[edk2-devel] [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib
Michael D Kinney
michael.d.kinney at intel.com
Thu Dec 15 18:27:46 UTC 2022
Acked-by: Michael D Kinney <michael.d.kinney at intel.com>
Mike
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao at intel.com>
> Sent: Wednesday, December 14, 2022 7:11 PM
> To: Wang, Jian J <jian.j.wang at intel.com>; devel at edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney at intel.com>; Mistry, Nishant C <nishant.c.mistry at intel.com>; Vang, Judah
> <judah.vang at intel.com>
> Subject: RE: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib
>
> Agree.
> Reviewed-by: Jiewen Yao <jiewen.yao at intel.com>
>
> I will wait for 1 work week to see if there is any objection.
> If anyone has concern, please let us know as soon as possible.
>
> Thank you
> Yao, Jiewen
>
> > -----Original Message-----
> > From: Wang, Jian J <jian.j.wang at intel.com>
> > Sent: Thursday, December 15, 2022 11:02 AM
> > To: devel at edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao at intel.com>; Kinney, Michael D
> > <michael.d.kinney at intel.com>; Mistry, Nishant C
> > <nishant.c.mistry at intel.com>; Vang, Judah <judah.vang at intel.com>
> > Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> >
> > There's no real usage of these two libraries. They're deprecated.
> >
> > Cc: Jiewen Yao <jiewen.yao at intel.com>
> > Cc: Michael D Kinney <michael.d.kinney at intel.com>
> > Cc: Nishant C Mistry <nishant.c.mistry at intel.com>
> > Cc: Judah Vang <judah.vang at intel.com>
> > Signed-off-by: Jian J Wang <jian.j.wang at intel.com>
> > ---
> > SecurityPkg/Include/Library/RpmcLib.h | 42 ------------
> > SecurityPkg/Include/Library/VariableKeyLib.h | 59 -----------------
> > SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 -------------
> > .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ----------
> > .../VariableKeyLibNull/VariableKeyLibNull.c | 66 -------------------
> > .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ----------
> > SecurityPkg/SecurityPkg.dec | 8 ---
> > SecurityPkg/SecurityPkg.dsc | 4 --
> > 8 files changed, 291 deletions(-)
> > delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h
> > delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h
> > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> > delete mode 100644
> > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> > delete mode 100644
> > SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> >
> > diff --git a/SecurityPkg/Include/Library/RpmcLib.h
> > b/SecurityPkg/Include/Library/RpmcLib.h
> > deleted file mode 100644
> > index df4ba34ba8..0000000000
> > --- a/SecurityPkg/Include/Library/RpmcLib.h
> > +++ /dev/null
> > @@ -1,42 +0,0 @@
> > -/** @file
> >
> > - Public definitions for the Replay Protected Monotonic Counter (RPMC)
> > Library.
> >
> > -
> >
> > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#ifndef _RPMC_LIB_H_
> >
> > -#define _RPMC_LIB_H_
> >
> > -
> >
> > -#include <Uefi/UefiBaseType.h>
> >
> > -
> >
> > -/**
> >
> > - Requests the monotonic counter from the designated RPMC counter.
> >
> > -
> >
> > - @param[out] CounterValue A pointer to a buffer to store the RPMC
> > value.
> >
> > -
> >
> > - @retval EFI_SUCCESS The operation completed successfully.
> >
> > - @retval EFI_DEVICE_ERROR A device error occurred while
> > attempting to update the counter.
> >
> > - @retval EFI_UNSUPPORTED The operation is un-supported.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -RequestMonotonicCounter (
> >
> > - OUT UINT32 *CounterValue
> >
> > - );
> >
> > -
> >
> > -/**
> >
> > - Increments the monotonic counter in the SPI flash device by 1.
> >
> > -
> >
> > - @retval EFI_SUCCESS The operation completed successfully.
> >
> > - @retval EFI_DEVICE_ERROR A device error occurred while
> > attempting to update the counter.
> >
> > - @retval EFI_UNSUPPORTED The operation is un-supported.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -IncrementMonotonicCounter (
> >
> > - VOID
> >
> > - );
> >
> > -
> >
> > -#endif
> >
> > diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h
> > b/SecurityPkg/Include/Library/VariableKeyLib.h
> > deleted file mode 100644
> > index 561ebad09d..0000000000
> > --- a/SecurityPkg/Include/Library/VariableKeyLib.h
> > +++ /dev/null
> > @@ -1,59 +0,0 @@
> > -/** @file
> >
> > - Public definitions for Variable Key Library.
> >
> > -
> >
> > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#ifndef _VARIABLE_KEY_LIB_H_
> >
> > -#define _VARIABLE_KEY_LIB_H_
> >
> > -
> >
> > -#include <Uefi/UefiBaseType.h>
> >
> > -
> >
> > -/**
> >
> > - Retrieves the key for integrity and/or confidentiality of variables.
