[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableLockRequestToLock.c

/** @file\r
  Temporary location of the RequestToLock shim code while projects\r
  are moved to VariablePolicy. Should be removed when deprecated.\r
\r
  Copyright (c) Microsoft Corporation.\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Uefi.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/VariablePolicyLib.h>\r
#include <Library/VariablePolicyHelperLib.h>\r
#include <Protocol/VariableLock.h>\r
\r
/**\r
  DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.\r
  Mark a variable that will become read-only after leaving the DXE phase of\r
  execution. Write request coming from SMM environment through\r
  EFI_SMM_VARIABLE_PROTOCOL is allowed.\r
\r
  @param[in] This          The VARIABLE_LOCK_PROTOCOL instance.\r
  @param[in] VariableName  A pointer to the variable name that will be made\r
                           read-only subsequently.\r
  @param[in] VendorGuid    A pointer to the vendor GUID that will be made\r
                           read-only subsequently.\r
\r
  @retval EFI_SUCCESS           The variable specified by the VariableName and\r
                                the VendorGuid was marked as pending to be\r
                                read-only.\r
  @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.\r
                                Or VariableName is an empty string.\r
  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or\r
                                EFI_EVENT_GROUP_READY_TO_BOOT has already been\r
                                signaled.\r
  @retval EFI_OUT_OF_RESOURCES  There is not enough resource to hold the lock\r
                                request.\r
**/\r
EFI_STATUS\r
EFIAPI\r
VariableLockRequestToLock (\r
  IN CONST EDKII_VARIABLE_LOCK_PROTOCOL  *This,\r
  IN CHAR16                              *VariableName,\r
  IN EFI_GUID                            *VendorGuid\r
  )\r
{\r
  EFI_STATUS             Status;\r
  VARIABLE_POLICY_ENTRY  *NewPolicy;\r
\r
  DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! %a() will go away soon!\n", __FUNCTION__));\r
  DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!\n"));\r
  DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", VendorGuid, VariableName));\r
\r
  NewPolicy = NULL;\r
  Status = CreateBasicVariablePolicy(\r
             VendorGuid,\r
             VariableName,\r
             VARIABLE_POLICY_NO_MIN_SIZE,\r
             VARIABLE_POLICY_NO_MAX_SIZE,\r
             VARIABLE_POLICY_NO_MUST_ATTR,\r
             VARIABLE_POLICY_NO_CANT_ATTR,\r
             VARIABLE_POLICY_TYPE_LOCK_NOW,\r
             &NewPolicy\r
             );\r
  if (!EFI_ERROR( Status )) {\r
    Status = RegisterVariablePolicy (NewPolicy);\r
\r
    //\r
    // If the error returned is EFI_ALREADY_STARTED, we need to check the\r
    // current database for the variable and see whether it's locked. If it's\r
    // locked, we're still fine, but also generate a DEBUG_WARN message so the\r
    // duplicate lock can be removed.\r
    //\r
    if (Status == EFI_ALREADY_STARTED) {\r
      Status = ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL);\r
      if (Status == EFI_WRITE_PROTECTED) {\r
        DEBUG ((DEBUG_WARN, "  Variable: %g %s is already locked!\n", VendorGuid, VariableName));\r
        Status = EFI_SUCCESS;\r
      } else {\r
        DEBUG ((DEBUG_ERROR, "  Variable: %g %s can not be locked!\n", VendorGuid, VariableName));\r
        Status = EFI_ACCESS_DENIED;\r
      }\r
    }\r
  }\r
  if (EFI_ERROR (Status)) {\r
    DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status ));\r
  }\r
  if (NewPolicy != NULL) {\r
    FreePool( NewPolicy );\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
a18a9bde BB	1	/** @file\r
