According to the feedback from Laszlo Ersek <ler...@redhat.com> and
Ard Biesheuvel <ard.biesheu...@linaro.org>, the patches are updated to
cover the concern about library class resolutions in OvmfPkg and the
concern about git bisect.
NOTICE: To keep git bisect, the V2 patchset has adjusted the patch sequence
of first version patchset, and the update to platform package Nt32Pkg, OvmfPkg,
ArmPlatformPkg, ArmVirtPkg and Vlv2TbltDevicePkg has been split to two patches.
For your easy review,
the forked code is at g...@github.com:lzeng14/edk2.git branch
SeparateAuthVariableServiceV2.
What to do:
1. Move TpmMeasurementLib LibraryClass from SecurityPkg to MdeModulePkg.
2. Implement a NULL TpmMeasurementLib library instance in MdeModulePkg.
3. Move authenticated variable definition from AuthenticatedVariableFormat.h to
VariableFormat.h.
4. Merge VariableInfo in SecurityPkg to VariableInfo in MdeModulePkg.
5. Merge from VariablePei in SecurityPkg to VariablePei in MdeModulePkg.
6. Add AuthVariableLib LibraryClass definitions in MdeModulePkg.
7. Implement a NULL AuthVariableLib library instance in MdeModulePkg.
8. Implement AuthVariableLib library instance in SecurityPkg.
9. Merge from Auth Variable driver in SecurityPkg to Variable drive in
MdeModulePkg.
10. Update platform package to use the merged Variable driver.
Why to do:
1. Share code.
We are moving forward to separate auth variable service from Auth Variable
driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
2. Remove code duplication and reduce maintenance effort.
2.1. After auth variable service separated from Auth Variable driver in
SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in
SecurityPkg
will be almost same with Variable driver in MdeModulePkg. We are going to
merge them.
2.2. The functionality of VariableInfo in SecurityPkg has covered VariableInfo
in MdeModulePkg.
2.3. The code logic of VariablePei in SecurityPkg is same with VariablePei
in MdeModulePkg.
3. TpmMeasurementLib is consumed by Auth Variable driver in SecurityPkg now,
as Auth Variable driver in SecurityPkg will be merged to Variable driver in
MdeModulePkg, so the library class also needs to be moved to MdeModulePkg.
4. gEfiAuthenticatedVariableGuid will be used by both merged Variable driver
and AuthVariableLib, AUTHENTICATED_VARIABLE_HEADER will be used by
merged Variable driver.
What test done:
Nt32: Boot with SECURE_BOOT_ENABLE = TRUE or FALSE, enable secure boot with
SECURE_BOOT_ENABLE = TRUE.
OVMF: Boot with SECURE_BOOT_ENABLE = TRUE or FALSE, enable secure boot with
SECURE_BOOT_ENABLE = TRUE.
Vlv2TbltDevice: Boot and enable secure boot with SECURE_BOOT_ENABLE = TRUE.
ArmVirtPkg: Built and run both with SECURE_BOOT_ENABLE = TRUE and
SECURE_BOOT_ENABLE,
and both seem to work fine.
What is the impact to platform:
1. Only platform dsc and fdf need to be updated except the change in
ArmPlatformPkg.dec and NorFlashAuthenticatedDxe.inf to remove
gVariableAuthenticatedRuntimeDxeFileGuid and use gVariableRuntimeDxeFileGuid.
Star Zeng (24):
MdeModulePkg PlatDriOverrideDxe: Remove unneeded VARIABLE_HEADER
reference.
MdeModulePkg: Move TpmMeasurementLib LibraryClass from SecurityPkg.
MdeModulePkg: Move authenticated variable definition from SecurityPkg.
MdeModulePkg VariableInfo: Merge from VariableInfo in SecurityPkg.
MdeModulePkg VariablePei: Merge from VariablePei in SecurityPkg.
MdeModulePkg: Add AuthVariableLib LibraryClass.
SecurityPkg: Implement AuthVariableLib library instance.
Nt32Pkg: Link AuthVariableLib for following merged variable driver
deploy.
OvmfPkg: Link AuthVariableLib for following merged variable driver
deploy.
EmulatorPkg: Link AuthVariableLib for following merged variable driver
deploy.
ArmPlatformPkg: Link AuthVariableLib for following merged variable
driver deploy.
ArmVirtPkg: Link AuthVariableLib for following merged variable driver
deploy.
Vlv2TbltDevicePkg: Link AuthVariableLib for following merged variable
driver deploy.
MdeModulePkg Variable: Merge from Auth Variable driver in SecurityPkg.
Nt32Pkg: Use the merged Variable driver.
OvmfPkg: Use the merged Variable driver.