> >
> > -
> >
> > - @param[out] VariableKey A pointer to pointer for the variable key
> > buffer.
> >
> > - @param[in,out] VariableKeySize The size in bytes of the variable key.
> >
> > -
> >
> > - @retval EFI_SUCCESS The variable key was returned.
> >
> > - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> > get the variable key.
> >
> > - @retval EFI_ACCESS_DENIED The function was invoked after locking
> > the key interface.
> >
> > - @retval EFI_UNSUPPORTED The variable key is not supported in the
> > current boot configuration.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -GetVariableKey (
> >
> > - OUT VOID **VariableKey,
> >
> > - IN OUT UINTN *VariableKeySize
> >
> > - );
> >
> > -
> >
> > -/**
> >
> > - Regenerates the variable key.
> >
> > -
> >
> > - @retval EFI_SUCCESS The variable key was regenerated
> > successfully.
> >
> > - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> > regenerate the key.
> >
> > - @retval EFI_ACCESS_DENIED The function was invoked after locking
> > the key interface.
> >
> > - @retval EFI_UNSUPPORTED Key regeneration is not supported in
> > the current boot configuration.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -RegenerateVariableKey (
> >
> > - VOID
> >
> > - );
> >
> > -
> >
> > -/**
> >
> > - Locks the regenerate key interface.
> >
> > -
> >
> > - @retval EFI_SUCCESS The key interface was locked successfully.
> >
> > - @retval EFI_UNSUPPORTED Locking the key interface is not
> > supported in the current boot configuration.
> >
> > - @retval Others An error occurred while attempting to lock the
> > key interface.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -LockVariableKeyInterface (
> >
> > - VOID
> >
> > - );
> >
> > -
> >
> > -#endif
> >
> > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > deleted file mode 100644
> > index 792e48250e..0000000000
> > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > +++ /dev/null
> > @@ -1,46 +0,0 @@
> > -/** @file
> >
> > - NULL RpmcLib instance for build purpose.
> >
> > -
> >
> > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include <Library/DebugLib.h>
> >
> > -#include <Library/RpmcLib.h>
> >
> > -
> >
> > -/**
> >
> > - Requests the monotonic counter from the designated RPMC counter.
> >
> > -
> >
> > - @param[out] CounterValue A pointer to a buffer to store the RPMC
> > value.
> >
> > -
> >
> > - @retval EFI_SUCCESS The operation completed successfully.
> >
> > - @retval EFI_DEVICE_ERROR A device error occurred while
> > attempting to update the counter.
> >
> > - @retval EFI_UNSUPPORTED The operation is un-supported.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -RequestMonotonicCounter (
> >
> > - OUT UINT32 *CounterValue
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return EFI_UNSUPPORTED;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Increments the monotonic counter in the SPI flash device by 1.
> >
> > -
> >
> > - @retval EFI_SUCCESS The operation completed successfully.
> >
> > - @retval EFI_DEVICE_ERROR A device error occurred while
> > attempting to update the counter.
> >
> > - @retval EFI_UNSUPPORTED The operation is un-supported.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -IncrementMonotonicCounter (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return EFI_UNSUPPORTED;
> >
> > -}
> >
> > diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> > b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> > deleted file mode 100644
> > index 500edfa87d..0000000000
> > --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> > +++ /dev/null
> > @@ -1,33 +0,0 @@
> > -## @file
> >
> > -# Provides Null version of RpmcLib for build purpose.
> >
> > -#
> >
> > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -# SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -#
> >
> > -##
> >
> > -
> >
> > -[Defines]
> >
> > - INF_VERSION = 0x00010029
> >
> > - BASE_NAME = RpmcLibNull
> >
> > - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360
> >
> > - MODULE_TYPE = BASE
> >
> > - VERSION_STRING = 1.0
> >
> > - LIBRARY_CLASS = RpmcLib
> >
> > -
> >
> > -#
> >
> > -# The following information is for reference only and not required by the
> > build tools.
> >
> > -#
> >
> > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64
> >
> > -#
> >
> > -
> >
> > -[Sources]
> >
> > - RpmcLibNull.c
> >
> > -
> >
> > -[Packages]
> >
> > - MdePkg/MdePkg.dec
> >
> > - SecurityPkg/SecurityPkg.dec
> >
> > -
> >
> > -[LibraryClasses]
> >
> > - BaseLib
> >
> > - DebugLib
> >
> > -
> >
> > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> > deleted file mode 100644
> > index a08def767b..0000000000
> > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
> > +++ /dev/null
> > @@ -1,66 +0,0 @@
> > -/** @file
> >
> > - Null version of VariableKeyLib for build purpose. Don't use it in real
> > product.
> >
> > -
> >
> > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -#include <Library/DebugLib.h>
> >
> > -#include <Library/VariableKeyLib.h>
> >
> > -
> >
> > -/**
> >
> > - Retrieves the key for integrity and/or confidentiality of variables.
