Bump. This specific patch needs Reviews.
- Bret ________________________________ From: [email protected] <[email protected]> on behalf of Bret Barkelew via groups.io <[email protected]> Sent: Tuesday, June 2, 2020 11:58 PM To: [email protected] <[email protected]> Cc: Jian J Wang <[email protected]>; Hao A Wu <[email protected]>; liming.gao <[email protected]> Subject: [EXTERNAL] [edk2-devel] [PATCH v5 10/14] MdeModulePkg: Allow VariablePolicy state to delete protected variables https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cec7ecc21f4ff44dadb1908d807a3e04b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637267747709985448&sdata=DFl0Cmoq4Tos0b%2FSLNZMV8OJ9Bj7Waz5VK%2B9jhVzKUY%3D&reserved=0 TcgMorLockSmm provides special protections for the TCG MOR variables. This will check IsVariablePolicyEnabled() before enforcing them to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jian J Wang <[email protected]> Cc: Hao A Wu <[email protected]> Cc: Liming Gao <[email protected]> Cc: Bret Barkelew <[email protected]> Signed-off-by: Bret Barkelew <[email protected]> --- MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 10 ++++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 2 ++ 2 files changed, 12 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index 6d80eb64341a..085f82035f4b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -5,6 +5,7 @@ This module adds Variable Hook and check MemoryOverwriteRequestControlLock. Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <Library/BaseMemoryLib.h> #include "Variable.h" +#include <Protocol/VariablePolicy.h> + +#include <Library/VariablePolicyLib.h> + typedef struct { CHAR16 *VariableName; EFI_GUID *VendorGuid; @@ -341,6 +346,11 @@ SetVariableCheckHandlerMor ( return EFI_SUCCESS; } + // Permit deletion when policy is disabled. + if (!IsVariablePolicyEnabled() && ((Attributes == 0) || (DataSize == 0))) { + return EFI_SUCCESS; + } + // // MorLock variable // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 6e17f6cdf588..d8f480be27cc 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -20,6 +20,7 @@ # # Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -74,6 +75,7 @@ [LibraryClasses] StandaloneMmDriverEntryPoint SynchronizationLib VarCheckLib + VariablePolicyLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES -- 2.26.2.windows.1.8.g01c50adf56.20200515075929 -=-=-=-=-=-= Groups.io Links: You receive all messages sent to this group. View/Reply Online (#60648): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F60648&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cec7ecc21f4ff44dadb1908d807a3e04b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637267747709985448&sdata=CUaI6lTvlhobvdDoqQgtMcKp5QRggGmaV1S3NEaeOtA%3D&reserved=0 Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F74646437%2F1822150&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cec7ecc21f4ff44dadb1908d807a3e04b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637267747709985448&sdata=YvePvU%2FkWoM30sGZOk4rLOEWJQQJVsQO49%2FlhUtpm2k%3D&reserved=0 Group Owner: [email protected] Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cec7ecc21f4ff44dadb1908d807a3e04b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637267747709995441&sdata=OcjE6Lzcue9eaD05VCLcPVPPBI9zq9P1uY0ZKKG4rfE%3D&reserved=0 [[email protected]] -=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61382): https://edk2.groups.io/g/devel/message/61382 Mute This Topic: https://groups.io/mt/74933169/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
