[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableDxe.c

/** @file\r
  Implement all four UEFI Runtime Variable services for the nonvolatile\r
  and volatile storage space and install variable architecture protocol.\r
\r
Copyright (C) 2013, Red Hat, Inc.\r
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
Copyright (c) Microsoft Corporation.\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "Variable.h"\r
\r
#include <Protocol/VariablePolicy.h>\r
#include <Library/VariablePolicyLib.h>\r
\r
EFI_STATUS\r
EFIAPI\r
ProtocolIsVariablePolicyEnabled (\r
  OUT BOOLEAN *State\r
  );\r
\r
EFI_HANDLE                          mHandle                    = NULL;\r
EFI_EVENT                           mVirtualAddressChangeEvent = NULL;\r
VOID                                *mFtwRegistration          = NULL;\r
VOID                                ***mVarCheckAddressPointer = NULL;\r
UINTN                               mVarCheckAddressPointerCount = 0;\r
EDKII_VARIABLE_LOCK_PROTOCOL        mVariableLock              = { VariableLockRequestToLock };\r
EDKII_VARIABLE_POLICY_PROTOCOL      mVariablePolicyProtocol    = { EDKII_VARIABLE_POLICY_PROTOCOL_REVISION,\r
                                                                    DisableVariablePolicy,\r
                                                                    ProtocolIsVariablePolicyEnabled,\r
                                                                    RegisterVariablePolicy,\r
                                                                    DumpVariablePolicy,\r
                                                                    LockVariablePolicy };\r
EDKII_VAR_CHECK_PROTOCOL            mVarCheck                  = { VarCheckRegisterSetVariableCheckHandler,\r
                                                                    VarCheckVariablePropertySet,\r
                                                                    VarCheckVariablePropertyGet };\r
\r
/**\r
  Some Secure Boot Policy Variable may update following other variable changes(SecureBoot follows PK change, etc).\r
  Record their initial State when variable write service is ready.\r
\r
**/\r
VOID\r
EFIAPI\r
RecordSecureBootPolicyVarData(\r
  VOID\r
  );\r
\r
/**\r
  Return TRUE if ExitBootServices () has been called.\r
\r
  @retval TRUE If ExitBootServices () has been called.\r
**/\r
BOOLEAN\r
AtRuntime (\r
  VOID\r
  )\r
{\r
  return EfiAtRuntime ();\r
}\r
\r
\r
/**\r
  Initializes a basic mutual exclusion lock.\r
\r
  This function initializes a basic mutual exclusion lock to the released state\r
  and returns the lock.  Each lock provides mutual exclusion access at its task\r
  priority level.  Since there is no preemption or multiprocessor support in EFI,\r
  acquiring the lock only consists of raising to the locks TPL.\r
  If Lock is NULL, then ASSERT().\r
  If Priority is not a valid TPL value, then ASSERT().\r
\r
  @param  Lock       A pointer to the lock data structure to initialize.\r
  @param  Priority   EFI TPL is associated with the lock.\r
\r
  @return The lock.\r
\r
**/\r
EFI_LOCK *\r
InitializeLock (\r
  IN OUT EFI_LOCK                         *Lock,\r
  IN     EFI_TPL                          Priority\r
  )\r
{\r
  return EfiInitializeLock (Lock, Priority);\r
}\r
\r
\r
/**\r
  Acquires lock only at boot time. Simply returns at runtime.\r
\r
  This is a temperary function that will be removed when\r
  EfiAcquireLock() in UefiLib can handle the call in UEFI\r
  Runtimer driver in RT phase.\r
  It calls EfiAcquireLock() at boot time, and simply returns\r
  at runtime.\r
\r
  @param  Lock         A pointer to the lock to acquire.\r
\r
**/\r
VOID\r
AcquireLockOnlyAtBootTime (\r
  IN EFI_LOCK                             *Lock\r
  )\r
{\r
  if (!AtRuntime ()) {\r
    EfiAcquireLock (Lock);\r
  }\r
}\r
\r
\r
/**\r
  Releases lock only at boot time. Simply returns at runtime.\r
\r
  This is a temperary function which will be removed when\r
  EfiReleaseLock() in UefiLib can handle the call in UEFI\r
  Runtimer driver in RT phase.\r
  It calls EfiReleaseLock() at boot time and simply returns\r
  at runtime.\r
\r
  @param  Lock         A pointer to the lock to release.\r
\r
**/\r
VOID\r
ReleaseLockOnlyAtBootTime (\r
  IN EFI_LOCK                             *Lock\r
  )\r
{\r
  if (!AtRuntime ()) {\r
    EfiReleaseLock (Lock);\r
  }\r
}\r
\r
/**\r
  Retrieve the Fault Tolerent Write protocol interface.\r
\r
  @param[out] FtwProtocol       The interface of Ftw protocol\r
\r
  @retval EFI_SUCCESS           The FTW protocol instance was found and returned in FtwProtocol.\r
  @retval EFI_NOT_FOUND         The FTW protocol instance was not found.\r
  @retval EFI_INVALID_PARAMETER SarProtocol is NULL.\r
\r
**/\r
EFI_STATUS\r
GetFtwProtocol (\r
  OUT VOID                                **FtwProtocol\r
  )\r
{\r
  EFI_STATUS                              Status;\r
\r
  //\r
  // Locate Fault Tolerent Write protocol\r
  //\r
  Status = gBS->LocateProtocol (\r
                  &gEfiFaultTolerantWriteProtocolGuid,\r
                  NULL,\r
                  FtwProtocol\r
                  );\r
  return Status;\r
}\r
\r
/**\r
  Retrieve the FVB protocol interface by HANDLE.\r
\r
  @param[in]  FvBlockHandle     The handle of FVB protocol that provides services for\r