> >
> > -
> >
> > - @param[out] VariableKey A pointer to pointer for the variable key
> > buffer.
> >
> > - @param[in,out] VariableKeySize The size in bytes of the variable key.
> >
> > -
> >
> > - @retval EFI_SUCCESS The variable key was returned.
> >
> > - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> > get the variable key.
> >
> > - @retval EFI_ACCESS_DENIED The function was invoked after locking
> > the key interface.
> >
> > - @retval EFI_UNSUPPORTED The variable key is not supported in the
> > current boot configuration.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -GetVariableKey (
> >
> > - OUT VOID **VariableKey,
> >
> > - IN OUT UINTN *VariableKeySize
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return EFI_UNSUPPORTED;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Regenerates the variable key.
> >
> > -
> >
> > - @retval EFI_SUCCESS The variable key was regenerated
> > successfully.
> >
> > - @retval EFI_DEVICE_ERROR An error occurred while attempting to
> > regenerate the key.
> >
> > - @retval EFI_ACCESS_DENIED The function was invoked after locking
> > the key interface.
> >
> > - @retval EFI_UNSUPPORTED Key regeneration is not supported in
> > the current boot configuration.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -RegenerateVariableKey (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return EFI_UNSUPPORTED;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Locks the regenerate key interface.
> >
> > -
> >
> > - @retval EFI_SUCCESS The key interface was locked successfully.
> >
> > - @retval EFI_UNSUPPORTED Locking the key interface is not
> > supported in the current boot configuration.
> >
> > - @retval Others An error occurred while attempting to lock the
> > key interface.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -LockVariableKeyInterface (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - ASSERT (FALSE);
> >
> > - return EFI_UNSUPPORTED;
> >
> > -}
> >
> > diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> > b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> > deleted file mode 100644
> > index ea74e38cf9..0000000000
> > --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> > +++ /dev/null
> > @@ -1,33 +0,0 @@
> > -## @file
> >
> > -# Provides Null version of VariableKeyLib for build only.
> >
> > -#
> >
> > -# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > -# SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -#
> >
> > -##
> >
> > -
> >
> > -[Defines]
> >
> > - INF_VERSION = 0x00010029
> >
> > - BASE_NAME = VariableKeyLibNull
> >
> > - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A
> >
> > - MODULE_TYPE = BASE
> >
> > - VERSION_STRING = 1.0
> >
> > - LIBRARY_CLASS = VariableKeyLib
> >
> > -
> >
> > -#
> >
> > -# The following information is for reference only and not required by the
> > build tools.
> >
> > -#
> >
> > -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64
> >
> > -#
> >
> > -
> >
> > -[Sources]
> >
> > - VariableKeyLibNull.c
> >
> > -
> >
> > -[Packages]
> >
> > - MdePkg/MdePkg.dec
> >
> > - SecurityPkg/SecurityPkg.dec
> >
> > -
> >
> > -[LibraryClasses]
> >
> > - BaseLib
> >
> > - DebugLib
> >
> > -
> >
> > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> > index 7ecf9565d9..358b3dc543 100644
> > --- a/SecurityPkg/SecurityPkg.dec
> > +++ b/SecurityPkg/SecurityPkg.dec
> > @@ -80,14 +80,6 @@
> > #
> >
> > TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h
> >
> >
> >
> > - ## @libraryclass Provides interfaces to access RPMC device.
> >
> > - #
> >
> > - RpmcLib|Include/Library/RpmcLib.h
> >
> > -
> >
> > - ## @libraryclass Provides interfaces to access variable root key.
> >
> > - #
> >
> > - VariableKeyLib|Include/Library/VariableKeyLib.h
> >
> > -
> >
> > ## @libraryclass Provides interfaces about firmware TPM measurement.
> >
> > #
> >
> > TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h
> >
> > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> > index 30d911d8a1..2f679c87a9 100644
> > --- a/SecurityPkg/SecurityPkg.dsc
> > +++ b/SecurityPkg/SecurityPkg.dsc
> > @@ -68,8 +68,6 @@
> >
> > TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi
> > b.inf
> >
> >
> > TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi
> > b.inf
> >
> >
> > ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseReset
> > SystemLibNull.inf
> >
> > -
> > VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.in
> > f
> >
> > - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> >
> >
> > TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventL
> > ogRecordLib.inf
> >
> >
> > MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnbloc
> > kMemoryLibNull.inf
> >
> >
> > SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo
> > otVariableLib.inf
> >
> > @@ -264,8 +262,6 @@
> > #
> >
> > # Variable Confidentiality & Integrity
> >
> > #
> >
> > - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
> >
> > - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
> >
> >
> > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionL
> > ibVarPolicy.inf
> >
> >
> >
> > #
> >
> > --
> > 2.36.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97477): https://edk2.groups.io/g/devel/message/97477
Mute This Topic: https://groups.io/mt/95682092/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list