From 124b3f9289f11479d9f042ea6e39bea2b1d5cee3 Mon Sep 17 00:00:00 2001 From: Bret Barkelew Date: Mon, 9 Nov 2020 14:45:22 +0800 Subject: [PATCH] MdeModulePkg: Drop VarLock from RuntimeDxe variable driver https://bugzilla.tianocore.org/show_bug.cgi?id=2522 Now that everything should be moved to VariablePolicy, drop support for the deprecated VarLock SMI interface and associated functions from variable RuntimeDxe. Cc: Jian J Wang Cc: Hao A Wu Cc: Liming Gao Cc: Bret Barkelew Signed-off-by: Bret Barkelew Reviewed-by: Dandan Bi Acked-by: Jian J Wang --- .../Universal/Variable/RuntimeDxe/VarCheck.c | 49 +------------ .../RuntimeDxe/VariableLockRequestToLock.c | 71 +++++++++++++++++++ .../RuntimeDxe/VariableRuntimeDxe.inf | 1 + .../Variable/RuntimeDxe/VariableSmm.inf | 1 + .../RuntimeDxe/VariableStandaloneMm.inf | 1 + 5 files changed, 75 insertions(+), 48 deletions(-) create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c index f15219df5e..486d85b022 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c @@ -3,60 +3,13 @@ and variable lock protocol based on VarCheckLib. Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "Variable.h" -/** - Mark a variable that will become read-only after leaving the DXE phase of execution. - Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed. - - @param[in] This The VARIABLE_LOCK_PROTOCOL instance. - @param[in] VariableName A pointer to the variable name that will be made read-only subsequently. - @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently. - - @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked - as pending to be read-only. - @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. - Or VariableName is an empty string. - @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has - already been signaled. - @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request. -**/ -EFI_STATUS -EFIAPI -VariableLockRequestToLock ( - IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - EFI_STATUS Status; - VAR_CHECK_VARIABLE_PROPERTY Property; - - AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property); - if (!EFI_ERROR (Status)) { - Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - } else { - Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION; - Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - Property.Attributes = 0; - Property.MinSize = 1; - Property.MaxSize = MAX_UINTN; - } - Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property); - - DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status)); - - ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - return Status; -} - /** Register SetVariable check handler. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c new file mode 100644 index 0000000000..4aa854aaf2 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c @@ -0,0 +1,71 @@ +/** @file -- VariableLockRequestToLock.c +Temporary location of the RequestToLock shim code while +projects are moved to VariablePolicy. Should be removed when deprecated. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +#include + +#include +#include +#include + + +/** + DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING. + Mark a variable that will become read-only after leaving the DXE phase of execution. + Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed. + + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be made read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently. + + @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked + as pending to be read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request. +**/ +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewPolicy; + + NewPolicy = NULL; + Status = CreateBasicVariablePolicy( VendorGuid, + VariableName, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy ); + if (!EFI_ERROR( Status )) { + Status = RegisterVariablePolicy( NewPolicy ); + } + if (EFI_ERROR( Status )) { + DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status )); + ASSERT_EFI_ERROR( Status ); + } + if (NewPolicy != NULL) { + FreePool( NewPolicy ); + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 8debc560e6..c9434df631 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -49,6 +49,7 @@ VarCheck.c VariableExLib.c SpeculationBarrierDxe.c + VariableLockRequestToLock.c [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index bbc8d20801..eaa97a01c6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -58,6 +58,7 @@ VariableExLib.c TcgMorLockSmm.c SpeculationBarrierSmm.c + VariableLockRequestToLock.c [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 62f2f9252f..fada0bf3c5 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -58,6 +58,7 @@ VariableExLib.c TcgMorLockSmm.c SpeculationBarrierSmm.c + VariableLockRequestToLock.c [Packages] MdePkg/MdePkg.dec -- 2.39.2