                                reading, writing, and erasing the target block.\r
  @param[out] FvBlock           The interface of FVB protocol\r
\r
  @retval EFI_SUCCESS           The interface information for the specified protocol was returned.\r
  @retval EFI_UNSUPPORTED       The device does not support the FVB protocol.\r
  @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.\r
\r
**/\r
EFI_STATUS\r
GetFvbByHandle (\r
  IN  EFI_HANDLE                          FvBlockHandle,\r
  OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL  **FvBlock\r
  )\r
{\r
  //\r
  // To get the FVB protocol interface on the handle\r
  //\r
  return gBS->HandleProtocol (\r
                FvBlockHandle,\r
                &gEfiFirmwareVolumeBlockProtocolGuid,\r
                (VOID **) FvBlock\r
                );\r
}\r
\r
\r
/**\r
  Function returns an array of handles that support the FVB protocol\r
  in a buffer allocated from pool.\r
\r
  @param[out]  NumberHandles    The number of handles returned in Buffer.\r
  @param[out]  Buffer           A pointer to the buffer to return the requested\r
                                array of  handles that support FVB protocol.\r
\r
  @retval EFI_SUCCESS           The array of handles was returned in Buffer, and the number of\r
                                handles in Buffer was returned in NumberHandles.\r
  @retval EFI_NOT_FOUND         No FVB handle was found.\r
  @retval EFI_OUT_OF_RESOURCES  There is not enough pool memory to store the matching results.\r
  @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.\r
\r
**/\r
EFI_STATUS\r
GetFvbCountAndBuffer (\r
  OUT UINTN                               *NumberHandles,\r
  OUT EFI_HANDLE                          **Buffer\r
  )\r
{\r
  EFI_STATUS                              Status;\r
\r
  //\r
  // Locate all handles of Fvb protocol\r
  //\r
  Status = gBS->LocateHandleBuffer (\r
                  ByProtocol,\r
                  &gEfiFirmwareVolumeBlockProtocolGuid,\r
                  NULL,\r
                  NumberHandles,\r
                  Buffer\r
                  );\r
  return Status;\r
}\r
\r
\r
/**\r
  Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.\r
\r
  This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
  It convers pointer to new virtual address.\r
\r
  @param  Event        Event whose notification function is being invoked.\r
  @param  Context      Pointer to the notification function's context.\r
\r
**/\r
VOID\r
EFIAPI\r
VariableClassAddressChangeEvent (\r
  IN EFI_EVENT                            Event,\r
  IN VOID                                 *Context\r
  )\r
{\r
  UINTN          Index;\r
\r
  if (mVariableModuleGlobal->FvbInstance != NULL) {\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetBlockSize);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetPhysicalAddress);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetAttributes);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->SetAttributes);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->Read);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->Write);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->EraseBlocks);\r
    EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance);\r
  }\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLangCodes);\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->LangCodes);\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLang);\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.VolatileVariableBase);\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);\r
  EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);\r
  EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);\r
  EfiConvertPointer (0x0, (VOID **) &mNvFvHeaderCache);\r
\r
  if (mAuthContextOut.AddressPointer != NULL) {\r
    for (Index = 0; Index < mAuthContextOut.AddressPointerCount; Index++) {\r
      EfiConvertPointer (0x0, (VOID **) mAuthContextOut.AddressPointer[Index]);\r
    }\r
  }\r
\r
  if (mVarCheckAddressPointer != NULL) {\r
    for (Index = 0; Index < mVarCheckAddressPointerCount; Index++) {\r
      EfiConvertPointer (0x0, (VOID **) mVarCheckAddressPointer[Index]);\r
    }\r
  }\r
}\r
\r
\r
/**\r
  Notification function of EVT_GROUP_READY_TO_BOOT event group.\r
\r
  This is a notification function registered on EVT_GROUP_READY_TO_BOOT event group.\r
  When the Boot Manager is about to load and execute a boot option, it reclaims variable\r
  storage if free size is below the threshold.\r
\r
  @param  Event        Event whose notification function is being invoked.\r
  @param  Context      Pointer to the notification function's context.\r
\r
**/\r
VOID\r
EFIAPI\r
OnReadyToBoot (\r
  EFI_EVENT                               Event,\r
  VOID                                    *Context\r
  )\r
{\r
  EFI_STATUS        Status;\r
\r
  if (!mEndOfDxe) {\r
    MorLockInitAtEndOfDxe ();\r
\r
    Status = LockVariablePolicy ();\r
    ASSERT_EFI_ERROR (Status);\r
    //\r
    // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.\r
    //\r
    mEndOfDxe = TRUE;\r
    mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);\r
    //\r
    // The initialization for variable quota.\r
