[edk2-devel] VariablePolicy support in StandaloneMM

[Ard Biesheuvel]

(+ Laszlo)

On 12/2/20 9:57 AM, Masahisa Kojima wrote:
> Hello All,
> 
> VariablePolicy was introduced in November.
> When Developerbox(aarch64 platform) boots with UEFI secure boot enabled,
> the following error appears.
> Note that this platform supports UEFI secure boot using the standalone
> MM framework.
> 
> --- StandaloneMM log ---
> VariableLockRequestToLock - Failed to lock variable CapsuleMax! Not Ready
> 
> ASSERT_EFI_ERROR (Status = Not Ready)
> ASSERT [VariableStandaloneMm]
> /home/ubuntu/src/uefi/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c(64):
> !EFI_ERROR (Status)
> MmEntryPoint Done
> ---
> 
> In my check, this is simply because
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c::InitVariablePolicyLib()
> is not called.
> 
> InitVariablePolicyLib() is called from the following two files.
> ---
>   MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c:  Status
> = InitVariablePolicyLib( VariableServiceGetVariable );
>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c:  Status =
> InitVariablePolicyLib (VariableServiceGetVariable);
> ---
> VariableDxe.c is not for MM_STANDALONE, so I tried to use
> "VarCheckPolicyLib" as VarCheckLib,
> but "VarCheckPolicyLib" requires
> DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf and
> DxeServicesLib.inf is not for MM_STANDALONE, I am stuck here.
> 
> Could you please take a look at this error?
> 

Thanks for the report.

Bret, could you please suggest a fix here?


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#68168): https://edk2.groups.io/g/devel/message/68168
Mute This Topic: https://groups.io/mt/78655646/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-