[edk2-devel] [PATCH v2 00/12] Add the VariablePolicy feature

Laszlo Ersek lersek at redhat.com
Tue May 12 12:15:22 UTC 2020 

On 05/12/20 13:52, Laszlo Ersek wrote:
> On 05/12/20 08:46, Michael Kubacki wrote:
>> From: Michael Kubacki <michael.kubacki at microsoft.com>
>>
>> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2522
>>
>> The 12 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>>
>> Since the integration requires multiple changes, including adding libraries,
>> a protocol, an SMI communication handler, and VariableServices integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>>
>> Platform porting instructions are described in this wiki entry:
>> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
> 
> (1) This wiki article is helpful, thanks.
> 
> I have one remark: there's a heading saying "VarCheckPolicyLib NULL
> Instance":
> 
> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#varcheckpolicylib-null-instance
> 
> I think what's meant is "NULL class", not "NULL instance".
> 
> (2) The following platform DSC files in edk2 include the non-SMM
> variable driver
> ("MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf"),
> but they are not modified by this patch series:
> 
> ArmVirtPkg/ArmVirtQemu.dsc
> ArmVirtPkg/ArmVirtQemuKernel.dsc
> ArmVirtPkg/ArmVirtXen.dsc
> OvmfPkg/OvmfXen.dsc
> UefiPayloadPkg/UefiPayloadPkgIa32.dsc
> UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc
> 
> I'm asking that you please (a) include a patch for ArmVirtPkg, (b)
> update the OvmfPkg patch to cover "OvmfXen.dsc" too.
> 
> Not sure about the UefiPayloadPkg platforms; please ask their maintainers.
> 
> (I've CC'd the OvmfXen and UefiPayloadPkg maintainers/reviewers.)

(3) Could the wiki article please say a few words about what modules are
supposed to turn this mechanism into an actual policy? I.e., what
modules / use cases would consume the new protocol?

In this series, the only INF file that gets a reference to the new
protocol but is not related to the implementation of the protocol is
VariablePolicyFuncTestApp.

Thanks,
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#59273): https://edk2.groups.io/g/devel/message/59273
Mute This Topic: https://groups.io/mt/74153769/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list