    //\r
    InitializeVariableQuota ();\r
  }\r
  ReclaimForOS ();\r
  if (FeaturePcdGet (PcdVariableCollectStatistics)) {\r
    if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {\r
      gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, gVariableInfo);\r
    } else {\r
      gBS->InstallConfigurationTable (&gEfiVariableGuid, gVariableInfo);\r
    }\r
  }\r
\r
  gBS->CloseEvent (Event);\r
}\r
\r
/**\r
  Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group.\r
\r
  This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP_GUID event group.\r
\r
  @param  Event        Event whose notification function is being invoked.\r
  @param  Context      Pointer to the notification function's context.\r
\r
**/\r
VOID\r
EFIAPI\r
OnEndOfDxe (\r
  EFI_EVENT                               Event,\r
  VOID                                    *Context\r
  )\r
{\r
  EFI_STATUS    Status;\r
\r
  DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));\r
  MorLockInitAtEndOfDxe ();\r
  Status = LockVariablePolicy ();\r
  ASSERT_EFI_ERROR (Status);\r
  mEndOfDxe = TRUE;\r
  mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);\r
  //\r
  // The initialization for variable quota.\r
  //\r
  InitializeVariableQuota ();\r
  if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {\r
    ReclaimForOS ();\r
  }\r
\r
  gBS->CloseEvent (Event);\r
}\r
\r
/**\r
  Initializes variable write service for DXE.\r
\r
**/\r
VOID\r
VariableWriteServiceInitializeDxe (\r
  VOID\r
  )\r
{\r
  EFI_STATUS    Status;\r
\r
  Status = VariableWriteServiceInitialize ();\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));\r
  }\r
\r
  //\r
  // Some Secure Boot Policy Var (SecureBoot, etc) updates following other\r
  // Secure Boot Policy Variable change. Record their initial value.\r
  //\r
  RecordSecureBootPolicyVarData();\r
\r
  //\r
  // Install the Variable Write Architectural protocol.\r
  //\r
  Status = gBS->InstallProtocolInterface (\r
                  &mHandle,\r
                  &gEfiVariableWriteArchProtocolGuid,\r
                  EFI_NATIVE_INTERFACE,\r
                  NULL\r
                  );\r
  ASSERT_EFI_ERROR (Status);\r
}\r
\r
/**\r
  Fault Tolerant Write protocol notification event handler.\r
\r
  Non-Volatile variable write may needs FTW protocol to reclaim when\r
  writting variable.\r
\r
  @param[in] Event    Event whose notification function is being invoked.\r
  @param[in] Context  Pointer to the notification function's context.\r
\r
**/\r
VOID\r
EFIAPI\r
FtwNotificationEvent (\r
  IN  EFI_EVENT                           Event,\r
  IN  VOID                                *Context\r
  )\r
{\r
  EFI_STATUS                              Status;\r
  EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL      *FvbProtocol;\r
  EFI_FAULT_TOLERANT_WRITE_PROTOCOL       *FtwProtocol;\r
  EFI_PHYSICAL_ADDRESS                    NvStorageVariableBase;\r
  EFI_GCD_MEMORY_SPACE_DESCRIPTOR         GcdDescriptor;\r
  EFI_PHYSICAL_ADDRESS                    BaseAddress;\r
  UINT64                                  Length;\r
  EFI_PHYSICAL_ADDRESS                    VariableStoreBase;\r
  UINT64                                  VariableStoreLength;\r
  UINTN                                   FtwMaxBlockSize;\r
\r
  //\r
  // Ensure FTW protocol is installed.\r
  //\r
  Status = GetFtwProtocol ((VOID**) &FtwProtocol);\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
\r
  Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
  if (!EFI_ERROR (Status)) {\r
    ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
  }\r
\r
  NvStorageVariableBase = NV_STORAGE_VARIABLE_BASE;\r
  VariableStoreBase = NvStorageVariableBase + mNvFvHeaderCache->HeaderLength;\r
\r
  //\r
  // Let NonVolatileVariableBase point to flash variable store base directly after FTW ready.\r
  //\r
  mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase = VariableStoreBase;\r
\r
  //\r
  // Find the proper FVB protocol for variable.\r
  //\r
  Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
  mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
\r
  //\r
  // Mark the variable storage region of the FLASH as RUNTIME.\r
  //\r
  VariableStoreLength = mNvVariableCache->Size;\r
  BaseAddress = VariableStoreBase & (~EFI_PAGE_MASK);\r
  Length      = VariableStoreLength + (VariableStoreBase - BaseAddress);\r
  Length      = (Length + EFI_PAGE_SIZE - 1) & (~EFI_PAGE_MASK);\r
\r
  Status      = gDS->GetMemorySpaceDescriptor (BaseAddress, &GcdDescriptor);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_WARN, "Variable driver failed to get flash memory attribute.\n"));\r
  } else {\r
    if ((GcdDescriptor.Attributes & EFI_MEMORY_RUNTIME) == 0) {\r
      Status = gDS->SetMemorySpaceAttributes (\r
                      BaseAddress,\r
                      Length,\r
                      GcdDescriptor.Attributes | EFI_MEMORY_RUNTIME\r
                      );\r
      if (EFI_ERROR (Status)) {\r
        DEBUG ((DEBUG_WARN, "Variable driver failed to add EFI_MEMORY_RUNTIME attribute to Flash.\n"));\r
      }\r
    }\r
  }\r
\r
  //\r
  // Initializes variable write service after FTW was ready.\r
  //\r
  VariableWriteServiceInitializeDxe ();\r
\r
  //\r
