[edk2-devel] [PATCH v5 00/19] UEFI variable protection
Yao, Jiewen
jiewen.yao at intel.com
Fri Dec 9 08:03:42 UTC 2022
Hi
Since this is a big feature in SecurityPkg and MdeModulePkg, I proposal to add *dedicated reviewer(s)* to support the maintenance work in EDKII.
Something like:
===============
MdeModulePkg: Protected Variable
F: MdeModulePkg/Universal/Variable/Protected/
F: <Please list all newly added file>
R: <Please give the reviewer name>
SecurityPkg: Protected Variable
F: SecurityPkg/Library/ProtectedVariableLib/
F: <Please list all newly added file>
R: <Please give the reviewer name>
===============
Please follow the style at https://github.com/tianocore/edk2/blob/master/Maintainers.txt
Thank you
Yao, Jiewen
> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Judah
> Vang
> Sent: Sunday, November 6, 2022 3:35 PM
> To: devel at edk2.groups.io
> Subject: [edk2-devel] [PATCH v5 00/19] UEFI variable protection
>
> Patch 07 - Add PEI Variable Protection into a new directory and leave the
> existing PEI Variable unchanged.
>
> Patch 08 - Add RuntimeDxe Variable Protection into a new directory and
> keep existing Variable for RuntimeDxe unchanged.
>
> Patch 09 - Add reference to new Protected Variable libs.
>
> Patch 16 - Applied code review comments by adding PEIM to library class
>
> Patch 18 - Applied code review comments by removing unused API.
>
> Notes:
> The CryptoPkg changes are now being tracked separately.
> Patches 21 on is no longer needed due to reorganization of the new
> protected variable modules.
>
> Judah Vang (19):
> MdePkg: Add reference to new Ppi Guid
> MdeModulePkg: Update AUTH_VARIABLE_INFO struct
> MdeModulePkg: Add new ProtectedVariable GUIDs
> MdeModulePkg: Add new include files
> MdeModulePkg: Add new GUID for Variable Store Info
> MdeModulePkg: Add Null ProtectedVariable Library
> MdeModulePkg: Add new Variable functionality
> MdeModulePkg: Add support for Protected Variables
> MdeModulePkg: Reference Null ProtectedVariableLib
> SecurityPkg: Add new GUIDs for
> SecurityPkg: Add new KeyService types and defines
> SecurityPkg: Add new variable types and functions
> SecurityPkg: Update RPMC APIs with index
> SecurityPkg: Fix GetVariableKey API
> SecurityPkg: Add null encryption variable libs
> SecurityPkg: Add VariableKey library function
> SecurityPkg: Add EncryptionVariable lib with AES
> SecurityPkg: Add Protected Variable Services
> SecurityPkg: Add references to new *.inf files
>
> MdeModulePkg/MdeModulePkg.dec
> | 13 +-
> SecurityPkg/SecurityPkg.dec
> | 43 +-
> MdeModulePkg/MdeModulePkg.dsc
> | 20 +-
> MdeModulePkg/Test/MdeModulePkgHostTest.dsc
> | 8 +
> SecurityPkg/SecurityPkg.dsc
> | 13 +-
>
> MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull
> .inf | 34 +
> MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf
> | 79 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni
> tTest/VariableLockRequestToLockUnitTest.inf | 36 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eDxe.inf | 151 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.i
> nf | 153 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxe.inf | 119 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal
> oneMm.inf | 143 +
> SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf
> | 43 +
>
> SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.in
> f | 34 +
> SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf
> | 64 +
> SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf
> | 68 +
> SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf
> | 67 +
>
> SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLi
> b.inf | 62 +
> SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf
> | 36 +
> MdeModulePkg/Include/Guid/ProtectedVariable.h
> | 22 +
> MdeModulePkg/Include/Library/AuthVariableLib.h
> | 4 +-
> MdeModulePkg/Include/Library/EncryptionVariableLib.h
> | 165 +
> MdeModulePkg/Include/Library/ProtectedVariableLib.h
> | 607 +++
> MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h
> | 225 ++
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h
> | 309 ++
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h
> | 116 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/PrivilegePolym
> orphic.h | 158 +
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h
> | 948 +++++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol
> atile.h | 67 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing
> .h | 424 ++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eCache.h | 51 +
> MdePkg/Include/Ppi/ReadOnlyVariable2.h
> | 4 +-
> SecurityPkg/Include/Library/RpmcLib.h
> | 15 +-
> SecurityPkg/Include/Library/VariableKeyLib.h
> | 37 +-
> SecurityPkg/Include/Ppi/KeyServicePpi.h
> | 57 +
> SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h
> | 49 +
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h
> | 589 +++
> MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c
> | 336 ++
> MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c
> | 628 +++
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c
> | 941 +++++
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c
> | 307 ++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c
> | 343 ++
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c
> | 504 +++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni
> tTest/VariableLockRequestToLockUnitTest.c | 607 +++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar
> rierDxe.c | 27 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar
> rierSmm.c | 26 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe
> .c | 153 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSm
> m.c | 569 +++
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c
> | 101 +
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c
> | 4037 ++++++++++++++++++++
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c
> | 670 ++++
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib.c
> | 417 ++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableLockRe
> questToLock.c | 96 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol
> atile.c | 537 +++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing
> .c | 1110 ++++++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePolicyS
> mmDxe.c | 575 +++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eCache.c | 158 +
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c
> | 1268 ++++++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxe.c | 1895 +++++++++
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal
> oneMm.c | 89 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableTraditi
> onalMm.c | 130 +
> SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c
> | 734 ++++
> SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c
> | 92 +
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c
> | 2103 ++++++++++
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c
> | 163 +
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c
> | 1327 +++++++
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c
> | 209 +
>
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeComm
> on.c | 967 +++++
>
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c
> | 233 ++
> SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> | 8 +-
> SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c
> | 59 +
> SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> | 8 +-
> MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni
> | 16 +
> MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni
> | 14 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eDxe.uni | 22 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eDxeExtra.uni | 14 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.u
> ni | 27 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmEx
> tra.uni | 14 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxe.uni | 23 +
>
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxeExtra.uni | 14 +
> 80 files changed, 26556 insertions(+), 48 deletions(-)
> create mode 100644
> MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull
> .inf
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni
> tTest/VariableLockRequestToLockUnitTest.inf
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eDxe.inf
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.i
> nf
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxe.inf
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal
> oneMm.inf
> create mode 100644
> SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf
> create mode 100644
> SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.in
> f
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLi
> b.inf
> create mode 100644 SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf
> create mode 100644 MdeModulePkg/Include/Guid/ProtectedVariable.h
> create mode 100644
> MdeModulePkg/Include/Library/EncryptionVariableLib.h
> create mode 100644
> MdeModulePkg/Include/Library/ProtectedVariableLib.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/PrivilegePolym
> orphic.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol
> atile.h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing
> .h
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eCache.h
> create mode 100644 SecurityPkg/Include/Ppi/KeyServicePpi.h
> create mode 100644
> SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h
> create mode 100644
> MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUni
> tTest/VariableLockRequestToLockUnitTest.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar
> rierDxe.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBar
> rierSmm.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe
> .c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSm
> m.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableLockRe
> questToLock.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVol
> atile.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing
> .c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePolicyS
> mmDxe.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eCache.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxe.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandal
> oneMm.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableTraditi
> onalMm.c
> create mode 100644
> SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c
> create mode 100644
> SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeComm
> on.c
> create mode 100644
> SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c
> create mode 100644 SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eDxe.uni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntim
> eDxeExtra.uni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.u
> ni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmEx
> tra.uni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxe.uni
> create mode 100644
> MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmR
> untimeDxeExtra.uni
>
> --
> 2.35.1.windows.2
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97170): https://edk2.groups.io/g/devel/message/97170
Mute This Topic: https://groups.io/mt/94840817/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list