Skip to content

Commit

Permalink
MdeModulePkg: Connect VariablePolicy business logic to VariableServices
Browse files Browse the repository at this point in the history 
https://bugzilla.tianocore.org/show_bug.cgi?id=2522

VariablePolicy is an updated interface to
replace VarLock and VarCheckProtocol.

Add connective code to publish the VariablePolicy protocol
and wire it to either the SMM communication interface
or directly into the VariablePolicyLib business logic.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
  • Loading branch information
@mergify
Bret Barkelew authored and mergify[bot] committed Nov 17, 2020
1 parent d49fe0c commit b649042
Show file tree
Hide file tree
Showing 7 changed files with 670 additions and 0 deletions.
60 changes: 60 additions & 0 deletions MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
View file
Expand Up @@ -5,18 +5,34 @@
Copyright (C) 2013, Red Hat, Inc.
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/

#include "Variable.h"

#include <Protocol/VariablePolicy.h>
#include <Library/VariablePolicyLib.h>

EFI_STATUS
EFIAPI
ProtocolIsVariablePolicyEnabled (
OUT BOOLEAN *State
);

EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
VOID *mFtwRegistration = NULL;
VOID ***mVarCheckAddressPointer = NULL;
UINTN mVarCheckAddressPointerCount = 0;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol = { EDKII_VARIABLE_POLICY_PROTOCOL_REVISION,
DisableVariablePolicy,
ProtocolIsVariablePolicyEnabled,
RegisterVariablePolicy,
DumpVariablePolicy,
LockVariablePolicy };
EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet };
Expand Down Expand Up @@ -282,8 +298,13 @@ OnReadyToBoot (
VOID *Context
)
{
EFI_STATUS Status;

if (!mEndOfDxe) {
MorLockInitAtEndOfDxe ();

Status = LockVariablePolicy ();
ASSERT_EFI_ERROR (Status);
//
// Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.
//
Expand Down Expand Up @@ -322,8 +343,12 @@ OnEndOfDxe (
VOID *Context
)
{
EFI_STATUS Status;

DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
MorLockInitAtEndOfDxe ();
Status = LockVariablePolicy ();
ASSERT_EFI_ERROR (Status);
mEndOfDxe = TRUE;
mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);
//
Expand Down Expand Up @@ -466,6 +491,28 @@ FtwNotificationEvent (
}


/**
This API function returns whether or not the policy engine is
currently being enforced.
@param[out] State Pointer to a return value for whether the policy enforcement
is currently enabled.
@retval EFI_SUCCESS
@retval Others An error has prevented this command from completing.
**/
EFI_STATUS
EFIAPI
ProtocolIsVariablePolicyEnabled (
OUT BOOLEAN *State
)
{
*State = IsVariablePolicyEnabled ();
return EFI_SUCCESS;
}


/**
Variable Driver main entry point. The Variable driver places the 4 EFI
runtime services in the EFI System Table and installs arch protocols
Expand Down Expand Up @@ -576,6 +623,19 @@ VariableServiceInitialize (
);
ASSERT_EFI_ERROR (Status);

// Register and initialize the VariablePolicy engine.
Status = InitVariablePolicyLib (VariableServiceGetVariable);
ASSERT_EFI_ERROR (Status);
Status = VarCheckRegisterSetVariableCheckHandler (ValidateSetVariable);
ASSERT_EFI_ERROR (Status);
Status = gBS->InstallMultipleProtocolInterfaces (
&mHandle,
&gEdkiiVariablePolicyProtocolGuid,
&mVariablePolicyProtocol,
NULL
);
ASSERT_EFI_ERROR (Status);

return EFI_SUCCESS;
}

0 comments on commit b649042

Please sign in to comment.