  // Close the notify event to avoid install gEfiVariableWriteArchProtocolGuid again.\r
  //\r
  gBS->CloseEvent (Event);\r
\r
}\r
\r
\r
/**\r
  This API function returns whether or not the policy engine is\r
  currently being enforced.\r
\r
  @param[out]   State       Pointer to a return value for whether the policy enforcement\r
                            is currently enabled.\r
\r
  @retval     EFI_SUCCESS\r
  @retval     Others        An error has prevented this command from completing.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
ProtocolIsVariablePolicyEnabled (\r
  OUT BOOLEAN *State\r
  )\r
{\r
  *State = IsVariablePolicyEnabled ();\r
  return EFI_SUCCESS;\r
}\r
\r
\r
/**\r
  Variable Driver main entry point. The Variable driver places the 4 EFI\r
  runtime services in the EFI System Table and installs arch protocols\r
  for variable read and write services being available. It also registers\r
  a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
\r
  @param[in] ImageHandle    The firmware allocated handle for the EFI image.\r
  @param[in] SystemTable    A pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS       Variable service successfully initialized.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
VariableServiceInitialize (\r
  IN EFI_HANDLE                         ImageHandle,\r
  IN EFI_SYSTEM_TABLE                   *SystemTable\r
  )\r
{\r
  EFI_STATUS                            Status;\r
  EFI_EVENT                             ReadyToBootEvent;\r
  EFI_EVENT                             EndOfDxeEvent;\r
\r
  Status = VariableCommonInitialize ();\r
  ASSERT_EFI_ERROR (Status);\r
\r
  Status = gBS->InstallMultipleProtocolInterfaces (\r
                  &mHandle,\r
                  &gEdkiiVariableLockProtocolGuid,\r
                  &mVariableLock,\r
                  NULL\r
                  );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  Status = gBS->InstallMultipleProtocolInterfaces (\r
                  &mHandle,\r
                  &gEdkiiVarCheckProtocolGuid,\r
                  &mVarCheck,\r
                  NULL\r
                  );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  SystemTable->RuntimeServices->GetVariable         = VariableServiceGetVariable;\r
  SystemTable->RuntimeServices->GetNextVariableName = VariableServiceGetNextVariableName;\r
  SystemTable->RuntimeServices->SetVariable         = VariableServiceSetVariable;\r
  SystemTable->RuntimeServices->QueryVariableInfo   = VariableServiceQueryVariableInfo;\r
\r
  //\r
  // Now install the Variable Runtime Architectural protocol on a new handle.\r
  //\r
  Status = gBS->InstallProtocolInterface (\r
                  &mHandle,\r
                  &gEfiVariableArchProtocolGuid,\r
                  EFI_NATIVE_INTERFACE,\r
                  NULL\r
                  );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  if (!PcdGetBool (PcdEmuVariableNvModeEnable)) {\r
    //\r
    // Register FtwNotificationEvent () notify function.\r
    //\r
    EfiCreateProtocolNotifyEvent (\r
      &gEfiFaultTolerantWriteProtocolGuid,\r
      TPL_CALLBACK,\r
      FtwNotificationEvent,\r
      (VOID *)SystemTable,\r
      &mFtwRegistration\r
      );\r
  } else {\r
    //\r
    // Emulated non-volatile variable mode does not depend on FVB and FTW.\r
    //\r
    VariableWriteServiceInitializeDxe ();\r
  }\r
\r
  Status = gBS->CreateEventEx (\r
                  EVT_NOTIFY_SIGNAL,\r
                  TPL_NOTIFY,\r
                  VariableClassAddressChangeEvent,\r
                  NULL,\r
                  &gEfiEventVirtualAddressChangeGuid,\r
                  &mVirtualAddressChangeEvent\r
                  );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  //\r
  // Register the event handling function to reclaim variable for OS usage.\r
  //\r
  Status = EfiCreateEventReadyToBootEx (\r
             TPL_NOTIFY,\r
             OnReadyToBoot,\r
             NULL,\r
             &ReadyToBootEvent\r
             );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  //\r
  // Register the event handling function to set the End Of DXE flag.\r
  //\r
  Status = gBS->CreateEventEx (\r
                  EVT_NOTIFY_SIGNAL,\r
                  TPL_CALLBACK,\r
                  OnEndOfDxe,\r
                  NULL,\r
                  &gEfiEndOfDxeEventGroupGuid,\r
                  &EndOfDxeEvent\r
                  );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  // Register and initialize the VariablePolicy engine.\r
  Status = InitVariablePolicyLib (VariableServiceGetVariable);\r
  ASSERT_EFI_ERROR (Status);\r
  Status = VarCheckRegisterSetVariableCheckHandler (ValidateSetVariable);\r
  ASSERT_EFI_ERROR (Status);\r
  Status = gBS->InstallMultipleProtocolInterfaces (\r
                    &mHandle,\r
                    &gEdkiiVariablePolicyProtocolGuid,\r
                    &mVariablePolicyProtocol,\r
                    NULL\r
                    );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
Commit	Line	Data
e4b7e2c9	1	/** @file\r
e4b7e2c9 RN	2	Implement all four UEFI Runtime Variable services for the nonvolatile\r
e4b7e2c9 RN	3	and volatile storage space and install variable architecture protocol.\r
fa0737a8	4	\r
328e5d8c	5	Copyright (C) 2013, Red Hat, Inc.\r
