-/** @file -- VariableLockRequestToLock.c\r
-Temporary location of the RequestToLock shim code while\r
-projects are moved to VariablePolicy. Should be removed when deprecated.\r
+/** @file\r
+ Temporary location of the RequestToLock shim code while projects\r
+ are moved to VariablePolicy. Should be removed when deprecated.\r
\r
-Copyright (c) Microsoft Corporation.\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
+ Copyright (c) Microsoft Corporation.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Uefi.h>\r
-\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
-\r
-#include <Protocol/VariableLock.h>\r
-\r
-#include <Protocol/VariablePolicy.h>\r
#include <Library/VariablePolicyLib.h>\r
#include <Library/VariablePolicyHelperLib.h>\r
-\r
+#include <Protocol/VariableLock.h>\r
\r
/**\r
DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.\r
- Mark a variable that will become read-only after leaving the DXE phase of execution.\r
- Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.\r
+ Mark a variable that will become read-only after leaving the DXE phase of\r
+ execution. Write request coming from SMM environment through\r
+ EFI_SMM_VARIABLE_PROTOCOL is allowed.\r
\r
@param[in] This The VARIABLE_LOCK_PROTOCOL instance.\r
- @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.\r
- @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.\r
+ @param[in] VariableName A pointer to the variable name that will be made\r
+ read-only subsequently.\r
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made\r
+ read-only subsequently.\r
\r
- @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked\r
- as pending to be read-only.\r
+ @retval EFI_SUCCESS The variable specified by the VariableName and\r
+ the VendorGuid was marked as pending to be\r
+ read-only.\r
@retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.\r
Or VariableName is an empty string.\r
- @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has\r
- already been signaled.\r
- @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.\r
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or\r
+ EFI_EVENT_GROUP_READY_TO_BOOT has already been\r
+ signaled.\r
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock\r
+ request.\r
**/\r
EFI_STATUS\r
EFIAPI\r
VariableLockRequestToLock (\r
- IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
)\r
{\r
- EFI_STATUS Status;\r
- VARIABLE_POLICY_ENTRY *NewPolicy;\r
+ EFI_STATUS Status;\r
+ VARIABLE_POLICY_ENTRY *NewPolicy;\r
+\r
+ DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! %a() will go away soon!\n", __FUNCTION__));\r
+ DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!\n"));\r
+ DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", VendorGuid, VariableName));\r
\r
NewPolicy = NULL;\r
- Status = CreateBasicVariablePolicy( VendorGuid,\r
- VariableName,\r
- VARIABLE_POLICY_NO_MIN_SIZE,\r
- VARIABLE_POLICY_NO_MAX_SIZE,\r
- VARIABLE_POLICY_NO_MUST_ATTR,\r
- VARIABLE_POLICY_NO_CANT_ATTR,\r
- VARIABLE_POLICY_TYPE_LOCK_NOW,\r
- &NewPolicy );\r
+ Status = CreateBasicVariablePolicy(\r
+ VendorGuid,\r
+ VariableName,\r
+ VARIABLE_POLICY_NO_MIN_SIZE,\r
+ VARIABLE_POLICY_NO_MAX_SIZE,\r
+ VARIABLE_POLICY_NO_MUST_ATTR,\r
+ VARIABLE_POLICY_NO_CANT_ATTR,\r
+ VARIABLE_POLICY_TYPE_LOCK_NOW,\r
+ &NewPolicy\r
+ );\r
if (!EFI_ERROR( Status )) {\r
- Status = RegisterVariablePolicy( NewPolicy );\r
+ Status = RegisterVariablePolicy (NewPolicy);\r
+\r
+ //\r
+ // If the error returned is EFI_ALREADY_STARTED, we need to check the\r
+ // current database for the variable and see whether it's locked. If it's\r
+ // locked, we're still fine, but also generate a DEBUG_ERROR message so the\r
+ // duplicate lock can be removed.\r
+ //\r
+ if (Status == EFI_ALREADY_STARTED) {\r
+ Status = ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL);\r
+ if (Status == EFI_WRITE_PROTECTED) {\r
+ DEBUG ((DEBUG_ERROR, " Variable: %g %s is already locked!\n", VendorGuid, VariableName));\r
+ Status = EFI_SUCCESS;\r
+ } else {\r
+ DEBUG ((DEBUG_ERROR, " Variable: %g %s can not be locked!\n", VendorGuid, VariableName));\r
+ Status = EFI_ACCESS_DENIED;\r
+ }\r
+ }\r
}\r
- if (EFI_ERROR( Status )) {\r
+ if (EFI_ERROR (Status)) {\r
DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status ));\r
- ASSERT_EFI_ERROR( Status );\r
}\r
if (NewPolicy != NULL) {\r
FreePool( NewPolicy );\r