mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-23 05:34:31 +02:00
MdeModulePkg: Allow VariablePolicy state to delete protected variables
https://bugzilla.tianocore.org/show_bug.cgi?id=2522 TcgMorLockSmm provides special protections for the TCG MOR variables. This will check IsVariablePolicyEnabled() before enforcing them to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Bret Barkelew <brbarkel@microsoft.com> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com> Acked-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Bret Barkelew
mergify[bot]
parent
b6490426e3
commit
e176bafc9d
@ -5,6 +5,7 @@
|
|||||||
This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
|
This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
|
||||||
|
|
||||||
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
Copyright (c) Microsoft Corporation.
|
||||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
**/
|
**/
|
||||||
@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
|||||||
#include <Library/BaseMemoryLib.h>
|
#include <Library/BaseMemoryLib.h>
|
||||||
#include "Variable.h"
|
#include "Variable.h"
|
||||||
|
|
||||||
|
#include <Protocol/VariablePolicy.h>
|
||||||
|
|
||||||
|
#include <Library/VariablePolicyLib.h>
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
CHAR16 *VariableName;
|
CHAR16 *VariableName;
|
||||||
EFI_GUID *VendorGuid;
|
EFI_GUID *VendorGuid;
|
||||||
@ -341,6 +346,11 @@ SetVariableCheckHandlerMor (
|
|||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Permit deletion when policy is disabled.
|
||||||
|
if (!IsVariablePolicyEnabled() && ((Attributes == 0) || (DataSize == 0))) {
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// MorLock variable
|
// MorLock variable
|
||||||
//
|
//
|
||||||
|
|||||||
@ -20,6 +20,7 @@
|
|||||||
#
|
#
|
||||||
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
# Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
|
# Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
|
||||||
|
# Copyright (c) Microsoft Corporation.
|
||||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
#
|
#
|
||||||
##
|
##
|
||||||
@ -74,6 +75,7 @@
|
|||||||
StandaloneMmDriverEntryPoint
|
StandaloneMmDriverEntryPoint
|
||||||
SynchronizationLib
|
SynchronizationLib
|
||||||
VarCheckLib
|
VarCheckLib
|
||||||
|
VariablePolicyLib
|
||||||
|
|
||||||
[Protocols]
|
[Protocols]
|
||||||
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
|
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user