MdeModulePkg: Change TCG MOR variables to use VariablePolicy
https://bugzilla.tianocore.org/show_bug.cgi?id=2522 These were previously using VarLock, which is being deprecated. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Bret Barkelew <brbarkel@microsoft.com> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com> Acked-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
committed by
mergify[bot]
parent
28f4616fde
commit
98ee0c68a2
@@ -5,6 +5,7 @@
|
||||
MOR lock control unsupported.
|
||||
|
||||
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) Microsoft Corporation.
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -17,7 +18,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include "Variable.h"
|
||||
|
||||
extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
|
||||
#include <Protocol/VariablePolicy.h>
|
||||
#include <Library/VariablePolicyHelperLib.h>
|
||||
|
||||
/**
|
||||
This service is an MOR/MorLock checker handler for the SetVariable().
|
||||
@@ -77,11 +79,6 @@ MorLockInit (
|
||||
NULL // Data
|
||||
);
|
||||
|
||||
//
|
||||
// Need set this variable to be read-only to prevent other module set it.
|
||||
//
|
||||
VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid);
|
||||
|
||||
//
|
||||
// The MOR variable can effectively improve platform security only when the
|
||||
// MorLock variable protects the MOR variable. In turn MorLock cannot be made
|
||||
@@ -99,11 +96,6 @@ MorLockInit (
|
||||
0, // DataSize
|
||||
NULL // Data
|
||||
);
|
||||
VariableLockRequestToLock (
|
||||
&mVariableLock,
|
||||
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
|
||||
&gEfiMemoryOverwriteControlDataGuid
|
||||
);
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
@@ -118,7 +110,39 @@ MorLockInitAtEndOfDxe (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
//
|
||||
// Do nothing.
|
||||
//
|
||||
EFI_STATUS Status;
|
||||
EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
|
||||
|
||||
// First, we obviously need to locate the VariablePolicy protocol.
|
||||
Status = gBS->LocateProtocol( &gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy );
|
||||
if (EFI_ERROR( Status )) {
|
||||
DEBUG(( DEBUG_ERROR, "%a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status ));
|
||||
return;
|
||||
}
|
||||
|
||||
// If we're successful, go ahead and set the policies to protect the target variables.
|
||||
Status = RegisterBasicVariablePolicy( VariablePolicy,
|
||||
&gEfiMemoryOverwriteRequestControlLockGuid,
|
||||
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
|
||||
VARIABLE_POLICY_NO_MIN_SIZE,
|
||||
VARIABLE_POLICY_NO_MAX_SIZE,
|
||||
VARIABLE_POLICY_NO_MUST_ATTR,
|
||||
VARIABLE_POLICY_NO_CANT_ATTR,
|
||||
VARIABLE_POLICY_TYPE_LOCK_NOW );
|
||||
if (EFI_ERROR( Status )) {
|
||||
DEBUG(( DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status ));
|
||||
}
|
||||
Status = RegisterBasicVariablePolicy( VariablePolicy,
|
||||
&gEfiMemoryOverwriteControlDataGuid,
|
||||
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
|
||||
VARIABLE_POLICY_NO_MIN_SIZE,
|
||||
VARIABLE_POLICY_NO_MAX_SIZE,
|
||||
VARIABLE_POLICY_NO_MUST_ATTR,
|
||||
VARIABLE_POLICY_NO_CANT_ATTR,
|
||||
VARIABLE_POLICY_TYPE_LOCK_NOW );
|
||||
if (EFI_ERROR( Status )) {
|
||||
DEBUG(( DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status ));
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
Reference in New Issue
Block a user