[PATCH] FmpDevicePkg/FmpDxe: Use new Variable Lock interface


Xu, Wei6
 

From: yangjie <jie.yang@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3655

The code in FmpDevicePkg called the deprecated interface
VariableLockRequestToLock. So I changed the code in
FmpDevicePkg using RegisterBasicVariablePolicy,
instead of the deprecated interface.

Signed-off-by: Yang Jie <jie.yang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
---
FmpDevicePkg/FmpDevicePkg.dsc | 1 +
FmpDevicePkg/FmpDxe/FmpDxe.h | 4 +-
FmpDevicePkg/FmpDxe/FmpDxe.inf | 5 ++-
FmpDevicePkg/FmpDxe/VariableSupport.c | 65 +++++++++++++--------------
4 files changed, 37 insertions(+), 38 deletions(-)

diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index b420f52a08..7b1af285dd 100644
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -53,6 +53,7 @@
DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
!ifdef CONTINUOUS_INTEGRATION
BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
!else
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/FmpDxe.h
index 1177b1828e..4d94a925b6 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.h
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.h
@@ -4,7 +4,7 @@
information provided through PCDs and libraries.

Copyright (c) Microsoft Corporation.<BR>
- Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>

SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -33,11 +33,11 @@
#include <Library/FmpDependencyDeviceLib.h>
#include <Protocol/FirmwareManagement.h>
#include <Protocol/FirmwareManagementProgress.h>
-#include <Protocol/VariableLock.h>
#include <Guid/SystemResourceTable.h>
#include <Guid/EventGroup.h>
#include <LastAttemptStatus.h>
#include <FmpLastAttemptStatus.h>
+#include <Library/VariablePolicyHelperLib.h>

#define VERSION_STRING_NOT_SUPPORTED L"VERSION STRING NOT SUPPORTED"
#define VERSION_STRING_NOT_AVAILABLE L"VERSION STRING NOT AVAILABLE"
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf
index eeb904a091..1c296388b0 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf
@@ -4,7 +4,7 @@
# information provided through PCDs and libraries.
#
# Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
-# Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
@@ -55,14 +55,15 @@
FmpDependencyLib
FmpDependencyCheckLib
FmpDependencyDeviceLib
+ VariablePolicyHelperLib

[Guids]
gEfiEndOfDxeEventGroupGuid

[Protocols]
- gEdkiiVariableLockProtocolGuid ## CONSUMES
gEfiFirmwareManagementProtocolGuid ## PRODUCES
gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES
+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES

[Pcd]
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable ## CONSUMES
diff --git a/FmpDevicePkg/FmpDxe/VariableSupport.c b/FmpDevicePkg/FmpDxe/VariableSupport.c
index 86dd5b203b..a1bd949b09 100644
--- a/FmpDevicePkg/FmpDxe/VariableSupport.c
+++ b/FmpDevicePkg/FmpDxe/VariableSupport.c
@@ -3,7 +3,7 @@
firmware updates.

Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>
- Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>

SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -730,28 +730,29 @@ static
EFI_STATUS
LockFmpVariable (
IN EFI_STATUS PreviousStatus,
- IN EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock,
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,
IN CHAR16 *VariableName
)
{
EFI_STATUS Status;

- Status = VariableLock->RequestToLock (
- VariableLock,
- VariableName,
- &gEfiCallerIdGuid
- );
- if (!EFI_ERROR (Status)) {
- return PreviousStatus;
+ // If success, go ahead and set the policies to protect the target variables.
+ Status = RegisterBasicVariablePolicy (VariablePolicy,
+ &gEfiCallerIdGuid,
+ VariableName,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Status = %r\n",
+ mImageIdName,
+ &gEfiCallerIdGuid,
+ VariableName,
+ Status
+ ));
}
-
- DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Status = %r\n",
- mImageIdName,
- &gEfiCallerIdGuid,
- VariableName,
- Status
- ));
-
if (EFI_ERROR (PreviousStatus)) {
return PreviousStatus;
}
@@ -773,26 +774,22 @@ LockAllFmpVariables (
FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private
)
{
- EFI_STATUS Status;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;
-
- VariableLock = NULL;
- Status = gBS->LocateProtocol (
- &gEdkiiVariableLockProtocolGuid,
- NULL,
- (VOID **)&VariableLock
- );
- if (EFI_ERROR (Status) || VariableLock == NULL) {
- DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to locate Variable Lock Protocol (%r).\n", mImageIdName, Status));
- return EFI_UNSUPPORTED;
+ EFI_STATUS Status;
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
+
+ // Locate the VariablePolicy protocol.
+ Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "FmpDxe %a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status));
+ return Status;
}

