From d89492456f79e014679cb6c29b144ea26b910918 Mon Sep 17 00:00:00 2001 From: Linus Liu Date: Mon, 8 May 2023 12:20:51 +0800 Subject: Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4408 Cc: Jiewen Yao Cc: Maggie Chu Cc: Kumar Rahul Signed-off-by: Linus Liu Reviewed-by: Jiewen Yao --- SecurityPkg/HddPassword/HddPasswordDxe.c | 28 +++++++++++++++++----------- SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- SecurityPkg/SecurityPkg.dsc | 1 + 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 55dfb25..6f36b5a 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ #include "HddPasswordDxe.h" +#include EFI_GUID mHddPasswordVendorGuid = HDD_PASSWORD_CONFIG_GUID; CHAR16 mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG"; @@ -2818,11 +2819,11 @@ HddPasswordDxeInit ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - VOID *Registration; - EFI_EVENT EndOfDxeEvent; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + VOID *Registration; + EFI_EVENT EndOfDxeEvent; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; Private = NULL; @@ -2858,13 +2859,18 @@ HddPasswordDxeInit ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // - Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock); + Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) { - Status = VariableLock->RequestToLock ( - VariableLock, - HDD_PASSWORD_VARIABLE_NAME, - &mHddPasswordVendorGuid - ); + Status = RegisterBasicVariablePolicy ( + VariablePolicy, + &mHddPasswordVendorGuid, + HDD_PASSWORD_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PASSWORD_VARIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status); } diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPassword/HddPasswordDxe.h index 231533e..049a208 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include #include #include diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index 06e8755..2c0ebbc 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib + VariablePolicyHelperLib S3BootScriptLib PciLib BaseCryptLib @@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassThruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid ## CONSUMES - gEdkiiVariableLockProtocolGuid ## CONSUMES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad537..3c62205 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] # -- cgit v1.1