For your easy review,
the forked code is at g...@github.com:lzeng14/edk2.git branch
SeparateAuthVariableService.
What to do:
1. Move TpmMeasurementLib LibraryClass from SecurityPkg to MdeModulePkg.
2. Implement a NULL TpmMeasurementLib library instance in MdeModulePkg.
3. Move authenticated variable definition from AuthenticatedVariableFormat.h to
VariableFormat.h.
4. Merge VariableInfo in SecurityPkg to VariableInfo in MdeModulePkg.
5. Merge from VariablePei in SecurityPkg to VariablePei in MdeModulePkg.
6. Add AuthVariableLib LibraryClass definitions in MdeModulePkg.
7. Implement a NULL AuthVariableLib library instance in MdeModulePkg.
8. Implement AuthVariableLib library instance in SecurityPkg.
9. Merge from Auth Variable driver in SecurityPkg to Variable drive in
MdeModulePkg.
10. Update platform package to use the merged Variable driver.
Why to do:
1. Share code.
We are moving forward to separate auth variable service from Auth Variable
driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
2. Remove code duplication and reduce maintenance effort.
2.1. After auth variable service separated from Auth Variable driver in
SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in
SecurityPkg
will be almost same with Variable driver in MdeModulePkg. We are going to
merge them.
2.2. The functionality of VariableInfo in SecurityPkg has covered VariableInfo
in MdeModulePkg.
2.3. The code logic of VariablePei in SecurityPkg is same with VariablePei
in MdeModulePkg.
3. TpmMeasurementLib is consumed by Auth Variable driver in SecurityPkg now,
as Auth Variable driver in SecurityPkg will be merged to Variable driver in
MdeModulePkg, so the library class also needs to be moved to MdeModulePkg.
4. gEfiAuthenticatedVariableGuid will be used by both merged Variable driver
and AuthVariableLib, AUTHENTICATED_VARIABLE_HEADER will be used by
merged Variable driver.
What test done:
Nt32: Boot with SECURE_BOOT_ENABLE = TRUE or FALSE, enable secure boot with
SECURE_BOOT_ENABLE = TRUE.
OVMF: Boot with SECURE_BOOT_ENABLE = TRUE or FALSE, enable secure boot with
SECURE_BOOT_ENABLE = TRUE.
Vlv2TbltDevice: Boot and enable secure boot with SECURE_BOOT_ENABLE = TRUE.
What is the impact to platform:
1. Only platform dsc and fdf need to be updated except the change in
ArmPlatformPkg.dec and NorFlashAuthenticatedDxe.inf to remove
gVariableAuthenticatedRuntimeDxeFileGuid and use gVariableRuntimeDxeFileGuid.
Star Zeng (20):
MdeModulePkg: Move TpmMeasurementLib LibraryClass from SecurityPkg.
SecurityPkg: Move TpmMeasurementLib LibraryClass to MdeModulePkg.
MdeModulePkg: Move authenticated variable definition from SecurityPkg.
SecurityPkg: Move authenticated variable definition to MdeModulePkg.
MdeModulePkg VariableInfo: Merge from VariableInfo in SecurityPkg.
SecurityPkg VariableInfo: Delete it.
MdeModulePkg VariablePei: Merge from VariablePei in SecurityPkg.
SecurityPkg VariablePei: Delete it.
MdeModulePkg: Add AuthVariableLib LibraryClass.
SecurityPkg: Implement AuthVariableLib library instance.
MdeModulePkg Variable: Merge from Auth Variable driver in SecurityPkg.
SecurityPkg Variable: Delete Auth Variable driver.
MdeModulePkg PlatDriOverrideDxe: Remove unneeded VARIABLE_HEADER
reference.
SecurityPkg EsalVariableDxeSal: Replace VARIABLE_HEADER
Nt32Pkg: Use the merged Variable driver.
OvmfPkg: Use the merged Variable driver.
EmulatorPkg: Use the merged Variable driver.
ArmPlatformPkg: Use the merged Variable driver.
ArmVirtPkg: Use the merged Variable driver.
Vlv2TbltDevicePkg: Use the merged Variable driver.