ArmPlatformPkg: Use the merged Variable driver.
ArmVirtPkg: Use the merged Variable driver.
Vlv2TbltDevicePkg: Use the merged Variable driver.
SecurityPkg: Move TpmMeasurementLib LibraryClass to MdeModulePkg.
SecurityPkg VariableInfo: Delete it.
SecurityPkg VariablePei: Delete it.
SecurityPkg Variable: Delete Auth Variable driver.
SecurityPkg: Move authenticated variable definition to MdeModulePkg.
ArmPlatformPkg/ArmJunoPkg/ArmJuno.dsc | 7 +-
ArmPlatformPkg/ArmPlatformPkg.dec | 5 +-
.../ArmRealViewEbPkg/ArmRealViewEb-RTSM-A8.dsc | 7 +-
.../ArmRealViewEbPkg/ArmRealViewEb-RTSM-A9x2.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-CTA15-A7.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-CTA9x4.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A15.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A15_MPCore.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-A9x4.dsc | 7 +-
.../ArmVExpressPkg/ArmVExpress-RTSM-AEMv8Ax4.dsc | 7 +-
.../NorFlashDxe/NorFlashAuthenticatedDxe.inf | 5 +-
ArmVirtPkg/ArmVirtQemu.dsc | 26 +-
ArmVirtPkg/ArmVirtQemu.fdf | 9 +-
EmulatorPkg/EmulatorPkg.dsc | 8 +-
.../Application/VariableInfo/VariableInfo.c | 209 +-
.../Application/VariableInfo/VariableInfo.inf | 25 +-
.../Application/VariableInfo/VariableInfo.uni | Bin 2430 -> 2904 bytes
MdeModulePkg/Include/Guid/SmmVariableCommon.h | 8 +-
MdeModulePkg/Include/Guid/VariableFormat.h | 68 +-
MdeModulePkg/Include/Library/AuthVariableLib.h | 261 ++
MdeModulePkg/Include/Library/TpmMeasurementLib.h | 44 +
MdeModulePkg/Include/Protocol/VarCheck.h | 6 +
.../AuthVariableLibNull/AuthVariableLibNull.c | 78 +
.../AuthVariableLibNull/AuthVariableLibNull.inf | 40 +
.../AuthVariableLibNull/AuthVariableLibNull.uni | Bin 0 -> 1710 bytes
.../TpmMeasurementLibNull/TpmMeasurementLibNull.c | 45 +
.../TpmMeasurementLibNull.inf | 34 +
.../TpmMeasurementLibNull.uni | Bin 0 -> 1654 bytes
MdeModulePkg/MdeModulePkg.dec | 12 +
MdeModulePkg/MdeModulePkg.dsc | 4 +
.../PlatformDriOverrideDxe/PlatDriOverrideLib.c | 3 +-
.../Universal/Variable/Pei/PeiVariable.uni | Bin 2130 -> 2182 bytes
MdeModulePkg/Universal/Variable/Pei/Variable.c | 194 +-
MdeModulePkg/Universal/Variable/Pei/Variable.h | 4 +-
.../Universal/Variable/Pei/VariablePei.inf | 9 +-
.../Universal/Variable/RuntimeDxe/Measurement.c | 255 ++
.../Universal/Variable/RuntimeDxe/Reclaim.c | 5 +-
.../Universal/Variable/RuntimeDxe/VarCheck.c | 234 +-
.../Universal/Variable/RuntimeDxe/Variable.c | 1152 ++++--
.../Universal/Variable/RuntimeDxe/Variable.h | 455 ++-
.../Universal/Variable/RuntimeDxe/VariableDxe.c | 83 +-
.../Universal/Variable/RuntimeDxe/VariableExLib.c | 256 ++
.../Variable/RuntimeDxe/VariableRuntimeDxe.inf | 48 +-
.../Variable/RuntimeDxe/VariableRuntimeDxe.uni | Bin 2588 -> 3150 bytes
.../Universal/Variable/RuntimeDxe/VariableSmm.c | 77 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.inf | 61 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.uni | Bin 3746 -> 4454 bytes
.../Variable/RuntimeDxe/VariableSmmExtra.uni | Bin 1348 -> 1332 bytes
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 130 +-
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 43 +-
Nt32Pkg/Nt32Pkg.dsc | 12 +-
Nt32Pkg/Nt32Pkg.fdf | 8 +-
OvmfPkg/OvmfPkgIa32.dsc | 9 +-
OvmfPkg/OvmfPkgIa32.fdf | 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 9 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 6 +-
OvmfPkg/OvmfPkgX64.dsc | 9 +-
OvmfPkg/OvmfPkgX64.fdf | 6 +-
.../Application/VariableInfo/VariableInfo.c | 265 --
.../Application/VariableInfo/VariableInfo.inf | 63 -
.../Application/VariableInfo/VariableInfo.uni | Bin 2902 -> 0 bytes
.../Application/VariableInfo/VariableInfoExtra.uni | Bin 1360 -> 0 bytes
.../Include/Guid/AuthenticatedVariableFormat.h | 184 +-
SecurityPkg/Include/Library/TpmMeasurementLib.h | 44 -
SecurityPkg/Library/AuthVariableLib/AuthService.c | 2432 ++++++++++++
.../Library/AuthVariableLib/AuthServiceInternal.h | 411 ++
.../Library/AuthVariableLib/AuthVariableLib.c | 460 +++
