Refactor UserAuthenticationSmm to support Standalone MM.
- Factor out variable lock code logic that references boot services.
- UserAuthenticationVariableLockDxe is added to lock the variables.
- UserAuthenticationStandaloneMm doesn't lock the variables, needs to
reply on UserAuthenticationVariableLockDxe to do the lock.
- UserAuthenticationSmm still locks the variables by itself, no need
to include UserAuthenticationVariableLockDxe.
- Register gEfiEventExitBootServicesGuid notify which is used by the
StandaloneMmCore.
Since gEdkiiVariableLockProtocolGuid is a deprecated interface, use
gEdkiiVariablePolicyProtocolGuid to lock password variables instead.
Cc: Dandan Bi <dandan...@intel.com>
Cc: Nate DeSimone <nathaniel.l.desim...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Signed-off-by: Wei6 Xu <wei6...@intel.com>
---
.../Include/UserAuthFeature.dsc | 2 +
.../UserAuthenticationSmm.c | 38 ++++-----
.../UserAuthenticationSmm.h | 26 +++---
.../UserAuthenticationSmm.inf | 11 ++-
.../UserAuthenticationStandaloneMm.c | 43 ++++++++++
.../UserAuthenticationStandaloneMm.inf | 58 +++++++++++++
.../UserAuthenticationTraditionalMm.c | 28 +++++++
.../UserAuthenticationVariable.h | 36 ++++++++
.../UserAuthenticationVariableLock.c | 84 +++++++++++++++++++
.../UserAuthenticationVariableLockDxe.c | 31 +++++++
.../UserAuthenticationVariableLockDxe.inf | 42 ++++++++++
11 files changed, 359 insertions(+), 40 deletions(-)
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.c
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.inf
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationTraditionalMm.c
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariable.h
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLock.c
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.c
create mode 100644
Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.inf
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAuthFeature.dsc
b/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAuthFeature.dsc
index 2f39a5580caf..d772b213aaeb 100644
---
a/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAuthFeature.dsc
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAuthFeature.dsc
@@ -75,3 +75,5 @@
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
+
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.inf
+
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.inf
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index 16e3405a82ef..89515ea11e85 100644
---
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
@@ -642,7 +642,7 @@ UaExitBootServices (
{
DEBUG ((DEBUG_INFO, "Unregister User Authentication Smi\n"));
- gSmst->SmiHandlerUnRegister(mSmmHandle);
+ gMmst->MmiHandlerUnRegister(mSmmHandle);
return EFI_SUCCESS;
}
@@ -657,54 +657,44 @@ UaExitBootServices (
**/
EFI_STATUS
-EFIAPI
PasswordSmmInit (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
+ VOID
)
{
EFI_STATUS Status;
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;
- CHAR16
PasswordHistoryName[sizeof(USER_AUTHENTICATION_VAR_NAME)/sizeof(CHAR16) + 5];
- UINTN Index;
EFI_EVENT ExitBootServicesEvent;
EFI_EVENT LegacyBootEvent;
+ EFI_EVENT SmmExitBootServicesEvent;
ASSERT (PASSWORD_HASH_SIZE == SHA256_DIGEST_SIZE);
ASSERT (PASSWORD_HISTORY_CHECK_COUNT < 0xFFFF);
- Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
(VOID**)&mSmmVariable);
+ Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
(VOID**)&mSmmVariable);
ASSERT_EFI_ERROR (Status);
//
// Make password variables read-only for DXE driver for security concern.
//
- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID
**) &VariableLock);
- if (!EFI_ERROR (Status)) {
- Status = VariableLock->RequestToLock (VariableLock,
USER_AUTHENTICATION_VAR_NAME, &gUserAuthenticationGuid);
- ASSERT_EFI_ERROR (Status);
-
- for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) {
- UnicodeSPrint (PasswordHistoryName, sizeof (PasswordHistoryName),
L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index);
- Status = VariableLock->RequestToLock (VariableLock, PasswordHistoryName,
&gUserAuthenticationGuid);
- ASSERT_EFI_ERROR (Status);
- }
- Status = VariableLock->RequestToLock (VariableLock,
USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME, &gUserAuthenticationGuid);
- ASSERT_EFI_ERROR (Status);
+ Status = LockPasswordVariable ();
+ ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return Status;
}
- Status = gSmst->SmiHandlerRegister (SmmPasswordHandler,
&gUserAuthenticationGuid, &mSmmHandle);
+ Status = gMmst->MmiHandlerRegister (SmmPasswordHandler,
&gUserAuthenticationGuid, &mSmmHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
return Status;
}
//
- // Register for SmmExitBootServices and SmmLegacyBoot notification.