874c8434	6	Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
9b18845a	7	(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
b6490426	8	Copyright (c) Microsoft Corporation.\r
9d510e61	9	SPDX-License-Identifier: BSD-2-Clause-Patent\r
e4b7e2c9 RN	10	\r
	11	**/\r
	12	\r
	13	#include "Variable.h"\r
	14	\r
b6490426 BB	15	#include <Protocol/VariablePolicy.h>\r
	16	#include <Library/VariablePolicyLib.h>\r
	17	\r
	18	EFI_STATUS\r
	19	EFIAPI\r
	20	ProtocolIsVariablePolicyEnabled (\r
	21	OUT BOOLEAN *State\r
	22	);\r
	23	\r
9b18845a DL	24	EFI_HANDLE mHandle = NULL;\r
9b18845a DL	25	EFI_EVENT mVirtualAddressChangeEvent = NULL;\r
10eec5aa	26	VOID *mFtwRegistration = NULL;\r
9b18845a DL	27	VOID ***mVarCheckAddressPointer = NULL;\r
	28	UINTN mVarCheckAddressPointerCount = 0;\r
	29	EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };\r
b6490426 BB	30	EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol = { EDKII_VARIABLE_POLICY_PROTOCOL_REVISION,\r
	31	DisableVariablePolicy,\r
	32	ProtocolIsVariablePolicyEnabled,\r
	33	RegisterVariablePolicy,\r
	34	DumpVariablePolicy,\r
	35	LockVariablePolicy };\r
9b18845a DL	36	EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,\r
	37	VarCheckVariablePropertySet,\r
	38	VarCheckVariablePropertyGet };\r
e4b7e2c9	39	\r
dc9bd6ed ZC	40	/**\r
	41	Some Secure Boot Policy Variable may update following other variable changes(SecureBoot follows PK change, etc).\r
	42	Record their initial State when variable write service is ready.\r
	43	\r
	44	**/\r
	45	VOID\r
	46	EFIAPI\r
	47	RecordSecureBootPolicyVarData(\r
	48	VOID\r
	49	);\r
	50	\r
e4b7e2c9 RN	51	/**\r
e4b7e2c9 RN	52	Return TRUE if ExitBootServices () has been called.\r
fa0737a8	53	\r
e4b7e2c9 RN	54	@retval TRUE If ExitBootServices () has been called.\r
	55	**/\r
	56	BOOLEAN\r
	57	AtRuntime (\r
	58	VOID\r
	59	)\r
	60	{\r
	61	return EfiAtRuntime ();\r
	62	}\r
	63	\r
	64	\r
	65	/**\r
	66	Initializes a basic mutual exclusion lock.\r
	67	\r
fa0737a8 SZ	68	This function initializes a basic mutual exclusion lock to the released state\r
fa0737a8 SZ	69	and returns the lock. Each lock provides mutual exclusion access at its task\r
e4b7e2c9 RN	70	priority level. Since there is no preemption or multiprocessor support in EFI,\r
	71	acquiring the lock only consists of raising to the locks TPL.\r
	72	If Lock is NULL, then ASSERT().\r
	73	If Priority is not a valid TPL value, then ASSERT().\r
	74	\r
	75	@param Lock A pointer to the lock data structure to initialize.\r
	76	@param Priority EFI TPL is associated with the lock.\r
	77	\r
	78	@return The lock.\r
	79	\r
	80	**/\r
	81	EFI_LOCK *\r
	82	InitializeLock (\r
	83	IN OUT EFI_LOCK *Lock,\r
	84	IN EFI_TPL Priority\r
	85	)\r
	86	{\r
	87	return EfiInitializeLock (Lock, Priority);\r
	88	}\r
	89	\r
	90	\r
	91	/**\r
	92	Acquires lock only at boot time. Simply returns at runtime.\r
	93	\r
	94	This is a temperary function that will be removed when\r
	95	EfiAcquireLock() in UefiLib can handle the call in UEFI\r
	96	Runtimer driver in RT phase.\r
	97	It calls EfiAcquireLock() at boot time, and simply returns\r
	98	at runtime.\r
	99	\r
	100	@param Lock A pointer to the lock to acquire.\r
	101	\r
	102	**/\r
	103	VOID\r
	104	AcquireLockOnlyAtBootTime (\r
	105	IN EFI_LOCK *Lock\r
	106	)\r
	107	{\r
	108	if (!AtRuntime ()) {\r
	109	EfiAcquireLock (Lock);\r
	110	}\r
	111	}\r
	112	\r
	113	\r
	114	/**\r
	115	Releases lock only at boot time. Simply returns at runtime.\r
	116	\r
	117	This is a temperary function which will be removed when\r
	118	EfiReleaseLock() in UefiLib can handle the call in UEFI\r
	119	Runtimer driver in RT phase.\r
	120	It calls EfiReleaseLock() at boot time and simply returns\r
	121	at runtime.\r
	122	\r
	123	@param Lock A pointer to the lock to release.\r
	124	\r
	125	**/\r
	126	VOID\r
	127	ReleaseLockOnlyAtBootTime (\r
	128	IN EFI_LOCK *Lock\r
	129	)\r
	130	{\r
	131	if (!AtRuntime ()) {\r
	132	EfiReleaseLock (Lock);\r
	133	}\r
134	}\r
135	\r
136	/**\r
0a18956d	137	Retrieve the Fault Tolerent Write protocol interface.\r
e4b7e2c9 RN	138	\r
	139	@param[out] FtwProtocol The interface of Ftw protocol\r
	140	\r
	141	@retval EFI_SUCCESS The FTW protocol instance was found and returned in FtwProtocol.\r
	142	@retval EFI_NOT_FOUND The FTW protocol instance was not found.\r
	143	@retval EFI_INVALID_PARAMETER SarProtocol is NULL.\r
	144	\r
	145	**/\r
	146	EFI_STATUS\r
	147	GetFtwProtocol (\r
	148	OUT VOID **FtwProtocol\r
	149	)\r
	150	{\r
	151	EFI_STATUS Status;\r
	152	\r
	153	//\r
	154	// Locate Fault Tolerent Write protocol\r
	155	//\r
	156	Status = gBS->LocateProtocol (\r
	157	&gEfiFaultTolerantWriteProtocolGuid,\r
	158	NULL,\r
	159	FtwProtocol\r
fa0737a8	160	);\r
e4b7e2c9 RN	161	return Status;\r
	162	}\r
	163	\r
	164	/**\r
0a18956d	165	Retrieve the FVB protocol interface by HANDLE.\r
e4b7e2c9 RN	166	\r
	167	@param[in] FvBlockHandle The handle of FVB protocol that provides services for\r
	168	reading, writing, and erasing the target block.\r
	169	@param[out] FvBlock The interface of FVB protocol\r
	170	\r
	171	@retval EFI_SUCCESS The interface information for the specified protocol was returned.\r
	172	@retval EFI_UNSUPPORTED The device does not support the FVB protocol.\r
	173	@retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.\r