ArmPlatformPkg/ArmJunoPkg/ArmJuno.dsc | 7 +-
ArmPlatformPkg/ArmPlatformPkg.dec | 5 +-
.../ArmRealViewEbPkg/ArmRealViewEb-RTSM-A8.dsc | 7 +-
.../ArmRealViewEbPkg/ArmRealViewEb-RTSM-A9x2.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-CTA15-A7.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-CTA9x4.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A15.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A9x4.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.dsc | 7 +-
.../NorFlashDxe/NorFlashAuthenticatedDxe.inf | 5 +-
ArmVirtPkg/ArmVirtQemu.dsc | 26 +-
ArmVirtPkg/ArmVirtQemu.fdf | 9 +-
EmulatorPkg/EmulatorPkg.dsc | 8 +-
.../Application/VariableInfo/VariableInfo.c | 209 +-
.../Application/VariableInfo/VariableInfo.inf | 25 +-
.../Application/VariableInfo/VariableInfo.uni | Bin 2430 -> 2904 bytes
MdeModulePkg/Include/Guid/SmmVariableCommon.h | 8 +-
MdeModulePkg/Include/Guid/VariableFormat.h | 68 +-
MdeModulePkg/Include/Library/AuthVariableLib.h | 261 ++
MdeModulePkg/Include/Library/TpmMeasurementLib.h | 44 +
MdeModulePkg/Include/Protocol/VarCheck.h | 6 +
.../AuthVariableLibNull/AuthVariableLibNull.c | 78 +
.../AuthVariableLibNull/AuthVariableLibNull.inf | 40 +
.../AuthVariableLibNull/AuthVariableLibNull.uni | Bin 0 -> 1710 bytes
.../TpmMeasurementLibNull/TpmMeasurementLibNull.c | 45 +
.../TpmMeasurementLibNull.inf | 34 +
.../TpmMeasurementLibNull.uni | Bin 0 -> 1654 bytes
MdeModulePkg/MdeModulePkg.dec | 12 +
MdeModulePkg/MdeModulePkg.dsc | 4 +
.../PlatformDriOverrideDxe/PlatDriOverrideLib.c | 3 +-
.../Universal/Variable/Pei/PeiVariable.uni | Bin 2130 -> 2182 bytes
MdeModulePkg/Universal/Variable/Pei/Variable.c | 194 +-
MdeModulePkg/Universal/Variable/Pei/Variable.h | 4 +-
.../Universal/Variable/Pei/VariablePei.inf | 9 +-
.../Universal/Variable/RuntimeDxe/Measurement.c | 255 ++
.../Universal/Variable/RuntimeDxe/Reclaim.c | 5 +-
.../Universal/Variable/RuntimeDxe/VarCheck.c | 234 +-
.../Universal/Variable/RuntimeDxe/Variable.c | 1152 ++++--
.../Universal/Variable/RuntimeDxe/Variable.h | 455 ++-
.../Universal/Variable/RuntimeDxe/VariableDxe.c | 83 +-
.../Universal/Variable/RuntimeDxe/VariableExLib.c | 256 ++
.../Variable/RuntimeDxe/VariableRuntimeDxe.inf | 48 +-
.../Variable/RuntimeDxe/VariableRuntimeDxe.uni | Bin 2588 -> 3150 bytes
.../Universal/Variable/RuntimeDxe/VariableSmm.c | 77 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.inf | 61 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.uni | Bin 3746 -> 4454 bytes
.../Variable/RuntimeDxe/VariableSmmExtra.uni | Bin 1348 -> 1332 bytes
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 130 +-
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 43 +-
Nt32Pkg/Nt32Pkg.dsc | 17 +-
Nt32Pkg/Nt32Pkg.fdf | 8 +-
OvmfPkg/OvmfPkgIa32.dsc | 18 +-
OvmfPkg/OvmfPkgIa32.fdf | 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 18 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 6 +-
OvmfPkg/OvmfPkgX64.dsc | 18 +-
OvmfPkg/OvmfPkgX64.fdf | 4 +-
.../Application/VariableInfo/VariableInfo.c | 265 --
.../Application/VariableInfo/VariableInfo.inf | 63 -
.../Application/VariableInfo/VariableInfo.uni | Bin 2902 -> 0 bytes
.../Application/VariableInfo/VariableInfoExtra.uni | Bin 1360 -> 0 bytes
.../Include/Guid/AuthenticatedVariableFormat.h | 184 +-
SecurityPkg/Include/Library/TpmMeasurementLib.h | 44 -
SecurityPkg/Library/AuthVariableLib/AuthService.c | 2432 ++++++++++++
.../Library/AuthVariableLib/AuthServiceInternal.h | 411 ++
.../Library/AuthVariableLib/AuthVariableLib.c | 460 +++
.../Library/AuthVariableLib/AuthVariableLib.inf | 86 +
.../Library/AuthVariableLib/AuthVariableLib.uni | Bin 0 -> 1670 bytes
.../DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf | 5 +-
SecurityPkg/SecurityPkg.dec | 8 -
SecurityPkg/SecurityPkg.dsc | 9 +-
.../EsalVariableDxeSal/AuthService.c | 42 +-
.../EsalVariableDxeSal/Variable.c | 220 +-
.../EsalVariableDxeSal/Variable.h | 18 +-
.../VariableAuthenticated/Pei/PeiVariableAuth.uni | Bin 2170 -> 0 bytes
.../VariableAuthenticated/Pei/PeiVariableExtra.uni | Bin 1348 -> 0 bytes
SecurityPkg/VariableAuthenticated/Pei/Variable.c | 1087 -----
SecurityPkg/VariableAuthenticated/Pei/Variable.h | 148 -
.../VariableAuthenticated/Pei/VariablePei.inf | 73 -
.../VariableAuthenticated/RuntimeDxe/AuthService.c | 2532 ------------
.../VariableAuthenticated/RuntimeDxe/AuthService.h | 360 --
.../VariableAuthenticated/RuntimeDxe/Measurement.c | 255 --
.../VariableAuthenticated/RuntimeDxe/Reclaim.c | 161 -
.../VariableAuthenticated/RuntimeDxe/VarCheck.c | 1264 ------
.../VariableAuthenticated/RuntimeDxe/Variable.c | 4170 --------------------
.../VariableAuthenticated/RuntimeDxe/Variable.h | 842 ----
.../RuntimeDxe/VariableAuthRuntimeDxe.uni | Bin 3204 -> 0 bytes
.../RuntimeDxe/VariableAuthSmm.uni | Bin 4488 -> 0 bytes
.../RuntimeDxe/VariableAuthSmmRuntimeDxe.uni | Bin 3320 -> 0 bytes
.../VariableAuthenticated/RuntimeDxe/VariableDxe.c | 530 ---
.../RuntimeDxe/VariableRuntimeDxe.inf | 158 -
.../RuntimeDxe/VariableRuntimeDxeExtra.uni | Bin 1376 -> 0 bytes
.../VariableAuthenticated/RuntimeDxe/VariableSmm.c | 988 -----
.../RuntimeDxe/VariableSmm.inf | 165 -
.../RuntimeDxe/VariableSmmExtra.uni | Bin 1332 -> 0 bytes
.../RuntimeDxe/VariableSmmRuntimeDxe.c | 1118 ------
.../RuntimeDxe/VariableSmmRuntimeDxe.inf | 102 -
.../RuntimeDxe/VariableSmmRuntimeDxeExtra.uni | Bin 1390 -> 0 bytes
Vlv2TbltDevicePkg/PlatformPkg.fdf | 14 +-
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 14 +-
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 30 +-
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 30 +-
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 30 +-
105 files changed, 6927 insertions(+), 15452 deletions(-)
create mode 100644 MdeModulePkg/Include/Library/AuthVariableLib.h
create mode 100644 MdeModulePkg/Include/Library/TpmMeasurementLib.h
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.uni
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.uni
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.c
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.inf
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.uni
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfoExtra.uni
delete mode 100644 SecurityPkg/Include/Library/TpmMeasurementLib.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthService.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/PeiVariableAuth.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/PeiVariableExtra.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/Variable.c
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/Variable.h
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Measurement.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Reclaim.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthRuntimeDxe.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthSmm.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthSmmRuntimeDxe.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxeExtra.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmExtra.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxeExtra.uni
--
1.9.5.msysgit.0
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