Status = EFI_SUCCESS;
- Status = LockFmpVariable (Status, VariableLock, Private->VersionVariableName);
- Status = LockFmpVariable (Status, VariableLock, Private->LsvVariableName);
- Status = LockFmpVariable (Status, VariableLock, Private->LastAttemptStatusVariableName);
- Status = LockFmpVariable (Status, VariableLock, Private->LastAttemptVersionVariableName);
- Status = LockFmpVariable (Status, VariableLock, Private->FmpStateVariableName);
+ Status = LockFmpVariable (Status, VariablePolicy, Private->VersionVariableName);
+ Status = LockFmpVariable (Status, VariablePolicy, Private->LsvVariableName);
+ Status = LockFmpVariable (Status, VariablePolicy, Private->LastAttemptStatusVariableName);
+ Status = LockFmpVariable (Status, VariablePolicy, Private->LastAttemptVersionVariableName);
+ Status = LockFmpVariable (Status, VariablePolicy, Private->FmpStateVariableName);

return Status;
}
--
2.26.2.windows.1


Yang, Jie <jie.yang@...>
 

From: yangjie <jie.yang@...>

 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3655

 

The code in FmpDevicePkg called the deprecated interface VariableLockRequestToLock. So I changed the code in FmpDevicePkg using RegisterBasicVariablePolicy, instead of the deprecated interface.

 

Signed-off-by: Yang Jie <jie.yang@...>

---

FmpDevicePkg/FmpDevicePkg.dsc         |  1 +

FmpDevicePkg/FmpDxe/FmpDxe.h          |  4 +-

FmpDevicePkg/FmpDxe/FmpDxe.inf        |  5 ++-

FmpDevicePkg/FmpDxe/VariableSupport.c | 65 +++++++++++++--------------

4 files changed, 37 insertions(+), 38 deletions(-)

 

diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index b420f52a08..7b1af285dd 100644

--- a/FmpDevicePkg/FmpDevicePkg.dsc

+++ b/FmpDevicePkg/FmpDevicePkg.dsc

@@ -53,6 +53,7 @@

   DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf+  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf !ifdef CONTINUOUS_INTEGRATION   BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf !elsediff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/FmpDxe.h

index 1177b1828e..4d94a925b6 100644

--- a/FmpDevicePkg/FmpDxe/FmpDxe.h

+++ b/FmpDevicePkg/FmpDxe/FmpDxe.h

@@ -4,7 +4,7 @@

   information provided through PCDs and libraries.    Copyright (c) Microsoft Corporation.<BR>-  Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>+  Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>    SPDX-License-Identifier: BSD-2-Clause-Patent @@ -33,11 +33,11 @@

#include <Library/FmpDependencyDeviceLib.h> #include <Protocol/FirmwareManagement.h> #include <Protocol/FirmwareManagementProgress.h>-#include <Protocol/VariableLock.h> #include <Guid/SystemResourceTable.h> #include <Guid/EventGroup.h> #include <LastAttemptStatus.h> #include <FmpLastAttemptStatus.h>+#include <Library/VariablePolicyHelperLib.h>  #define VERSION_STRING_NOT_SUPPORTED  L"VERSION STRING NOT SUPPORTED" #define VERSION_STRING_NOT_AVAILABLE  L"VERSION STRING NOT AVAILABLE"diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf index eeb904a091..1c296388b0 100644

--- a/FmpDevicePkg/FmpDxe/FmpDxe.inf

+++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf

@@ -4,7 +4,7 @@

#  information provided through PCDs and libraries. # #  Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>-#  Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.<BR>+#  Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR> # #  SPDX-License-Identifier: BSD-2-Clause-Patent ##@@ -55,14 +55,15 @@

