Cc: Jaben Carsey <jaben.car...@intel.com>
According to the comment from Jaben Carsey <jaben.car...@intel.com>,
update PACKAGE_GUID and PACKAGE_VERSION in SecurityPkg.dec after the deletion
of authenticated variable definition, VariableInfo, VariablePei and Auth
Variable
driver from SecurityPkg.
For your easy review,
the forked code is at g...@github.com:lzeng14/edk2.git branch
SeparateAuthVariableServiceV4.
What to do:
1. Move TpmMeasurementLib LibraryClass from SecurityPkg to MdeModulePkg.
2. Implement a NULL TpmMeasurementLib library instance in MdeModulePkg.
3. Move authenticated variable definition from AuthenticatedVariableFormat.h to
VariableFormat.h.
4. Merge VariableInfo in SecurityPkg to VariableInfo in MdeModulePkg.
5. Merge from VariablePei in SecurityPkg to VariablePei in MdeModulePkg.
6. Add AuthVariableLib LibraryClass definitions in MdeModulePkg.
7. Implement a NULL AuthVariableLib library instance in MdeModulePkg.
8. Implement AuthVariableLib library instance in SecurityPkg.
9. Merge from Auth Variable driver in SecurityPkg to Variable drive in
MdeModulePkg.
10. Update platform package to use the merged Variable driver.
Why to do:
1. Share code.
We are moving forward to separate auth variable service from Auth Variable
driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
2. Remove code duplication and reduce maintenance effort.
2.1. After auth variable service separated from Auth Variable driver in
SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in
SecurityPkg
will be almost same with Variable driver in MdeModulePkg. We are going to
merge them.
2.2. The functionality of VariableInfo in SecurityPkg has covered VariableInfo
in MdeModulePkg.
2.3. The code logic of VariablePei in SecurityPkg is same with VariablePei
in MdeModulePkg.
3. TpmMeasurementLib is consumed by Auth Variable driver in SecurityPkg now,
as Auth Variable driver in SecurityPkg will be merged to Variable driver in
MdeModulePkg, so the library class also needs to be moved to MdeModulePkg.
4. gEfiAuthenticatedVariableGuid will be used by both merged Variable driver
and AuthVariableLib, AUTHENTICATED_VARIABLE_HEADER will be used by
merged Variable driver.
What test done:
Nt32: Boot with SECURE_BOOT_ENABLE = TRUE or FALSE, enable secure boot with
SECURE_BOOT_ENABLE = TRUE.
OVMF: Boot with SECURE_BOOT_ENABLE = TRUE or FALSE, enable secure boot with
SECURE_BOOT_ENABLE = TRUE.
By Laszlo Ersek <ler...@redhat.com>,
build -a X64 -p OvmfPkg/OvmfPkgX64.dsc -D SECURE_BOOT_ENABLE -t GCC48 -b
DEBUG
It booted all fine and the guest kernel confirmed secure boot was enabled
Vlv2TbltDevice: Boot and enable secure boot with SECURE_BOOT_ENABLE = TRUE.
ArmVirtQumu: Built and run both with SECURE_BOOT_ENABLE = TRUE and
SECURE_BOOT_ENABLE,
and both seem to work fine by Ard Biesheuvel
<ard.biesheu...@linaro.org>.
What is the impact to platform:
1. Only platform dsc and fdf need to be updated except the change in
ArmPlatformPkg.dec and NorFlashAuthenticatedDxe.inf to remove
gVariableAuthenticatedRuntimeDxeFileGuid and use gVariableRuntimeDxeFileGuid.
