internal pointer for the GetVariable helper.\r | |
161 | \r | |
162 | @param[in] GetVariableHelper A function pointer matching the EFI_GET_VARIABLE prototype that will be used to\r | |
163 | check policy criteria that involve the existence of other variables.\r | |
164 | \r | |
165 | @retval EFI_SUCCESS\r | |
166 | @retval EFI_ALREADY_STARTED The initialize function has been called more than once without a call to\r | |
167 | deinitialize.\r | |
168 | \r | |
169 | **/\r | |
170 | EFI_STATUS\r | |
171 | EFIAPI\r | |
172 | InitVariablePolicyLib (\r | |
173 | IN EFI_GET_VARIABLE GetVariableHelper\r | |
174 | );\r | |
175 | \r | |
176 | \r | |
177 | /**\r | |
178 | This helper function returns whether or not the library is currently initialized.\r | |
179 | \r | |
180 | @retval TRUE\r | |
181 | @retval FALSE\r | |
182 | \r | |
183 | **/\r | |
184 | BOOLEAN\r | |
185 | EFIAPI\r | |
186 | IsVariablePolicyLibInitialized (\r | |
187 | VOID\r | |
188 | );\r | |
189 | \r | |
190 | \r | |
191 | /**\r | |
192 | This helper function tears down the library.\r | |
193 | \r | |
194 | Should generally only be used for test harnesses.\r | |
195 | \r | |
196 | @retval EFI_SUCCESS\r | |
197 | @retval EFI_NOT_READY Deinitialize was called without first calling initialize.\r | |
198 | \r | |
199 | **/\r | |
200 | EFI_STATUS\r | |
201 | EFIAPI\r | |
202 | DeinitVariablePolicyLib (\r | |
203 | VOID\r | |
204 | );\r | |
205 | \r | |
206 | \r | |
207 | #endif // _VARIABLE_POLICY_LIB_H_\r |