fa0737a8	174	\r
e4b7e2c9 RN	175	**/\r
	176	EFI_STATUS\r
	177	GetFvbByHandle (\r
	178	IN EFI_HANDLE FvBlockHandle,\r
	179	OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock\r
	180	)\r
	181	{\r
	182	//\r
	183	// To get the FVB protocol interface on the handle\r
	184	//\r
	185	return gBS->HandleProtocol (\r
	186	FvBlockHandle,\r
	187	&gEfiFirmwareVolumeBlockProtocolGuid,\r
	188	(VOID **) FvBlock\r
	189	);\r
	190	}\r
	191	\r
	192	\r
	193	/**\r
	194	Function returns an array of handles that support the FVB protocol\r
fa0737a8	195	in a buffer allocated from pool.\r
e4b7e2c9 RN	196	\r
	197	@param[out] NumberHandles The number of handles returned in Buffer.\r
	198	@param[out] Buffer A pointer to the buffer to return the requested\r
	199	array of handles that support FVB protocol.\r
	200	\r
	201	@retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of\r
	202	handles in Buffer was returned in NumberHandles.\r
	203	@retval EFI_NOT_FOUND No FVB handle was found.\r
	204	@retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.\r
	205	@retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.\r
fa0737a8	206	\r
e4b7e2c9 RN	207	**/\r
	208	EFI_STATUS\r
	209	GetFvbCountAndBuffer (\r
	210	OUT UINTN *NumberHandles,\r
	211	OUT EFI_HANDLE **Buffer\r
	212	)\r
	213	{\r
	214	EFI_STATUS Status;\r
	215	\r
	216	//\r
	217	// Locate all handles of Fvb protocol\r
	218	//\r
	219	Status = gBS->LocateHandleBuffer (\r
	220	ByProtocol,\r
	221	&gEfiFirmwareVolumeBlockProtocolGuid,\r
	222	NULL,\r
	223	NumberHandles,\r
	224	Buffer\r
	225	);\r
	226	return Status;\r
	227	}\r
	228	\r
	229	\r
	230	/**\r
	231	Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.\r
	232	\r
	233	This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
	234	It convers pointer to new virtual address.\r
	235	\r
	236	@param Event Event whose notification function is being invoked.\r
	237	@param Context Pointer to the notification function's context.\r
	238	\r
	239	**/\r
	240	VOID\r
	241	EFIAPI\r
	242	VariableClassAddressChangeEvent (\r
	243	IN EFI_EVENT Event,\r
	244	IN VOID *Context\r
	245	)\r
	246	{\r
efb01a10	247	UINTN Index;\r
328e5d8c	248	\r
7cd69959 SZ	249	if (mVariableModuleGlobal->FvbInstance != NULL) {\r
	250	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetBlockSize);\r
	251	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetPhysicalAddress);\r
	252	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetAttributes);\r
	253	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->SetAttributes);\r
	254	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->Read);\r
	255	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->Write);\r
	256	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->EraseBlocks);\r
	257	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance);\r
	258	}\r
e4b7e2c9 RN	259	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLangCodes);\r
	260	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->LangCodes);\r
	261	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLang);\r
	262	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);\r
	263	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.VolatileVariableBase);\r
	264	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);\r
	265	EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);\r
fa0737a8	266	EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);\r
9b18845a	267	EfiConvertPointer (0x0, (VOID **) &mNvFvHeaderCache);\r
efb01a10	268	\r
8021f4c7 SZ	269	if (mAuthContextOut.AddressPointer != NULL) {\r
	270	for (Index = 0; Index < mAuthContextOut.AddressPointerCount; Index++) {\r
	271	EfiConvertPointer (0x0, (VOID **) mAuthContextOut.AddressPointer[Index]);\r
	272	}\r
	273	}\r
fa0737a8	274	\r
8021f4c7 SZ	275	if (mVarCheckAddressPointer != NULL) {\r
	276	for (Index = 0; Index < mVarCheckAddressPointerCount; Index++) {\r
	277	EfiConvertPointer (0x0, (VOID **) mVarCheckAddressPointer[Index]);\r
fa0737a8 SZ	278	}\r
fa0737a8 SZ	279	}\r
e4b7e2c9 RN	280	}\r
	281	\r
	282	\r
	283	/**\r
	284	Notification function of EVT_GROUP_READY_TO_BOOT event group.\r
	285	\r
	286	This is a notification function registered on EVT_GROUP_READY_TO_BOOT event group.\r
	287	When the Boot Manager is about to load and execute a boot option, it reclaims variable\r
	288	storage if free size is below the threshold.\r
	289	\r
	290	@param Event Event whose notification function is being invoked.\r
	291	@param Context Pointer to the notification function's context.\r
	292	\r
	293	**/\r
	294	VOID\r
	295	EFIAPI\r
	296	OnReadyToBoot (\r
	297	EFI_EVENT Event,\r
	298	VOID *Context\r
	299	)\r
	300	{\r
b6490426 BB	301	EFI_STATUS Status;\r
b6490426 BB	302	\r
8021f4c7	303	if (!mEndOfDxe) {\r
f1304280	304	MorLockInitAtEndOfDxe ();\r
b6490426 BB	305	\r
	306	Status = LockVariablePolicy ();\r
	307	ASSERT_EFI_ERROR (Status);\r
8021f4c7 SZ	308	//\r
	309	// Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.\r
	310	//\r
	311	mEndOfDxe = TRUE;\r
	312	mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);\r
	313	//\r
	314	// The initialization for variable quota.\r
	315	//\r
	316	InitializeVariableQuota ();\r
	317	}\r
e4b7e2c9 RN	318	ReclaimForOS ();\r
e4b7e2c9 RN	319	if (FeaturePcdGet (PcdVariableCollectStatistics)) {\r