Star Zeng (21):
MdeModulePkg PlatDriOverrideDxe: Remove unneeded VARIABLE_HEADER
reference
MdeModulePkg: Move TpmMeasurementLib LibraryClass from SecurityPkg
MdeModulePkg: Move authenticated variable definition from SecurityPkg
MdeModulePkg VariableInfo: Merge from VariableInfo in SecurityPkg
MdeModulePkg VariablePei: Merge from VariablePei in SecurityPkg
MdeModulePkg: Add AuthVariableLib LibraryClass
SecurityPkg: Implement AuthVariableLib library instance
Nt32Pkg: Link AuthVariableLib for following merged variable driver
deploy
OvmfPkg: Link AuthVariableLib for following merged variable driver
deploy
EmulatorPkg: Add TpmMeasurementLib and AuthVariableLib library mapping
ArmPlatformPkg: Add TpmMeasurementLib and AuthVariableLib library
mapping
ArmVirtPkg: Link AuthVariableLib for following merged variable driver
deploy
Vlv2TbltDevicePkg: Link AuthVariableLib for following merged variable
driver deploy
MdeModulePkg Variable: Merge from Auth Variable driver in SecurityPkg
Nt32Pkg: Use the merged Variable driver
OvmfPkg: Use the merged Variable driver
ArmPlatformPkg: Use the merged Variable driver
ArmVirtPkg: Cleanup redundant library class resolution of Variable
modules
ArmVirtPkg: Use the merged Variable driver
Vlv2TbltDevicePkg: Use the merged Variable driver
SecurityPkg: Delete Auth Variable driver
ArmPlatformPkg/ArmJunoPkg/ArmJuno.dsc | 7 +-
ArmPlatformPkg/ArmPlatformPkg.dec | 5 +-
.../ArmRealViewEbPkg/ArmRealViewEb-RTSM-A8.dsc | 7 +-
.../ArmRealViewEbPkg/ArmRealViewEb-RTSM-A9x2.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-CTA15-A7.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-CTA9x4.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A15.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A9x4.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.dsc | 7 +-
.../NorFlashDxe/NorFlashAuthenticatedDxe.inf | 5 +-
ArmVirtPkg/ArmVirt.dsc.inc | 5 +
ArmVirtPkg/ArmVirtQemu.dsc | 15 +-
ArmVirtPkg/ArmVirtQemu.fdf | 9 +-
EmulatorPkg/EmulatorPkg.dsc | 4 +-
.../Application/VariableInfo/VariableInfo.c | 209 +-
.../Application/VariableInfo/VariableInfo.inf | 25 +-
.../Application/VariableInfo/VariableInfo.uni | Bin 2430 -> 2904 bytes
MdeModulePkg/Include/Guid/SmmVariableCommon.h | 8 +-
MdeModulePkg/Include/Guid/VariableFormat.h | 68 +-
MdeModulePkg/Include/Library/AuthVariableLib.h | 261 ++
MdeModulePkg/Include/Library/TpmMeasurementLib.h | 44 +
MdeModulePkg/Include/Protocol/VarCheck.h | 6 +
.../AuthVariableLibNull/AuthVariableLibNull.c | 78 +
.../AuthVariableLibNull/AuthVariableLibNull.inf | 40 +
.../AuthVariableLibNull/AuthVariableLibNull.uni | Bin 0 -> 1710 bytes
.../TpmMeasurementLibNull/TpmMeasurementLibNull.c | 45 +
.../TpmMeasurementLibNull.inf | 34 +
.../TpmMeasurementLibNull.uni | Bin 0 -> 1654 bytes
MdeModulePkg/MdeModulePkg.dec | 12 +
MdeModulePkg/MdeModulePkg.dsc | 4 +
.../PlatformDriOverrideDxe/PlatDriOverrideLib.c | 3 +-
.../Universal/Variable/Pei/PeiVariable.uni | Bin 2130 -> 2182 bytes
MdeModulePkg/Universal/Variable/Pei/Variable.c | 194 +-
MdeModulePkg/Universal/Variable/Pei/Variable.h | 4 +-
.../Universal/Variable/Pei/VariablePei.inf | 9 +-
.../Universal/Variable/RuntimeDxe/Measurement.c | 255 ++
.../Universal/Variable/RuntimeDxe/Reclaim.c | 5 +-
.../Universal/Variable/RuntimeDxe/VarCheck.c | 234 +-
.../Universal/Variable/RuntimeDxe/Variable.c | 1156 ++++--
.../Universal/Variable/RuntimeDxe/Variable.h | 455 ++-
.../Universal/Variable/RuntimeDxe/VariableDxe.c | 83 +-
.../Universal/Variable/RuntimeDxe/VariableExLib.c | 256 ++
.../Variable/RuntimeDxe/VariableRuntimeDxe.inf | 48 +-
.../Variable/RuntimeDxe/VariableRuntimeDxe.uni | Bin 2588 -> 3150 bytes
.../Universal/Variable/RuntimeDxe/VariableSmm.c | 77 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.inf | 61 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.uni | Bin 3746 -> 4454 bytes
.../Variable/RuntimeDxe/VariableSmmExtra.uni | Bin 1348 -> 1332 bytes
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 130 +-
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 43 +-
Nt32Pkg/Nt32Pkg.dsc | 12 +-
Nt32Pkg/Nt32Pkg.fdf | 8 +-
OvmfPkg/OvmfPkgIa32.dsc | 9 +-
OvmfPkg/OvmfPkgIa32.fdf | 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 9 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 6 +-
