MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3154

Update VarCheckLibSetVariableCheck() to allow locked variables
to be updated if the RequestSource is VarCheckFromTrusted even
if one or more variable check handlers return EFI_WRITE_PROTECTED.
RequestSource is only set to VarCheckFromTrusted if the request
is through the EFI_SMM_VARAIBLE_PROTOCOL.

Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>

diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
index 470d782444bf067d3cb8c6769be849e5b5260a6e..9596d760e9455c043eb4e1ec9e3fb80d65d5914c 100644 (file)
--- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
+++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
@@ -1,7 +1,7 @@
 /** @file\r
   Implementation functions and structures for var check services.\r
 \r
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck (
                DataSize,\r
                Data\r
                );\r
+    if (Status == EFI_WRITE_PROTECTED && RequestSource == VarCheckFromTrusted) {\r
+      //\r
+      // If RequestSource is trusted, then allow variable to be set even if it\r
+      // is write protected.\r
+      //\r
+      continue;\r
+    }\r
     if (EFI_ERROR (Status)) {\r
       DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));\r
       return Status;\r