	2	Temporary location of the RequestToLock shim code while projects\r
	3	are moved to VariablePolicy. Should be removed when deprecated.\r
124b3f92	4	\r
a18a9bde BB	5	Copyright (c) Microsoft Corporation.\r
a18a9bde BB	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
124b3f92 BB	7	\r
	8	**/\r
	9	\r
	10	#include <Uefi.h>\r
124b3f92 BB	11	#include <Library/DebugLib.h>\r
124b3f92 BB	12	#include <Library/MemoryAllocationLib.h>\r
124b3f92 BB	13	#include <Library/VariablePolicyLib.h>\r
124b3f92 BB	14	#include <Library/VariablePolicyHelperLib.h>\r
a18a9bde	15	#include <Protocol/VariableLock.h>\r
124b3f92 BB	16	\r
	17	/**\r
	18	DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.\r
a18a9bde BB	19	Mark a variable that will become read-only after leaving the DXE phase of\r
	20	execution. Write request coming from SMM environment through\r
	21	EFI_SMM_VARIABLE_PROTOCOL is allowed.\r
124b3f92 BB	22	\r
124b3f92 BB	23	@param[in] This The VARIABLE_LOCK_PROTOCOL instance.\r
a18a9bde BB	24	@param[in] VariableName A pointer to the variable name that will be made\r
	25	read-only subsequently.\r
	26	@param[in] VendorGuid A pointer to the vendor GUID that will be made\r
	27	read-only subsequently.\r
124b3f92	28	\r
a18a9bde BB	29	@retval EFI_SUCCESS The variable specified by the VariableName and\r
	30	the VendorGuid was marked as pending to be\r
	31	read-only.\r
124b3f92 BB	32	@retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.\r
124b3f92 BB	33	Or VariableName is an empty string.\r
a18a9bde BB	34	@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or\r
	35	EFI_EVENT_GROUP_READY_TO_BOOT has already been\r
	36	signaled.\r
	37	@retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock\r
	38	request.\r
124b3f92 BB	39	**/\r
	40	EFI_STATUS\r
	41	EFIAPI\r
	42	VariableLockRequestToLock (\r
a18a9bde BB	43	IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,\r
	44	IN CHAR16 *VariableName,\r
	45	IN EFI_GUID *VendorGuid\r
124b3f92 BB	46	)\r
124b3f92 BB	47	{\r
a18a9bde BB	48	EFI_STATUS Status;\r
	49	VARIABLE_POLICY_ENTRY *NewPolicy;\r
	50	\r
cfa6ffb1 LE	51	DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! %a() will go away soon!\n", __FUNCTION__));\r
	52	DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!\n"));\r
	53	DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", VendorGuid, VariableName));\r
124b3f92 BB	54	\r
124b3f92 BB	55	NewPolicy = NULL;\r
a18a9bde BB	56	Status = CreateBasicVariablePolicy(\r
	57	VendorGuid,\r
	58	VariableName,\r
	59	VARIABLE_POLICY_NO_MIN_SIZE,\r
	60	VARIABLE_POLICY_NO_MAX_SIZE,\r
	61	VARIABLE_POLICY_NO_MUST_ATTR,\r
	62	VARIABLE_POLICY_NO_CANT_ATTR,\r
	63	VARIABLE_POLICY_TYPE_LOCK_NOW,\r
	64	&NewPolicy\r
	65	);\r
124b3f92	66	if (!EFI_ERROR( Status )) {\r
a18a9bde BB	67	Status = RegisterVariablePolicy (NewPolicy);\r
	68	\r
	69	//\r
	70	// If the error returned is EFI_ALREADY_STARTED, we need to check the\r
	71	// current database for the variable and see whether it's locked. If it's\r
cfa6ffb1	72	// locked, we're still fine, but also generate a DEBUG_WARN message so the\r
a18a9bde BB	73	// duplicate lock can be removed.\r
	74	//\r
	75	if (Status == EFI_ALREADY_STARTED) {\r
	76	Status = ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL);\r
	77	if (Status == EFI_WRITE_PROTECTED) {\r
cfa6ffb1	78	DEBUG ((DEBUG_WARN, " Variable: %g %s is already locked!\n", VendorGuid, VariableName));\r
a18a9bde BB	79	Status = EFI_SUCCESS;\r
	80	} else {\r
	81	DEBUG ((DEBUG_ERROR, " Variable: %g %s can not be locked!\n", VendorGuid, VariableName));\r
	82	Status = EFI_ACCESS_DENIED;\r
	83	}\r
	84	}\r
124b3f92	85	}\r
a18a9bde	86	if (EFI_ERROR (Status)) {\r
124b3f92	87	DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status ));\r
124b3f92 BB	88	}\r
	89	if (NewPolicy != NULL) {\r
	90	FreePool( NewPolicy );\r
	91	}\r
	92	\r
	93	return Status;\r
	94	}\r