mirror of https://github.com/acidanthera/audk.git
MdeModulePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
Mark EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS as deprecated. 1. Make SetVariable/QueryVariableInfo return EFI_UNSUPPORTED with this attribute 2. No change to GetVariable/GetNextVariableName Also update several function descriptors accordingly Cc: Long Qin <qin.long@intel.com> Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
This commit is contained in:
Zhang, Chao B
parent
403170bbef
commit
4073f85d4a
|
|
@ -2,7 +2,7 @@
|
|||
The variable data structures are related to EDK II-specific implementation of UEFI variables.
|
||||
VariableFormat.h defines variable data headers and variable storage region headers.
|
||||
|
||||
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials are licensed and made available under
|
||||
the terms and conditions of the BSD License that accompanies this distribution.
|
||||
The full text of the license may be found at
|
||||
|
|
@ -115,11 +115,16 @@ typedef struct {
|
|||
///
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_BS_RT_AT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_AT EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT)
|
||||
///
|
||||
/// EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be considered as reserved
|
||||
///
|
||||
#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
|
||||
#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/** @file
|
||||
Provides services to initialize and process authenticated variables.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials are licensed and made available under
|
||||
the terms and conditions of the BSD License that accompanies this distribution.
|
||||
The full text of the license may be found at
|
||||
|
|
@ -228,7 +228,7 @@ AuthVariableLibInitialize (
|
|||
);
|
||||
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||
|
||||
@param[in] VariableName Name of the variable.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
|
|
@ -241,8 +241,7 @@ AuthVariableLibInitialize (
|
|||
@retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
@retval EFI_WRITE_PROTECTED Variable is write-protected.
|
||||
@retval EFI_OUT_OF_RESOURCES There is not enough resource.
|
||||
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
set, but the AuthInfo does NOT pass the validation
|
||||
check carried out by the firmware.
|
||||
@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/** @file
|
||||
Implements NULL authenticated variable services.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
|
@ -43,7 +43,7 @@ AuthVariableLibInitialize (
|
|||
}
|
||||
|
||||
/**
|
||||
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||
|
||||
@param[in] VariableName Name of the variable.
|
||||
@param[in] VendorGuid Variable vendor GUID.
|
||||
|
|
@ -56,8 +56,7 @@ AuthVariableLibInitialize (
|
|||
@retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
@retval EFI_WRITE_PROTECTED Variable is write-protected.
|
||||
@retval EFI_OUT_OF_RESOURCES There is not enough resource.
|
||||
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
set, but the AuthInfo does NOT pass the validation
|
||||
check carried out by the firmware.
|
||||
@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
|
||||
|
|
|
|||
|
|
@ -305,8 +305,7 @@ BmSetMemoryTypeInformationVariable (
|
|||
@param VendorGuid A unique identifier for the vendor.
|
||||
@param Attributes Attributes bitmask to set for the variable.
|
||||
@param DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE,
|
||||
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, or
|
||||
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is
|
||||
set, then a SetVariable() call with a DataSize of zero will not cause any change to
|
||||
the variable value (the timestamp associated with the variable may be updated however
|
||||
|
|
@ -324,9 +323,8 @@ BmSetMemoryTypeInformationVariable (
|
|||
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, but the AuthInfo
|
||||
does NOT pass the validation check carried out by the firmware.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
being set, but the AuthInfo does NOT pass the validation check carried out by the firmware.
|
||||
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
**/
|
||||
|
|
|
|||
|
|
@ -275,8 +275,7 @@ BmStopHotkeyService (
|
|||
@param VendorGuid A unique identifier for the vendor.
|
||||
@param Attributes Attributes bitmask to set for the variable.
|
||||
@param DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE,
|
||||
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, or
|
||||
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is
|
||||
set, then a SetVariable() call with a DataSize of zero will not cause any change to
|
||||
the variable value (the timestamp associated with the variable may be updated however
|
||||
|
|
@ -294,9 +293,8 @@ BmStopHotkeyService (
|
|||
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, but the AuthInfo
|
||||
does NOT pass the validation check carried out by the firmware.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
being set, but the AuthInfo does NOT pass the validation check carried out by the firmware.
|
||||
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
**/
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/** @file
|
||||
Head file for BDS Architectural Protocol implementation
|
||||
|
||||
Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
|
@ -80,8 +80,7 @@ BdsEntry (
|
|||
@param VendorGuid A unique identifier for the vendor.
|
||||
@param Attributes Attributes bitmask to set for the variable.
|
||||
@param DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE,
|
||||
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, or
|
||||
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is
|
||||
set, then a SetVariable() call with a DataSize of zero will not cause any change to
|
||||
the variable value (the timestamp associated with the variable may be updated however
|
||||
|
|
@ -99,9 +98,8 @@ BdsEntry (
|
|||
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, but the AuthInfo
|
||||
does NOT pass the validation check carried out by the firmware.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
being set, but the AuthInfo does NOT pass the validation check carried out by the firmware.
|
||||
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
**/
|
||||
|
|
|
|||
|
|
@ -1112,8 +1112,7 @@ BdsEntry (
|
|||
@param VendorGuid A unique identifier for the vendor.
|
||||
@param Attributes Attributes bitmask to set for the variable.
|
||||
@param DataSize The size in bytes of the Data buffer. Unless the EFI_VARIABLE_APPEND_WRITE,
|
||||
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, or
|
||||
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute is set, a size of zero
|
||||
causes the variable to be deleted. When the EFI_VARIABLE_APPEND_WRITE attribute is
|
||||
set, then a SetVariable() call with a DataSize of zero will not cause any change to
|
||||
the variable value (the timestamp associated with the variable may be updated however
|
||||
|
|
@ -1131,9 +1130,8 @@ BdsEntry (
|
|||
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS being set, but the AuthInfo
|
||||
does NOT pass the validation check carried out by the firmware.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
||||
being set, but the AuthInfo does NOT pass the validation check carried out by the firmware.
|
||||
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
**/
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
This module initilizes MemoryOverwriteRequestControlLock variable.
|
||||
This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
|
||||
|
||||
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
|
@ -116,7 +116,7 @@ IsMorLockVariable (
|
|||
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
|
||||
set but the AuthInfo does NOT pass the validation check carried
|
||||
out by the firmware.
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
|
|
|
|||
|
|
@ -3133,8 +3133,11 @@ VariableServiceSetVariable (
|
|||
|
||||
//
|
||||
// Check for reserverd bit in variable attribute.
|
||||
// EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated but we still allow
|
||||
// the delete operation of common authenticated variable at user physical presence.
|
||||
// So leave EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute check to AuthVariableLib
|
||||
//
|
||||
if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {
|
||||
if ((Attributes & (~(EFI_VARIABLE_ATTRIBUTES_MASK | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS))) != 0) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||
EFI_VARIABLE_BOOTSERVICE_ACCESS | \
|
||||
EFI_VARIABLE_RUNTIME_ACCESS | \
|
||||
EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
|
||||
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
|
||||
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
|
||||
EFI_VARIABLE_APPEND_WRITE)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue