1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
/** @file
Temporary location of the RequestToLock shim code while projects
are moved to VariablePolicy. Should be removed when deprecated.
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Uefi.h>
#include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/VariablePolicyLib.h>
#include <Library/VariablePolicyHelperLib.h>
#include <Protocol/VariableLock.h>
/**
DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.
Mark a variable that will become read-only after leaving the DXE phase of
execution. Write request coming from SMM environment through
EFI_SMM_VARIABLE_PROTOCOL is allowed.
@param[in] This The VARIABLE_LOCK_PROTOCOL instance.
@param[in] VariableName A pointer to the variable name that will be made
read-only subsequently.
@param[in] VendorGuid A pointer to the vendor GUID that will be made
read-only subsequently.
@retval EFI_SUCCESS The variable specified by the VariableName and
the VendorGuid was marked as pending to be
read-only.
@retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
Or VariableName is an empty string.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or
EFI_EVENT_GROUP_READY_TO_BOOT has already been
signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock
request.
**/
EFI_STATUS
EFIAPI
VariableLockRequestToLock (
IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
EFI_STATUS Status;
VARIABLE_POLICY_ENTRY *NewPolicy;
DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! %a() will go away soon!\n", __FUNCTION__));
DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!\n"));
DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", VendorGuid, VariableName));
NewPolicy = NULL;
Status = CreateBasicVariablePolicy (
VendorGuid,
VariableName,
VARIABLE_POLICY_NO_MIN_SIZE,
VARIABLE_POLICY_NO_MAX_SIZE,
VARIABLE_POLICY_NO_MUST_ATTR,
VARIABLE_POLICY_NO_CANT_ATTR,
VARIABLE_POLICY_TYPE_LOCK_NOW,
&NewPolicy
);
if (!EFI_ERROR (Status)) {
Status = RegisterVariablePolicy (NewPolicy);
//
// If the error returned is EFI_ALREADY_STARTED, we need to check the
// current database for the variable and see whether it's locked. If it's
// locked, we're still fine, but also generate a DEBUG_WARN message so the
// duplicate lock can be removed.
//
if (Status == EFI_ALREADY_STARTED) {
Status = ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL);
if (Status == EFI_WRITE_PROTECTED) {
DEBUG ((DEBUG_WARN, " Variable: %g %s is already locked!\n", VendorGuid, VariableName));
Status = EFI_SUCCESS;
} else {
DEBUG ((DEBUG_ERROR, " Variable: %g %s can not be locked!\n", VendorGuid, VariableName));
Status = EFI_ACCESS_DENIED;
}
}
}
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status));
}
if (NewPolicy != NULL) {
FreePool (NewPolicy);
}
return Status;
}
|