+ // Register for SmmExitBootServices, SmmLegacyBoot and EventExitBootServices
notification.
//
- Status = gSmst->SmmRegisterProtocolNotify
(&gEdkiiSmmExitBootServicesProtocolGuid, UaExitBootServices,
&ExitBootServicesEvent);
+ Status = gMmst->MmRegisterProtocolNotify
(&gEdkiiSmmExitBootServicesProtocolGuid, UaExitBootServices,
&SmmExitBootServicesEvent);
+ ASSERT_EFI_ERROR (Status);
+ Status = gMmst->MmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtocolGuid,
UaExitBootServices, &LegacyBootEvent);
ASSERT_EFI_ERROR (Status);
- Status = gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtocolGuid,
UaExitBootServices, &LegacyBootEvent);
+ Status = gMmst->MmRegisterProtocolNotify (&gEfiEventExitBootServicesGuid,
UaExitBootServices, &ExitBootServicesEvent);
ASSERT_EFI_ERROR (Status);
if (IsPasswordCleared()) {
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h
index 47bb95529fa7..5bb1268673b0 100644
---
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h
@@ -9,7 +9,7 @@
#ifndef __USER_AUTHENTICATION_SMM_H__
#define __USER_AUTHENTICATION_SMM_H__
-#include <PiSmm.h>
+#include <PiMm.h>
#include <Protocol/SmmVariable.h>
#include <Protocol/VariableLock.h>
@@ -21,26 +21,17 @@
#include <Library/BaseMemoryLib.h>
#include <Library/PrintLib.h>
#include <Library/UefiBootServicesTableLib.h>
-#include <Library/SmmServicesTableLib.h>
+#include <Library/MmServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
-#include <Library/SmmServicesTableLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/PlatformPasswordLib.h>
#include "KeyService.h"
+#include "UserAuthenticationVariable.h"
#define PASSWORD_SALT_SIZE 32
#define PASSWORD_HASH_SIZE 32 // SHA256_DIGEST_SIZE
-#define PASSWORD_MAX_TRY_COUNT 3
-#define PASSWORD_HISTORY_CHECK_COUNT 5
-
-//
-// Name of the variable
-//
-#define USER_AUTHENTICATION_VAR_NAME L"Password"
-#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast"
-
//
// Variable storage
//
@@ -49,4 +40,15 @@ typedef struct {
UINT8 PasswordSalt[PASSWORD_SALT_SIZE];
} USER_PASSWORD_VAR_STRUCT;
+/**
+ Password Smm Init.
+
+ @retval EFI_SUCESS This function always complete successfully.
+
+**/
+EFI_STATUS
+PasswordSmmInit (
+ VOID
+ );
+
#endif
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
index b53f70f0e319..b41a7ee8a3f1 100644
---
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
@@ -15,13 +15,15 @@
MODULE_TYPE = DXE_SMM_DRIVER
VERSION_STRING = 1.0
PI_SPECIFICATION_VERSION = 0x0001000A
- ENTRY_POINT = PasswordSmmInit
+ ENTRY_POINT = UserAuthenticationMmEntry
[Sources]
UserAuthenticationSmm.c
+ UserAuthenticationTraditionalMm.c
UserAuthenticationSmm.h
KeyService.c
KeyService.h
+ UserAuthenticationVariableLock.c
[Packages]
MdePkg/MdePkg.dec
@@ -36,17 +38,18 @@
BaseLib
BaseMemoryLib
PrintLib
- SmmServicesTableLib
+ MmServicesTableLib
MemoryAllocationLib
- UefiLib
BaseCryptLib
PlatformPasswordLib
+ VariablePolicyHelperLib
[Guids]
gUserAuthenticationGuid ## CONSUMES ## GUID
+ gEfiEventExitBootServicesGuid ## CONSUMES ## Event
[Protocols]
- gEdkiiVariableLockProtocolGuid ## CONSUMES
+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES
gEfiSmmVariableProtocolGuid ## CONSUMES
gEdkiiSmmExitBootServicesProtocolGuid ## CONSUMES
gEdkiiSmmLegacyBootProtocolGuid ## CONSUMES
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.c
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.c
new file mode 100644
index 000000000000..7a767ccabf2f
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.c
@@ -0,0 +1,43 @@
+/** @file
+ Entry point of UserAuthenticationStandaloneMm.
+
+ Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "UserAuthenticationSmm.h"
+
+/**
+ NULL implement for Lock password variables.
+ Relies on UserAuthenticationVariableLockDxe to lock the password variables.
+
+ @retval EFI_SUCCESS Always return success.
+
+**/
+EFI_STATUS
+LockPasswordVariable (
+ VOID
+ )
+{
+ return EFI_SUCCESS;
+}
+
+/**
+ Main entry for this driver.
+
+ @param ImageHandle Image handle this driver.
+ @param SystemTable Pointer to SystemTable.
+
+ @retval EFI_SUCESS This function always complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+UserAuthenticationMmEntry (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_MM_SYSTEM_TABLE *SystemTable
+ )
+{
+ return PasswordSmmInit ();
+}
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.inf
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.inf
new file mode 100644
index 000000000000..f7d9a045001e
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.inf
@@ -0,0 +1,58 @@
+## @file
+# User Authentication Standalone Mm Driver.
+#
+# This driver provides SMM services for DXE user authentication module.
+# This Standalone Mm driver lacks of the ability to lock the password
+# variables. Need to reply on UserAuthenticationVariableLockDxe to lock
+# the variables.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = UserAuthenticationStandaloneMm
+ FILE_GUID = 80130611-a67a-4631-becb-87ce22d6f165
+ MODULE_TYPE = MM_STANDALONE
+ VERSION_STRING = 1.0
+ PI_SPECIFICATION_VERSION = 0x00010032
+ ENTRY_POINT = UserAuthenticationMmEntry
+
+[Sources]
+ UserAuthenticationSmm.c
+ UserAuthenticationStandaloneMm.c
+ UserAuthenticationSmm.h
+ KeyService.c
+ KeyService.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ CryptoPkg/CryptoPkg.dec
+ UserAuthFeaturePkg/UserAuthFeaturePkg.dec
+
+[LibraryClasses]
+ StandaloneMmDriverEntryPoint
+ DebugLib
+ BaseLib
+ BaseMemoryLib
+ PrintLib
+ MmServicesTableLib
+ MemoryAllocationLib
+ BaseCryptLib
+ PlatformPasswordLib
+
+[Guids]
+ gUserAuthenticationGuid ## CONSUMES ## GUID
+ gEfiEventExitBootServicesGuid ## CONSUMES ## Event
+
+[Protocols]
+ gEdkiiVariableLockProtocolGuid ## CONSUMES
+ gEfiSmmVariableProtocolGuid ## CONSUMES
+ gEdkiiSmmExitBootServicesProtocolGuid ## CONSUMES
+ gEdkiiSmmLegacyBootProtocolGuid ## CONSUMES
+
+[Depex]
+ gEfiSmmVariableProtocolGuid
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationTraditionalMm.c
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationTraditionalMm.c
new file mode 100644
index 000000000000..1514d78f1946
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationTraditionalMm.c
@@ -0,0 +1,28 @@
+/** @file
+ Entry point of UserAuthenticationSmm.
+
+ Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "UserAuthenticationSmm.h"
+
+/**
+ Main entry for this driver.
+
+ @param[in] ImageHandle Image handle this driver.
+ @param[in] SystemTable Pointer to SystemTable.
+
+ @retval EFI_SUCESS This function always complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+UserAuthenticationMmEntry (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return PasswordSmmInit ();
+}
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariable.h
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariable.h
new file mode 100644
index 000000000000..3b249e06d848
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariable.h
@@ -0,0 +1,36 @@
+/** @file
+ Header file for definition of User Authentication Variable.
+
+ Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef USER_AUTHENTICATION_VARIABLE_H_
+#define USER_AUTHENTICATION_VARIABLE_H_
+
+#define PASSWORD_MAX_TRY_COUNT 3
+#define PASSWORD_HISTORY_CHECK_COUNT 5
+
+//
+// Name of the variable
+//
+#define USER_AUTHENTICATION_VAR_NAME L"Password"
+#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast"
+
+/**
+ Lock password variables for security concern.