   FmpDependencyLib   FmpDependencyCheckLib   FmpDependencyDeviceLib+  VariablePolicyHelperLib  [Guids]   gEfiEndOfDxeEventGroupGuid  [Protocols]-  gEdkiiVariableLockProtocolGuid                ## CONSUMES   gEfiFirmwareManagementProtocolGuid            ## PRODUCES   gEdkiiFirmwareManagementProgressProtocolGuid  ## PRODUCES+  gEdkiiVariablePolicyProtocolGuid              ## CONSUMES  [Pcd]   gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable              ## CONSUMESdiff --git a/FmpDevicePkg/FmpDxe/VariableSupport.c b/FmpDevicePkg/FmpDxe/VariableSupport.c

index 86dd5b203b..a1bd949b09 100644

--- a/FmpDevicePkg/FmpDxe/VariableSupport.c

+++ b/FmpDevicePkg/FmpDxe/VariableSupport.c

@@ -3,7 +3,7 @@

   firmware updates.    Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>-  Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>+  Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>    SPDX-License-Identifier: BSD-2-Clause-Patent @@ -730,28 +730,29 @@ static

EFI_STATUS LockFmpVariable (   IN EFI_STATUS                    PreviousStatus,-  IN EDKII_VARIABLE_LOCK_PROTOCOL  *VariableLock,+  EDKII_VARIABLE_POLICY_PROTOCOL   *VariablePolicy,   IN CHAR16                        *VariableName   ) {   EFI_STATUS  Status; -  Status = VariableLock->RequestToLock (-                           VariableLock,-                           VariableName,-                           &gEfiCallerIdGuid-                           );-  if (!EFI_ERROR (Status)) {-    return PreviousStatus;+  // If success, go ahead and set the policies to protect the target variables.+  Status = RegisterBasicVariablePolicy (VariablePolicy,+                                        &gEfiCallerIdGuid,+                                        VariableName,+                                        VARIABLE_POLICY_NO_MIN_SIZE,+                                        VARIABLE_POLICY_NO_MAX_SIZE,+                                        VARIABLE_POLICY_NO_MUST_ATTR,+                                        VARIABLE_POLICY_NO_CANT_ATTR,+                                        VARIABLE_POLICY_TYPE_LOCK_NOW);+  if (EFI_ERROR (Status)) {+    DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s.  Status = %r\n",+            mImageIdName,+            &gEfiCallerIdGuid,+            VariableName,+            Status+           ));   }--  DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s.  Status = %r\n",-    mImageIdName,-    &gEfiCallerIdGuid,-    VariableName,-    Status-    ));-   if (EFI_ERROR (PreviousStatus)) {     return PreviousStatus;   }@@ -773,26 +774,22 @@ LockAllFmpVariables (

   FIRMWARE_MANAGEMENT_PRIVATE_DATA  *Private   ) {-  EFI_STATUS                    Status;-  EDKII_VARIABLE_LOCK_PROTOCOL  *VariableLock;--  VariableLock = NULL;-  Status = gBS->LocateProtocol (-                  &gEdkiiVariableLockProtocolGuid,-                  NULL,-                  (VOID **)&VariableLock-                  );-  if (EFI_ERROR (Status) || VariableLock == NULL) {-    DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to locate Variable Lock Protocol (%r).\n", mImageIdName, Status));-    return EFI_UNSUPPORTED;+  EFI_STATUS                        Status;+  EDKII_VARIABLE_POLICY_PROTOCOL    *VariablePolicy;++  // Locate the VariablePolicy protocol.+  Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID**)&VariablePolicy );+  if (EFI_ERROR (Status)) {+    DEBUG ((DEBUG_ERROR, "FmpDxe %a - Could not locate VariablePolicy protocol! %r\n", __FUNCTION__, Status));+    return Status;   }    Status = EFI_SUCCESS;-  Status = LockFmpVariable (Status, VariableLock, Private->VersionVariableName);-  Status = LockFmpVariable (Status, VariableLock, Private->LsvVariableName);-  Status = LockFmpVariable (Status, VariableLock, Private->LastAttemptStatusVariableName);-  Status = LockFmpVariable (Status, VariableLock, Private->LastAttemptVersionVariableName);-  Status = LockFmpVariable (Status, VariableLock, Private->FmpStateVariableName);+  Status = LockFmpVariable (Status, VariablePolicy, Private->VersionVariableName);+  Status = LockFmpVariable (Status, VariablePolicy, Private->LsvVariableName);+  Status = LockFmpVariable (Status, VariablePolicy, Private->LastAttemptStatusVariableName);+  Status = LockFmpVariable (Status, VariablePolicy, Private->LastAttemptVersionVariableName);+  Status = LockFmpVariable (Status, VariablePolicy, Private->FmpStateVariableName);    return Status; }--

2.26.2.windows.1

 


Yang Jie
 

From: yangjie <jie.yang@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3655

The code in FmpDevicePkg called the deprecated interface =0D
VariableLockRequestToLock. So I changed the code in =0D
FmpDevicePkg using RegisterBasicVariablePolicy, =0D
instead of the deprecated interface.

Signed-off-by: Yang Jie <jie.yang@intel.com>=0D
Cc: Liming Gao <gaoliming@byosoft.com.cn>=0D
Cc: Michael D Kinney <michael.d.kinney@intel.com>=0D
Cc: Guomin Jiang <guomin.jiang@intel.com>=0D
Cc: Wei6 Xu <wei6.xu@intel.com>
---
FmpDevicePkg/FmpDevicePkg.dsc | 1 +
FmpDevicePkg/FmpDxe/FmpDxe.h | 4 +-
FmpDevicePkg/FmpDxe/FmpDxe.inf | 5 ++-
FmpDevicePkg/FmpDxe/VariableSupport.c | 65 +++++++++++++--------------
4 files changed, 37 insertions(+), 38 deletions(-)

diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index b420f52a08..7b1af285dd 100644
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -53,6 +53,7 @@
DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf=0D
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD=
ebugPrintErrorLevelLib.inf=0D
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var=
iablePolicyHelperLib.inf=0D
!ifdef CONTINUOUS_INTEGRATION=0D
BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf=0D
!else=0D
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.h b/FmpDevicePkg/FmpDxe/FmpDxe.h
index 1177b1828e..4d94a925b6 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.h
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.h
@@ -4,7 +4,7 @@
information provided through PCDs and libraries.=0D
=0D
Copyright (c) Microsoft Corporation.<BR>=0D
- Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>=0D
+ Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>=0D
=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
=0D
@@ -33,11 +33,11 @@
#include <Library/FmpDependencyDeviceLib.h>=0D
#include <Protocol/FirmwareManagement.h>=0D
#include <Protocol/FirmwareManagementProgress.h>=0D
-#include <Protocol/VariableLock.h>=0D
#include <Guid/SystemResourceTable.h>=0D
#include <Guid/EventGroup.h>=0D
#include <LastAttemptStatus.h>=0D
#include <FmpLastAttemptStatus.h>=0D
+#include <Library/VariablePolicyHelperLib.h>=0D
=0D
#define VERSION_STRING_NOT_SUPPORTED L"VERSION STRING NOT SUPPORTED"=0D
#define VERSION_STRING_NOT_AVAILABLE L"VERSION STRING NOT AVAILABLE"=0D
diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.inf b/FmpDevicePkg/FmpDxe/FmpDxe.inf
index eeb904a091..1c296388b0 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.inf
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.inf
@@ -4,7 +4,7 @@
# information provided through PCDs and libraries.=0D
#=0D
# Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>=0D
-# Copyright (c) 2018 - 2020, Intel Corporation. All rights reserved.<BR>=
=0D
+# Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>=
=0D
#=0D
# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
##=0D
@@ -55,14 +55,15 @@
FmpDependencyLib=0D
FmpDependencyCheckLib=0D
FmpDependencyDeviceLib=0D
+ VariablePolicyHelperLib=0D
=0D
[Guids]=0D
gEfiEndOfDxeEventGroupGuid=0D
=0D
[Protocols]=0D
- gEdkiiVariableLockProtocolGuid ## CONSUMES=0D
gEfiFirmwareManagementProtocolGuid ## PRODUCES=0D
gEdkiiFirmwareManagementProgressProtocolGuid ## PRODUCES=0D
+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES=0D
=0D
[Pcd]=0D
gFmpDevicePkgTokenSpaceGuid.PcdFmpDeviceStorageAccessEnable =
## CONSUMES=0D
diff --git a/FmpDevicePkg/FmpDxe/VariableSupport.c b/FmpDevicePkg/FmpDxe/Va=
riableSupport.c
index 86dd5b203b..a1bd949b09 100644
--- a/FmpDevicePkg/FmpDxe/VariableSupport.c
+++ b/FmpDevicePkg/FmpDxe/VariableSupport.c
@@ -3,7 +3,7 @@
firmware updates.=0D
