Keyboard Shortcuts
ctrl + shift + ? :
Show all keyboard shortcuts
ctrl + shift + f :
Find
ctrl + g :
Navigate to a group
ctrl + / :
Quick actions
esc to dismiss
Update
The website has been updated. Please click the button to reload the page.
We are pleased to announce several enhancements to the Groups.io web and app experience. Click here for more information.
Likes
Search
[PATCH v5 01/14] MdeModulePkg: Define the VariablePolicy protocol interface
Bret Barkelew
https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522
VariablePolicy is an updated interface to replace VarLock and VarCheckProtocol. Add the VariablePolicy protocol interface header and add to the MdeModulePkg.dec file. Cc: Jian J Wang <jian.j.wang@...> Cc: Hao A Wu <hao.a.wu@...> Cc: Liming Gao <liming.gao@...> Cc: Bret Barkelew <brbarkel@...> Signed-off-by: Bret Barkelew <brbarkel@...> --- MdeModulePkg/Include/Protocol/VariablePolicy.h | 157 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 14 +- MdeModulePkg/MdeModulePkg.uni | 7 + 3 files changed, 177 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Include/Protocol/VariablePolicy.h b/MdeModulePkg/= Include/Protocol/VariablePolicy.h new file mode 100644 index 000000000000..8226c187a77b --- /dev/null +++ b/MdeModulePkg/Include/Protocol/VariablePolicy.h @@ -0,0 +1,157 @@ +/** @file -- VariablePolicy.h=0D +=0D +This protocol allows communication with Variable Policy Engine.=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#ifndef __EDKII_VARIABLE_POLICY_PROTOCOL__=0D +#define __EDKII_VARIABLE_POLICY_PROTOCOL__=0D +=0D +#define EDKII_VARIABLE_POLICY_PROTOCOL_REVISION 0x0000000000010000=0D +=0D +#define EDKII_VARIABLE_POLICY_PROTOCOL_GUID \=0D + { \=0D + 0x81D1675C, 0x86F6, 0x48DF, { 0xBD, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25= , 0xC3 } \=0D + }=0D +=0D +#define VARIABLE_POLICY_ENTRY_REVISION 0x00010000=0D +=0D +#pragma pack(push, 1)=0D +typedef struct {=0D + UINT32 Version;=0D + UINT16 Size;=0D + UINT16 OffsetToName;=0D + EFI_GUID Namespace;=0D + UINT32 MinSize;=0D + UINT32 MaxSize;=0D + UINT32 AttributesMustHave;=0D + UINT32 AttributesCantHave;=0D + UINT8 LockPolicyType;=0D + UINT8 Padding[3];=0D + // UINT8 LockPolicy[]; // Variable Length Field=0D + // CHAR16 Name[] // Variable Length Field=0D +} VARIABLE_POLICY_ENTRY;=0D +=0D +#define VARIABLE_POLICY_NO_MIN_SIZE 0=0D +#define VARIABLE_POLICY_NO_MAX_SIZE MAX_UINT32=0D +#define VARIABLE_POLICY_NO_MUST_ATTR 0=0D +#define VARIABLE_POLICY_NO_CANT_ATTR 0=0D +=0D +#define VARIABLE_POLICY_TYPE_NO_LOCK 0=0D +#define VARIABLE_POLICY_TYPE_LOCK_NOW 1=0D +#define VARIABLE_POLICY_TYPE_LOCK_ON_CREATE 2=0D +#define VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE 3=0D +=0D +typedef struct {=0D + EFI_GUID Namespace;=0D + UINT8 Value;=0D + UINT8 Padding;=0D + // CHAR16 Name[]; // Variable Length Field=0D +} VARIABLE_LOCK_ON_VAR_STATE_POLICY;=0D +#pragma pack(pop)=0D +=0D +/**=0D + This API function disables the variable policy enforcement. If it's=0D + already been called once, will return EFI_ALREADY_STARTED.=0D +=0D + @retval EFI_SUCCESS=0D + @retval EFI_ALREADY_STARTED Has already been called once this boot= .=0D + @retval EFI_WRITE_PROTECTED Interface has been locked until reboot= .=0D + @retval EFI_WRITE_PROTECTED Interface option is disabled by platfo= rm PCD.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *DISABLE_VARIABLE_POLICY)(=0D + VOID=0D + );=0D +=0D +/**=0D + This API function returns whether or not the policy engine is=0D + currently being enforced.=0D +=0D + @param[out] State Pointer to a return value for whether the poli= cy enforcement=0D + is currently enabled.=0D +=0D + @retval EFI_SUCCESS=0D + @retval Others An error has prevented this command from compl= eting.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *IS_VARIABLE_POLICY_ENABLED)(=0D + OUT BOOLEAN *State=0D + );=0D +=0D +/**=0D + This API function validates and registers a new policy with=0D + the policy enforcement engine.=0D +=0D + @param[in] NewPolicy Pointer to the incoming policy structure.=0D +=0D + @retval EFI_SUCCESS=0D + @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally i= nconsistent.=0D + @retval EFI_ALREADY_STARTED An identical matching policy already= exists.=0D + @retval EFI_WRITE_PROTECTED The interface has been locked until = the next reboot.=0D + @retval EFI_ABORTED A calculation error has prevented th= is function from completing.=0D + @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any mo= re policies.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *REGISTER_VARIABLE_POLICY)(=0D + IN CONST VARIABLE_POLICY_ENTRY *PolicyEntry=0D + );=0D +=0D +/**=0D + This API function will dump the entire contents of the variable policy t= able.=0D +=0D + Similar to GetVariable, the first call can be made with a 0 size and it = will return=0D + the size of the buffer required to hold the entire table.=0D +=0D + @param[out] Policy Pointer to the policy buffer. Can be NULL if Siz= e is 0.