[mirror_edk2.git] / SecurityPkg / Library / PlatformPKProtectionLibVarPolicy / PlatformPKProtectionLibVarPolicy.c

/** @file\r
  Provides an abstracted interface for configuring PK related variable protection.\r
\r
  Copyright (c) Microsoft Corporation.\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
#include <Uefi.h>\r
#include <Protocol/VariablePolicy.h>\r
\r
#include <Library/DebugLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
\r
/**\r
  Disable any applicable protection against variable 'PK'. The implementation\r
  of this interface is platform specific, depending on the protection techniques\r
  used per platform.\r
\r
  Note: It is the platform's responsibility to conduct cautious operation after\r
        disabling this protection.\r
\r
  @retval     EFI_SUCCESS             State has been successfully updated.\r
  @retval     Others                  Error returned from implementation specific\r
                                      underying APIs.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
DisablePKProtection (\r
  VOID\r
  )\r
{\r
  EFI_STATUS                      Status;\r
  EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy;\r
\r
  DEBUG ((DEBUG_INFO, "%a() Entry...\n", __FUNCTION__));\r
\r
  // IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled.\r
  //                  The system *MUST* be reset after performing this operation.\r
  Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy);\r
  if (!EFI_ERROR (Status)) {\r
    Status = VariablePolicy->DisableVariablePolicy ();\r
    // EFI_ALREADY_STARTED means that everything is currently disabled.\r
    // This should be considered SUCCESS.\r
    if (Status == EFI_ALREADY_STARTED) {\r
      Status = EFI_SUCCESS;\r
    }\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
d6bee54c KQ	1	/** @file\r
	2	Provides an abstracted interface for configuring PK related variable protection.\r
	3	\r
	4	Copyright (c) Microsoft Corporation.\r
	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	#include <Uefi.h>\r
	9	#include <Protocol/VariablePolicy.h>\r
	10	\r
	11	#include <Library/DebugLib.h>\r
	12	#include <Library/UefiBootServicesTableLib.h>\r
	13	\r
	14	/**\r
	15	Disable any applicable protection against variable 'PK'. The implementation\r
	16	of this interface is platform specific, depending on the protection techniques\r
	17	used per platform.\r
	18	\r
	19	Note: It is the platform's responsibility to conduct cautious operation after\r
	20	disabling this protection.\r
	21	\r
	22	@retval EFI_SUCCESS State has been successfully updated.\r
	23	@retval Others Error returned from implementation specific\r
	24	underying APIs.\r
	25	\r
	26	**/\r
	27	EFI_STATUS\r
	28	EFIAPI\r
	29	DisablePKProtection (\r
	30	VOID\r
	31	)\r
	32	{\r
	33	EFI_STATUS Status;\r
	34	EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;\r
	35	\r
	36	DEBUG ((DEBUG_INFO, "%a() Entry...\n", __FUNCTION__));\r
	37	\r
	38	// IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled.\r
	39	// The system MUST be reset after performing this operation.\r
	40	Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy);\r
	41	if (!EFI_ERROR (Status)) {\r
	42	Status = VariablePolicy->DisableVariablePolicy ();\r
	43	// EFI_ALREADY_STARTED means that everything is currently disabled.\r
	44	// This should be considered SUCCESS.\r
	45	if (Status == EFI_ALREADY_STARTED) {\r
	46	Status = EFI_SUCCESS;\r
	47	}\r
	48	}\r
	49	\r
	50	return Status;\r
	51	}\r