+
+ @retval EFI_SUCCESS Succeed to lock variable.
+ @retval EFI_NOT_FOUND Variable Lock protocol is not found.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or
EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock
request.
+
+**/
+EFI_STATUS
+LockPasswordVariable (
+ VOID
+ );
+
+#endif
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLock.c
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLock.c
new file mode 100644
index 000000000000..dd43991fe711
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLock.c
@@ -0,0 +1,84 @@
+/** @file
+ Source code to lock password variables.
+
+ Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include <Protocol/VariablePolicy.h>
+
+#include <Library/PrintLib.h>
+#include <Library/DebugLib.h>
+#include <Library/VariablePolicyHelperLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#include <Guid/UserAuthentication.h>
+
+#include "UserAuthenticationVariable.h"
+
+/**
+ Lock password variables for security concern.
+
+ @retval EFI_SUCCESS Succeed to lock variable.
+ @retval EFI_NOT_FOUND Variable Lock protocol is not found.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or
EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock
request.
+
+**/
+EFI_STATUS
+LockPasswordVariable (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ CHAR16 PasswordHistoryName[sizeof
(USER_AUTHENTICATION_VAR_NAME)/sizeof (CHAR16) + 5];
+ UINTN Index;
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
+
+ Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID
**)&VariablePolicy);
+ if (!EFI_ERROR (Status)) {
+ Status = RegisterBasicVariablePolicy (
+ VariablePolicy,
+ &gUserAuthenticationGuid,
+ USER_AUTHENTICATION_VAR_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW
+ );
+ ASSERT_EFI_ERROR (Status);
+ for (Index = 1; Index <= PASSWORD_HISTORY_CHECK_COUNT; Index++) {
+ UnicodeSPrint (PasswordHistoryName, sizeof (PasswordHistoryName),
L"%s%04x", USER_AUTHENTICATION_VAR_NAME, Index);
+ Status = RegisterBasicVariablePolicy (
+ VariablePolicy,
+ &gUserAuthenticationGuid,
+ PasswordHistoryName,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ Status = RegisterBasicVariablePolicy (
+ VariablePolicy,
+ &gUserAuthenticationGuid,
+ USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME,
+ VARIABLE_POLICY_NO_MIN_SIZE,
+ VARIABLE_POLICY_NO_MAX_SIZE,
+ VARIABLE_POLICY_NO_MUST_ATTR,
+ VARIABLE_POLICY_NO_CANT_ATTR,
+ VARIABLE_POLICY_TYPE_LOCK_NOW
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ return Status;
+}
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.c
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.c
new file mode 100644
index 000000000000..7919feacc9e7
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.c
@@ -0,0 +1,31 @@
+/** @file
+ This Driver mainly locks password variables.
+
+ Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include "UserAuthenticationVariable.h"
+
+/**
+ User Authentication Variable Lock entry point.
+
+ @param[in] ImageHandle The image handle.
+ @param[in] SystemTable The system table.
+
+ @retval EFI_SUCCESS The entry point is executed successfully.
+ @return other Contain some other errors.
+
+**/
+EFI_STATUS
+EFIAPI
+UserAuthenticationVariableLockEntry (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return LockPasswordVariable ();
+}
diff --git
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.inf
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.inf
new file mode 100644
index 000000000000..3959686647f9
--- /dev/null
+++
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLockDxe.inf
@@ -0,0 +1,42 @@
+## @file
+# User Authentication Variable Lock Dxe Driver.
+#
+# This Driver mainly locks the password variable.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = UserAuthenticationVariableLockDxe
+ FILE_GUID = 08fc98fb-1cec-45c6-ad02-542096191054
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = UserAuthenticationVariableLockEntry
+
+[Sources]
+ UserAuthenticationVariableLockDxe.c
+ UserAuthenticationVariableLock.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ UserAuthFeaturePkg/UserAuthFeaturePkg.dec
+
+[LibraryClasses]
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ DebugLib
+ PrintLib
+ VariablePolicyHelperLib
+
+[Guids]
+ gUserAuthenticationGuid ## CONSUMES ## GUID
+
+[Protocols]
+ gEdkiiVariablePolicyProtocolGuid ## CONSUMES
+
+[Depex]
+ gEdkiiVariableLockProtocolGuid
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111015): https://edk2.groups.io/g/devel/message/111015
Mute This Topic: https://groups.io/mt/102502210/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