fa0737a8 SZ	320	if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {\r
	321	gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, gVariableInfo);\r
	322	} else {\r
	323	gBS->InstallConfigurationTable (&gEfiVariableGuid, gVariableInfo);\r
	324	}\r
e4b7e2c9	325	}\r
fa0737a8 SZ	326	\r
fa0737a8 SZ	327	gBS->CloseEvent (Event);\r
e4b7e2c9 RN	328	}\r
	329	\r
	330	/**\r
	331	Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group.\r
	332	\r
	333	This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP_GUID event group.\r
	334	\r
	335	@param Event Event whose notification function is being invoked.\r
	336	@param Context Pointer to the notification function's context.\r
	337	\r
	338	**/\r
	339	VOID\r
	340	EFIAPI\r
	341	OnEndOfDxe (\r
	342	EFI_EVENT Event,\r
	343	VOID *Context\r
	344	)\r
	345	{\r
b6490426 BB	346	EFI_STATUS Status;\r
b6490426 BB	347	\r
8021f4c7	348	DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));\r
f1304280	349	MorLockInitAtEndOfDxe ();\r
b6490426 BB	350	Status = LockVariablePolicy ();\r
b6490426 BB	351	ASSERT_EFI_ERROR (Status);\r
e4b7e2c9	352	mEndOfDxe = TRUE;\r
8021f4c7	353	mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);\r
4edb1866 SZ	354	//\r
	355	// The initialization for variable quota.\r
	356	//\r
	357	InitializeVariableQuota ();\r
0fb5e515 SZ	358	if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {\r
	359	ReclaimForOS ();\r
	360	}\r
fa0737a8 SZ	361	\r
fa0737a8 SZ	362	gBS->CloseEvent (Event);\r
e4b7e2c9 RN	363	}\r
e4b7e2c9 RN	364	\r
b59fd889 SZ	365	/**\r
	366	Initializes variable write service for DXE.\r
	367	\r
	368	**/\r
	369	VOID\r
	370	VariableWriteServiceInitializeDxe (\r
	371	VOID\r
	372	)\r
	373	{\r
	374	EFI_STATUS Status;\r
	375	\r
	376	Status = VariableWriteServiceInitialize ();\r
	377	if (EFI_ERROR (Status)) {\r
	378	DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));\r
	379	}\r
	380	\r
	381	//\r
	382	// Some Secure Boot Policy Var (SecureBoot, etc) updates following other\r
	383	// Secure Boot Policy Variable change. Record their initial value.\r
	384	//\r
	385	RecordSecureBootPolicyVarData();\r
	386	\r
	387	//\r
	388	// Install the Variable Write Architectural protocol.\r
	389	//\r
	390	Status = gBS->InstallProtocolInterface (\r
	391	&mHandle,\r
	392	&gEfiVariableWriteArchProtocolGuid,\r
	393	EFI_NATIVE_INTERFACE,\r
	394	NULL\r
	395	);\r
	396	ASSERT_EFI_ERROR (Status);\r
	397	}\r
	398	\r
e4b7e2c9 RN	399	/**\r
	400	Fault Tolerant Write protocol notification event handler.\r
	401	\r
fa0737a8	402	Non-Volatile variable write may needs FTW protocol to reclaim when\r
e4b7e2c9 RN	403	writting variable.\r
	404	\r
	405	@param[in] Event Event whose notification function is being invoked.\r
	406	@param[in] Context Pointer to the notification function's context.\r
fa0737a8	407	\r
e4b7e2c9 RN	408	**/\r
	409	VOID\r
	410	EFIAPI\r
	411	FtwNotificationEvent (\r
	412	IN EFI_EVENT Event,\r
	413	IN VOID *Context\r
	414	)\r
	415	{\r
	416	EFI_STATUS Status;\r
	417	EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
	418	EFI_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
	419	EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
	420	EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor;\r
	421	EFI_PHYSICAL_ADDRESS BaseAddress;\r
	422	UINT64 Length;\r
	423	EFI_PHYSICAL_ADDRESS VariableStoreBase;\r
	424	UINT64 VariableStoreLength;\r
2c4b18e0	425	UINTN FtwMaxBlockSize;\r
e4b7e2c9 RN	426	\r
	427	//\r
	428	// Ensure FTW protocol is installed.\r
	429	//\r
	430	Status = GetFtwProtocol ((VOID**) &FtwProtocol);\r
	431	if (EFI_ERROR (Status)) {\r
	432	return ;\r
	433	}\r
2c4b18e0 SZ	434	\r
	435	Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
	436	if (!EFI_ERROR (Status)) {\r
	437	ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
	438	}\r
	439	\r
904e0ca9 SZ	440	NvStorageVariableBase = NV_STORAGE_VARIABLE_BASE;\r
	441	VariableStoreBase = NvStorageVariableBase + mNvFvHeaderCache->HeaderLength;\r
	442	\r
	443	//\r
	444	// Let NonVolatileVariableBase point to flash variable store base directly after FTW ready.\r
	445	//\r
	446	mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase = VariableStoreBase;\r
	447	\r
e4b7e2c9 RN	448	//\r
	449	// Find the proper FVB protocol for variable.\r
	450	//\r
e4b7e2c9 RN	451	Status = GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtocol);\r
	452	if (EFI_ERROR (Status)) {\r
	453	return ;\r
	454	}\r
	455	mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
	456	\r
	457	//\r
	458	// Mark the variable storage region of the FLASH as RUNTIME.\r
	459	//\r
874c8434	460	VariableStoreLength = mNvVariableCache->Size;\r
e4b7e2c9 RN	461	BaseAddress = VariableStoreBase & (~EFI_PAGE_MASK);\r
	462	Length = VariableStoreLength + (VariableStoreBase - BaseAddress);\r
	463	Length = (Length + EFI_PAGE_SIZE - 1) & (~EFI_PAGE_MASK);\r
	464	\r
	465	Status = gDS->GetMemorySpaceDescriptor (BaseAddress, &GcdDescriptor);\r
	466	if (EFI_ERROR (Status)) {\r
e7bafeb9	467	DEBUG ((DEBUG_WARN, "Variable driver failed to get flash memory attribute.\n"));\r
e4b7e2c9	468	} else {\r
f8829096 BS	469	if ((GcdDescriptor.Attributes & EFI_MEMORY_RUNTIME) == 0) {\r
	470	Status = gDS->SetMemorySpaceAttributes (\r
	471	BaseAddress,\r
	472	Length,\r
	473	GcdDescriptor.Attributes \| EFI_MEMORY_RUNTIME\r
	474	);\r
	475	if (EFI_ERROR (Status)) {\r
	476	DEBUG ((DEBUG_WARN, "Variable driver failed to add EFI_MEMORY_RUNTIME attribute to Flash.\n"));\r
	477	}\r
e4b7e2c9 RN	478	}\r
e4b7e2c9 RN	479	}\r
fa0737a8	480	\r
dc9bd6ed	481	//\r
b59fd889	482	// Initializes variable write service after FTW was ready.\r
dc9bd6ed	483	//\r
b59fd889	484	VariableWriteServiceInitializeDxe ();\r
fa0737a8	485	\r
e4b7e2c9 RN	486	//\r
	487	// Close the notify event to avoid install gEfiVariableWriteArchProtocolGuid again.\r
	488	//\r
	489	gBS->CloseEvent (Event);\r
	490	\r
	491	}\r
	492	\r
	493	\r
b6490426 BB	494	/**\r
	495	This API function returns whether or not the policy engine is\r
	496	currently being enforced.\r
	497	\r
	498	@param[out] State Pointer to a return value for whether the policy enforcement\r
	499	is currently enabled.\r
	500	\r
	501	@retval EFI_SUCCESS\r
	502	@retval Others An error has prevented this command from completing.\r
	503	\r
	504	**/\r
	505	EFI_STATUS\r
	506	EFIAPI\r
	507	ProtocolIsVariablePolicyEnabled (\r
	508	OUT BOOLEAN *State\r
	509	)\r
	510	{\r
	511	*State = IsVariablePolicyEnabled ();\r
	512	return EFI_SUCCESS;\r
	513	}\r
	514	\r
	515	\r
e4b7e2c9 RN	516	/**\r
e4b7e2c9 RN	517	Variable Driver main entry point. The Variable driver places the 4 EFI\r
fa0737a8 SZ	518	runtime services in the EFI System Table and installs arch protocols\r
fa0737a8 SZ	519	for variable read and write services being available. It also registers\r
e4b7e2c9 RN	520	a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.\r
e4b7e2c9 RN	521	\r
fa0737a8	522	@param[in] ImageHandle The firmware allocated handle for the EFI image.\r
e4b7e2c9	523	@param[in] SystemTable A pointer to the EFI System Table.\r
fa0737a8	524	\r
e4b7e2c9 RN	525	@retval EFI_SUCCESS Variable service successfully initialized.\r
	526	\r
	527	**/\r
	528	EFI_STATUS\r
	529	EFIAPI\r
	530	VariableServiceInitialize (\r
	531	IN EFI_HANDLE ImageHandle,\r
	532	IN EFI_SYSTEM_TABLE *SystemTable\r
	533	)\r
	534	{\r
	535	EFI_STATUS Status;\r
	536	EFI_EVENT ReadyToBootEvent;\r
	537	EFI_EVENT EndOfDxeEvent;\r
	538	\r
	539	Status = VariableCommonInitialize ();\r
	540	ASSERT_EFI_ERROR (Status);\r
	541	\r
	542	Status = gBS->InstallMultipleProtocolInterfaces (\r
	543	&mHandle,\r
	544	&gEdkiiVariableLockProtocolGuid,\r
	545	&mVariableLock,\r
efb01a10 SZ	546	NULL\r
	547	);\r
	548	ASSERT_EFI_ERROR (Status);\r
	549	\r
	550	Status = gBS->InstallMultipleProtocolInterfaces (\r
	551	&mHandle,\r
	552	&gEdkiiVarCheckProtocolGuid,\r
	553	&mVarCheck,\r
e4b7e2c9 RN	554	NULL\r
	555	);\r
	556	ASSERT_EFI_ERROR (Status);\r
	557	\r
	558	SystemTable->RuntimeServices->GetVariable = VariableServiceGetVariable;\r
	559	SystemTable->RuntimeServices->GetNextVariableName = VariableServiceGetNextVariableName;\r
	560	SystemTable->RuntimeServices->SetVariable = VariableServiceSetVariable;\r
	561	SystemTable->RuntimeServices->QueryVariableInfo = VariableServiceQueryVariableInfo;\r
fa0737a8	562	\r
e4b7e2c9 RN	563	//\r
	564	// Now install the Variable Runtime Architectural protocol on a new handle.\r
	565	//\r
	566	Status = gBS->InstallProtocolInterface (\r
	567	&mHandle,\r
fa0737a8	568	&gEfiVariableArchProtocolGuid,\r
e4b7e2c9 RN	569	EFI_NATIVE_INTERFACE,\r
	570	NULL\r
	571	);\r
	572	ASSERT_EFI_ERROR (Status);\r
	573	\r
7cd69959 SZ	574	if (!PcdGetBool (PcdEmuVariableNvModeEnable)) {\r
	575	//\r
	576	// Register FtwNotificationEvent () notify function.\r
	577	//\r
	578	EfiCreateProtocolNotifyEvent (\r
	579	&gEfiFaultTolerantWriteProtocolGuid,\r
	580	TPL_CALLBACK,\r
	581	FtwNotificationEvent,\r
	582	(VOID *)SystemTable,\r
	583	&mFtwRegistration\r
	584	);\r
	585	} else {\r
	586	//\r
	587	// Emulated non-volatile variable mode does not depend on FVB and FTW.\r
	588	//\r
	589	VariableWriteServiceInitializeDxe ();\r
	590	}\r
e4b7e2c9 RN	591	\r
	592	Status = gBS->CreateEventEx (\r
	593	EVT_NOTIFY_SIGNAL,\r
	594	TPL_NOTIFY,\r
	595	VariableClassAddressChangeEvent,\r
	596	NULL,\r
	597	&gEfiEventVirtualAddressChangeGuid,\r
	598	&mVirtualAddressChangeEvent\r
	599	);\r
	600	ASSERT_EFI_ERROR (Status);\r
	601	\r
	602	//\r
	603	// Register the event handling function to reclaim variable for OS usage.\r
	604	//\r
	605	Status = EfiCreateEventReadyToBootEx (\r
fa0737a8 SZ	606	TPL_NOTIFY,\r
	607	OnReadyToBoot,\r
	608	NULL,\r
e4b7e2c9 RN	609	&ReadyToBootEvent\r
	610	);\r
	611	ASSERT_EFI_ERROR (Status);\r
	612	\r
	613	//\r
	614	// Register the event handling function to set the End Of DXE flag.\r
	615	//\r
	616	Status = gBS->CreateEventEx (\r
	617	EVT_NOTIFY_SIGNAL,\r
3d7ebd64	618	TPL_CALLBACK,\r
e4b7e2c9 RN	619	OnEndOfDxe,\r
	620	NULL,\r
	621	&gEfiEndOfDxeEventGroupGuid,\r
	622	&EndOfDxeEvent\r
	623	);\r
	624	ASSERT_EFI_ERROR (Status);\r
	625	\r
b6490426 BB	626	// Register and initialize the VariablePolicy engine.\r
	627	Status = InitVariablePolicyLib (VariableServiceGetVariable);\r
	628	ASSERT_EFI_ERROR (Status);\r
	629	Status = VarCheckRegisterSetVariableCheckHandler (ValidateSetVariable);\r
	630	ASSERT_EFI_ERROR (Status);\r
	631	Status = gBS->InstallMultipleProtocolInterfaces (\r
	632	&mHandle,\r
	633	&gEdkiiVariablePolicyProtocolGuid,\r
	634	&mVariablePolicyProtocol,\r
	635	NULL\r
	636	);\r
	637	ASSERT_EFI_ERROR (Status);\r
	638	\r
e4b7e2c9 RN	639	return EFI_SUCCESS;\r
	640	}\r
	641	\r