MOR lock control unsupported.\r
\r
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) Microsoft Corporation.\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
#include <Library/BaseMemoryLib.h>\r
#include "Variable.h"\r
\r
-extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;\r
+#include <Protocol/VariablePolicy.h>\r
+#include <Library/VariablePolicyHelperLib.h>\r
\r
/**\r
This service is an MOR/MorLock checker handler for the SetVariable().\r
NULL // Data\r
);\r
\r
- //\r
- // Need set this variable to be read-only to prevent other module set it.\r
- //\r
- VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid);\r
-\r
//\r
// The MOR variable can effectively improve platform security only when the\r
// MorLock variable protects the MOR variable. In turn MorLock cannot be made\r
0, // DataSize\r
NULL // Data\r
);\r
- VariableLockRequestToLock (\r
- &mVariableLock,\r
- MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,\r
- &gEfiMemoryOverwriteControlDataGuid\r
- );\r
\r
return EFI_SUCCESS;\r
}\r
VOID\r
)\r
{\r
- //\r
- // Do nothing.\r
- //\r
+ EFI_STATUS Status;\r
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;\r
+\r
+ // First, we obviously need to locate the VariablePolicy protocol.\r
+ Status = gBS->LocateProtocol( &gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy );\r
+ if (EFI_ERROR( Status )) {\r
+ DEBUG(( DEBUG_ERROR, "%a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status ));\r
+ return;\r
+ }\r
+\r
+ // If we're successful, go ahead and set the policies to protect the target variables.\r
+ Status = RegisterBasicVariablePolicy( VariablePolicy,\r
+ &gEfiMemoryOverwriteRequestControlLockGuid,\r
+ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r
+ VARIABLE_POLICY_NO_MIN_SIZE,\r
+ VARIABLE_POLICY_NO_MAX_SIZE,\r
+ VARIABLE_POLICY_NO_MUST_ATTR,\r
+ VARIABLE_POLICY_NO_CANT_ATTR,\r
+ VARIABLE_POLICY_TYPE_LOCK_NOW );\r
+ if (EFI_ERROR( Status )) {\r
+ DEBUG(( DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status ));\r
+ }\r
+ Status = RegisterBasicVariablePolicy( VariablePolicy,\r
+ &gEfiMemoryOverwriteControlDataGuid,\r
+ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,\r
+ VARIABLE_POLICY_NO_MIN_SIZE,\r
+ VARIABLE_POLICY_NO_MAX_SIZE,\r
+ VARIABLE_POLICY_NO_MUST_ATTR,\r
+ VARIABLE_POLICY_NO_CANT_ATTR,\r
+ VARIABLE_POLICY_TYPE_LOCK_NOW );\r
+ if (EFI_ERROR( Status )) {\r
+ DEBUG(( DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status ));\r
+ }\r
+\r
+ return;\r
}\r
projects / mirror_edk2.git / blobdiff