sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg: Connect VariablePolicy business logic to VariableServices

Browse Source 
https://bugzilla.tianocore.org/show_bug.cgi?id=2522

VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.

Add connective code to publish the VariablePolicy protocol
and wire it to either the SMM communication interface
or directly into the VariablePolicyLib business logic.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
This commit is contained in:
Bret Barkelew
2020-11-09 14:45:18 +08:00
committed by mergify[bot]
parent d49fe0ca20
commit b6490426e3
7 changed files with 670 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
View File

@@ -5,18 +5,34 @@
Copyright (C) 2013, Red Hat, Inc.
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "Variable.h"
#include <Protocol/VariablePolicy.h>
#include <Library/VariablePolicyLib.h>
EFI_STATUS
EFIAPI
ProtocolIsVariablePolicyEnabled (
OUT BOOLEAN *State
);
EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
VOID *mFtwRegistration = NULL;
VOID ***mVarCheckAddressPointer = NULL;
UINTN mVarCheckAddressPointerCount = 0;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol = { EDKII_VARIABLE_POLICY_PROTOCOL_REVISION,
DisableVariablePolicy,
ProtocolIsVariablePolicyEnabled,
RegisterVariablePolicy,
DumpVariablePolicy,
LockVariablePolicy };
EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet };
@@ -282,8 +298,13 @@ OnReadyToBoot (
VOID *Context
)
{
EFI_STATUS Status;
if (!mEndOfDxe) {
MorLockInitAtEndOfDxe ();
Status = LockVariablePolicy ();
ASSERT_EFI_ERROR (Status);
//
// Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.
//
@@ -322,8 +343,12 @@ OnEndOfDxe (
VOID *Context
)
{
EFI_STATUS Status;
DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
MorLockInitAtEndOfDxe ();
Status = LockVariablePolicy ();
ASSERT_EFI_ERROR (Status);
mEndOfDxe = TRUE;
mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);
//
@@ -466,6 +491,28 @@ FtwNotificationEvent (
}
/**
This API function returns whether or not the policy engine is
currently being enforced.
@param[out] State Pointer to a return value for whether the policy enforcement
is currently enabled.
@retval EFI_SUCCESS
@retval Others An error has prevented this command from completing.
**/
EFI_STATUS
EFIAPI
ProtocolIsVariablePolicyEnabled (
OUT BOOLEAN *State
)
{
*State = IsVariablePolicyEnabled ();
return EFI_SUCCESS;
}
/**
Variable Driver main entry point. The Variable driver places the 4 EFI
runtime services in the EFI System Table and installs arch protocols
@@ -576,6 +623,19 @@ VariableServiceInitialize (
);
ASSERT_EFI_ERROR (Status);
// Register and initialize the VariablePolicy engine.
Status = InitVariablePolicyLib (VariableServiceGetVariable);
ASSERT_EFI_ERROR (Status);
Status = VarCheckRegisterSetVariableCheckHandler (ValidateSetVariable);
ASSERT_EFI_ERROR (Status);
Status = gBS->InstallMultipleProtocolInterfaces (
&mHandle,
&gEdkiiVariablePolicyProtocolGuid,
&mVariablePolicyProtocol,
NULL
);
ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS;
}