=0D + @param[in,out] Size On input, the size of the output buffer. On outp= ut, the size=0D + of the data returned.=0D +=0D + @retval EFI_SUCCESS Policy data is in the output buffer = and Size has been updated.=0D + @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero an= d Policy is NULL.=0D + @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy.= Size updated with required size.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *DUMP_VARIABLE_POLICY)(=0D + IN OUT UINT8 *Policy,=0D + IN OUT UINT32 *Size=0D + );=0D +=0D +/**=0D + This API function locks the interface so that no more policy updates=0D + can be performed or changes made to the enforcement until the next boot.= =0D +=0D + @retval EFI_SUCCESS=0D + @retval Others An error has prevented this command from compl= eting.=0D +=0D +**/=0D +typedef=0D +EFI_STATUS=0D +(EFIAPI *LOCK_VARIABLE_POLICY)(=0D + VOID=0D + );=0D +=0D +typedef struct {=0D + UINT64 Revision;=0D + DISABLE_VARIABLE_POLICY DisableVariablePolicy;=0D + IS_VARIABLE_POLICY_ENABLED IsVariablePolicyEnabled;=0D + REGISTER_VARIABLE_POLICY RegisterVariablePolicy;=0D + DUMP_VARIABLE_POLICY DumpVariablePolicy;=0D + LOCK_VARIABLE_POLICY LockVariablePolicy;=0D +} _EDKII_VARIABLE_POLICY_PROTOCOL;=0D +=0D +typedef _EDKII_VARIABLE_POLICY_PROTOCOL EDKII_VARIABLE_POLICY_PROTOCOL;=0D +=0D +extern EFI_GUID gEdkiiVariablePolicyProtocolGuid;=0D +=0D +#endif=0D diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 4f44af694862..2e0461b87c32 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -8,7 +8,7 @@ # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR>=0D # (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP<BR>= =0D # Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>=0D -# Copyright (c) 2016, Microsoft Corporation<BR>=0D +# Copyright (c) Microsoft Corporation.<BR>=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D ##=0D @@ -624,6 +624,9 @@ [Protocols] # 0x80000006 | Incorrect error code provided.=0D #=0D =0D + ## Include/Protocol/VariablePolicy.h=0D + gEdkiiVariablePolicyProtocolGuid =3D { 0x81D1675C, 0x86F6, 0x48DF, { 0xB= D, 0x95, 0x9A, 0x6E, 0x4F, 0x09, 0x25, 0xC3 } }=0D +=0D [PcdsFeatureFlag]=0D ## Indicates if the platform can support update capsule across a system = reset.<BR><BR>=0D # TRUE - Supports update capsule across a system reset.<BR>=0D @@ -1129,6 +1132,15 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @Prompt Variable storage size.=0D gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x10000|UINT32|0x300= 00005=0D =0D + ## Toggle for whether the VariablePolicy engine should allow disabling.= =0D + # The engine is enabled at power-on, but the interface allows the platfo= rm to=0D + # disable enforcement for servicing flexibility. If this PCD is disabled= , it will block the ability to=0D + # disable the enforcement and VariablePolicy enforcement will always be = ON.=0D + # TRUE - VariablePolicy can be disabled by request through the interfa= ce (until interface is locked)=0D + # FALSE - VariablePolicy interface will not accept requests to disable= and is ALWAYS ON=0D + # @Prompt Allow VariablePolicy enforcement to be disabled.=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|= FALSE|BOOLEAN|0x30000020=0D +=0D ## FFS filename to find the ACPI tables.=0D # @Prompt FFS name of ACPI tables storage.=0D gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiTableStorageFile|{ 0x25, 0x4e, 0x3= 7, 0x7e, 0x01, 0x8e, 0xee, 0x4f, 0x87, 0xf2, 0x39, 0xc, 0x23, 0xc6, 0x6, 0x= cd }|VOID*|0x30000016=0D diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index 2007e0596c4f..b64e7f351cda 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -129,6 +129,13 @@ =0D #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdVariableStoreSize_HELP #lan= guage en-US "The size of volatile buffer. This buffer is used to store VOLA= TILE attribute variables."=0D =0D +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAllowVariablePolicyEnforceme= ntDisable_PROMPT #language en-US "Allow VariablePolicy enforcement to be d= isabled."=0D +=0D +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAllowVariablePolicyEnforceme= ntDisable_HELP #language en-US "If this PCD is disabled, it will block the= ability to<BR>\n"=0D + = "disable the enforcement and VariablePolicy= enforcement will always be ON.<BR>\n"=0D + = "TRUE - VariablePolicy can be disabled by r= equest through the interface (until interface is locked)<BR>\n"=0D + = "FALSE - VariablePolicy interface will not = accept requests to disable and is ALWAYS ON<BR>\n"=0D +=0D #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiTableStorageFile_PROMPT = #language en-US "FFS name of ACPI tables storage"=0D =0D #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiTableStorageFile_HELP #= language en-US "FFS filename to find the ACPI tables."=0D --=20 2.26.2.windows.1.8.g01c50adf56.20200515075929 |
to navigate to use esc to dismiss