OvmfPkg/OvmfPkgX64.dsc | 9 +-
OvmfPkg/OvmfPkgX64.fdf | 6 +-
.../Application/VariableInfo/VariableInfo.c | 265 --
.../Application/VariableInfo/VariableInfo.inf | 63 -
.../Application/VariableInfo/VariableInfo.uni | Bin 2902 -> 0 bytes
.../Application/VariableInfo/VariableInfoExtra.uni | Bin 1360 -> 0 bytes
.../Include/Guid/AuthenticatedVariableFormat.h | 184 +-
SecurityPkg/Include/Library/TpmMeasurementLib.h | 44 -
SecurityPkg/Library/AuthVariableLib/AuthService.c | 2432 ++++++++++++
.../Library/AuthVariableLib/AuthServiceInternal.h | 411 ++
.../Library/AuthVariableLib/AuthVariableLib.c | 460 +++
.../Library/AuthVariableLib/AuthVariableLib.inf | 86 +
.../Library/AuthVariableLib/AuthVariableLib.uni | Bin 0 -> 1670 bytes
.../DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf | 5 +-
SecurityPkg/SecurityPkg.dec | 12 +-
SecurityPkg/SecurityPkg.dsc | 11 +-
.../EsalVariableDxeSal/AuthService.c | 42 +-
.../EsalVariableDxeSal/Variable.c | 220 +-
.../EsalVariableDxeSal/Variable.h | 18 +-
.../VariableAuthenticated/Pei/PeiVariableAuth.uni | Bin 2170 -> 0 bytes
.../VariableAuthenticated/Pei/PeiVariableExtra.uni | Bin 1348 -> 0 bytes
SecurityPkg/VariableAuthenticated/Pei/Variable.c | 1087 -----
SecurityPkg/VariableAuthenticated/Pei/Variable.h | 148 -
.../VariableAuthenticated/Pei/VariablePei.inf | 73 -
.../VariableAuthenticated/RuntimeDxe/AuthService.c | 2532 ------------
.../VariableAuthenticated/RuntimeDxe/AuthService.h | 360 --
.../VariableAuthenticated/RuntimeDxe/Measurement.c | 255 --
.../VariableAuthenticated/RuntimeDxe/Reclaim.c | 161 -
.../VariableAuthenticated/RuntimeDxe/VarCheck.c | 1264 ------
.../VariableAuthenticated/RuntimeDxe/Variable.c | 4170 --------------------
.../VariableAuthenticated/RuntimeDxe/Variable.h | 842 ----
.../RuntimeDxe/VariableAuthRuntimeDxe.uni | Bin 3204 -> 0 bytes
.../RuntimeDxe/VariableAuthSmm.uni | Bin 4488 -> 0 bytes
.../RuntimeDxe/VariableAuthSmmRuntimeDxe.uni | Bin 3320 -> 0 bytes
.../VariableAuthenticated/RuntimeDxe/VariableDxe.c | 530 ---
.../RuntimeDxe/VariableRuntimeDxe.inf | 158 -
.../RuntimeDxe/VariableRuntimeDxeExtra.uni | Bin 1376 -> 0 bytes
.../VariableAuthenticated/RuntimeDxe/VariableSmm.c | 988 -----
.../RuntimeDxe/VariableSmm.inf | 165 -
.../RuntimeDxe/VariableSmmExtra.uni | Bin 1332 -> 0 bytes
.../RuntimeDxe/VariableSmmRuntimeDxe.c | 1118 ------
.../RuntimeDxe/VariableSmmRuntimeDxe.inf | 102 -
.../RuntimeDxe/VariableSmmRuntimeDxeExtra.uni | Bin 1390 -> 0 bytes
Vlv2TbltDevicePkg/PlatformPkg.fdf | 14 +-
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 14 +-
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 32 +-
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 32 +-
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 32 +-
106 files changed, 6885 insertions(+), 15470 deletions(-)
create mode 100644 MdeModulePkg/Include/Library/AuthVariableLib.h
create mode 100644 MdeModulePkg/Include/Library/TpmMeasurementLib.h
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.uni
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.uni
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.c
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.inf
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.uni
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfoExtra.uni
delete mode 100644 SecurityPkg/Include/Library/TpmMeasurementLib.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthService.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/PeiVariableAuth.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/PeiVariableExtra.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/Variable.c
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/Variable.h
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Measurement.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Reclaim.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthRuntimeDxe.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthSmm.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthSmmRuntimeDxe.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxeExtra.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmExtra.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxeExtra.uni
--
1.9.5.msysgit.0
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