=0D
Copyright (c) 2016, Microsoft Corporation. All rights reserved.<BR>=0D
- Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>=0D
+ Copyright (c) 2018 - 2021, Intel Corporation. All rights reserved.<BR>=0D
=0D
SPDX-License-Identifier: BSD-2-Clause-Patent=0D
=0D
@@ -730,28 +730,29 @@ static
EFI_STATUS=0D
LockFmpVariable (=0D
IN EFI_STATUS PreviousStatus,=0D
- IN EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock,=0D
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy,=0D
IN CHAR16 *VariableName=0D
)=0D
{=0D
EFI_STATUS Status;=0D
=0D
- Status =3D VariableLock->RequestToLock (=0D
- VariableLock,=0D
- VariableName,=0D
- &gEfiCallerIdGuid=0D
- );=0D
- if (!EFI_ERROR (Status)) {=0D
- return PreviousStatus;=0D
+ // If success, go ahead and set the policies to protect the target varia=
bles.=0D
+ Status =3D RegisterBasicVariablePolicy (VariablePolicy,=0D
+ &gEfiCallerIdGuid,=0D
+ VariableName,=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_NOW);=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Stat=
us =3D %r\n",=0D
+ mImageIdName,=0D
+ &gEfiCallerIdGuid,=0D
+ VariableName,=0D
+ Status=0D
+ ));=0D
}=0D
-=0D
- DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to lock variable %g %s. Status=
=3D %r\n",=0D
- mImageIdName,=0D
- &gEfiCallerIdGuid,=0D
- VariableName,=0D
- Status=0D
- ));=0D
-=0D
if (EFI_ERROR (PreviousStatus)) {=0D
return PreviousStatus;=0D
}=0D
@@ -773,26 +774,22 @@ LockAllFmpVariables (
FIRMWARE_MANAGEMENT_PRIVATE_DATA *Private=0D
)=0D
{=0D
- EFI_STATUS Status;=0D
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;=0D
-=0D
- VariableLock =3D NULL;=0D
- Status =3D gBS->LocateProtocol (=0D
- &gEdkiiVariableLockProtocolGuid,=0D
- NULL,=0D
- (VOID **)&VariableLock=0D
- );=0D
- if (EFI_ERROR (Status) || VariableLock =3D=3D NULL) {=0D
- DEBUG ((DEBUG_ERROR, "FmpDxe(%s): Failed to locate Variable Lock Proto=
col (%r).\n", mImageIdName, Status));=0D
- return EFI_UNSUPPORTED;=0D
+ EFI_STATUS Status;=0D
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;=0D
+=0D
+ // Locate the VariablePolicy protocol.=0D
+ Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,=
(VOID**)&VariablePolicy );=0D
+ if (EFI_ERROR (Status)) {=0D
+ DEBUG ((DEBUG_ERROR, "FmpDxe %a - Could not locate VariablePolicy prot=
ocol! %r\n", __FUNCTION__, Status));=0D
+ return Status;=0D
}=0D
=0D
Status =3D EFI_SUCCESS;=0D
- Status =3D LockFmpVariable (Status, VariableLock, Private->VersionVariab=
leName);=0D
- Status =3D LockFmpVariable (Status, VariableLock, Private->LsvVariableNa=
me);=0D
- Status =3D LockFmpVariable (Status, VariableLock, Private->LastAttemptSt=
atusVariableName);=0D
- Status =3D LockFmpVariable (Status, VariableLock, Private->LastAttemptVe=
rsionVariableName);=0D
- Status =3D LockFmpVariable (Status, VariableLock, Private->FmpStateVaria=
bleName);=0D
+ Status =3D LockFmpVariable (Status, VariablePolicy, Private->VersionVari=
ableName);=0D
+ Status =3D LockFmpVariable (Status, VariablePolicy, Private->LsvVariable=
Name);=0D
+ Status =3D LockFmpVariable (Status, VariablePolicy, Private->LastAttempt=
StatusVariableName);=0D
+ Status =3D LockFmpVariable (Status, VariablePolicy, Private->LastAttempt=
VersionVariableName);=0D
+ Status =3D LockFmpVariable (Status, VariablePolicy, Private->FmpStateVar=
iableName);=0D
=0D
return Status;=0D
}=0D
--=20
2.26.2.windows.1