.../Library/AuthVariableLib/AuthVariableLib.inf | 86 +
.../Library/AuthVariableLib/AuthVariableLib.uni | Bin 0 -> 1670 bytes
.../DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf | 5 +-
SecurityPkg/SecurityPkg.dec | 8 -
SecurityPkg/SecurityPkg.dsc | 9 +-
.../EsalVariableDxeSal/AuthService.c | 42 +-
.../EsalVariableDxeSal/Variable.c | 220 +-
.../EsalVariableDxeSal/Variable.h | 18 +-
.../VariableAuthenticated/Pei/PeiVariableAuth.uni | Bin 2170 -> 0 bytes
.../VariableAuthenticated/Pei/PeiVariableExtra.uni | Bin 1348 -> 0 bytes
SecurityPkg/VariableAuthenticated/Pei/Variable.c | 1087 -----
SecurityPkg/VariableAuthenticated/Pei/Variable.h | 148 -
.../VariableAuthenticated/Pei/VariablePei.inf | 73 -
.../VariableAuthenticated/RuntimeDxe/AuthService.c | 2532 ------------
.../VariableAuthenticated/RuntimeDxe/AuthService.h | 360 --
.../VariableAuthenticated/RuntimeDxe/Measurement.c | 255 --
.../VariableAuthenticated/RuntimeDxe/Reclaim.c | 161 -
.../VariableAuthenticated/RuntimeDxe/VarCheck.c | 1264 ------
.../VariableAuthenticated/RuntimeDxe/Variable.c | 4170 --------------------
.../VariableAuthenticated/RuntimeDxe/Variable.h | 842 ----
.../RuntimeDxe/VariableAuthRuntimeDxe.uni | Bin 3204 -> 0 bytes
.../RuntimeDxe/VariableAuthSmm.uni | Bin 4488 -> 0 bytes
.../RuntimeDxe/VariableAuthSmmRuntimeDxe.uni | Bin 3320 -> 0 bytes
.../VariableAuthenticated/RuntimeDxe/VariableDxe.c | 530 ---
.../RuntimeDxe/VariableRuntimeDxe.inf | 158 -
.../RuntimeDxe/VariableRuntimeDxeExtra.uni | Bin 1376 -> 0 bytes
.../VariableAuthenticated/RuntimeDxe/VariableSmm.c | 988 -----
.../RuntimeDxe/VariableSmm.inf | 165 -
.../RuntimeDxe/VariableSmmExtra.uni | Bin 1332 -> 0 bytes
.../RuntimeDxe/VariableSmmRuntimeDxe.c | 1118 ------
.../RuntimeDxe/VariableSmmRuntimeDxe.inf | 102 -
.../RuntimeDxe/VariableSmmRuntimeDxeExtra.uni | Bin 1390 -> 0 bytes
Vlv2TbltDevicePkg/PlatformPkg.fdf | 14 +-
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 14 +-
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 32 +-
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 32 +-
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 32 +-
105 files changed, 6887 insertions(+), 15468 deletions(-)
create mode 100644 MdeModulePkg/Include/Library/AuthVariableLib.h
create mode 100644 MdeModulePkg/Include/Library/TpmMeasurementLib.h
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
create mode 100644
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.uni
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
create mode 100644
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.uni
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.c
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.inf
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfo.uni
delete mode 100644 SecurityPkg/Application/VariableInfo/VariableInfoExtra.uni
delete mode 100644 SecurityPkg/Include/Library/TpmMeasurementLib.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthService.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/PeiVariableAuth.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/PeiVariableExtra.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/Variable.c
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/Variable.h
delete mode 100644 SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Measurement.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Reclaim.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthRuntimeDxe.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthSmm.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableAuthSmmRuntimeDxe.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxeExtra.uni
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
delete mode 100644 SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmExtra.uni
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
delete mode 100644
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxeExtra.uni
--
1.9.5.msysgit.0
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
