For a more detail description of the UEFI variable protected feature you can view the Readme.md located at the following location: https://github.com/judahvang/edk2/tree/rpmc-update
Patch 08 - Update GetNvVariableStore() to call GetVariableFlashNvStorageInfo() and SafeUint64ToUint32(). Patch 09 - Fix 'NextVariableStore' parameter for CopyMem. It was causing an exception. Need to correctly cast 'NextVariableStore' so all platforms build. Add code to initialize 'ContextIn' structure in SmmVariableReady() to fix issue with NULL function pointer. Patch 16 - Change AllocateZeroPool() with AllocatePages() and FreePool() with FreePages(). FreePool() is not supported in PEI phase so this was causing a memory leak. Reverse the order of the FreePages() call. Patch 17 - Change placement of buffer used for confidentiality crypto operation to fix an issue when enabling confidentiality. Remove unneeded increment of monotonic counter. Patch 28 - Fix build issue when DiSABLE_SHA1_DEPRECATED_INTERFACES is defined. Percolate the #ifndef DiSABLE_SHA1_DEPRECATED_INTERFACES to all the Sha1 functions. Replace AllocatePool() with AllocatePages() and FreePool() with FreePages() because FreePool() is not supported in PEI phase. FreePool() does not free the allocated pool in PEI phase causing a memory leak. Judah Vang (28): MdeModulePkg: Add new GUID for Variable Store Info SecurityPkg: Add new GUIDs for MdeModulePkg: Update AUTH_VARIABLE_INFO struct MdeModulePkg: Add reference to new Ppi Guid MdeModulePkg: Add new ProtectedVariable GUIDs MdeModulePkg: Add new include files MdeModulePkg: Add Null ProtectedVariable Library MdeModulePkg: Add new Variable functionality MdeModulePkg: Add support for Protected Variables SecurityPkg: Add new KeyService types and defines SecurityPkg: Update RPMC APIs with index SecurityPkg: Add new variable types and functions SecurityPkg: Fix GetVariableKey API SecurityPkg: Add null encryption variable libs SecurityPkg: Add VariableKey library function SecurityPkg: Add EncryptionVariable lib with AES SecurityPkg: Add Protected Variable Services MdeModulePkg: Reference Null ProtectedVariableLib SecurityPkg: Add references to new *.inf files ArmVirtPkg: Add reference to ProtectedVariableNull UefiPayloadPkg: Add ProtectedVariable reference EmulatorPkg: Add ProtectedVariable reference OvmfPkg: Add ProtectedVariable reference OvmfPkg: Add ProtectedVariableLib reference OvmfPkg: Add ProtectedVariableLib reference OvmfPkg: Add ProtectedVariableLib reference OvmfPkg: Add ProtectedVariable reference CryptoPkg: Enable cypto HMAC KDF and AES library MdeModulePkg/MdeModulePkg.dec | 13 +- SecurityPkg/SecurityPkg.dec | 43 +- ArmVirtPkg/ArmVirtQemu.dsc | 3 +- EmulatorPkg/EmulatorPkg.dsc | 3 +- MdeModulePkg/MdeModulePkg.dsc | 4 +- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +- OvmfPkg/Bhyve/BhyveX64.dsc | 3 +- OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/Microvm/MicrovmX64.dsc | 3 +- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfXen.dsc | 3 +- SecurityPkg/SecurityPkg.dsc | 13 +- UefiPayloadPkg/UefiPayloadPkg.dsc | 2 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 2 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +- MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull.inf | 34 + MdeModulePkg/Universal/Variable/Pei/VariablePei.inf | 10 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 3 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 4 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 +- SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf | 43 + SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf | 38 + SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf | 64 + SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf | 68 + SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf | 67 + SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLib.inf | 62 + SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf | 36 + MdeModulePkg/Include/Guid/ProtectedVariable.h | 22 + MdeModulePkg/Include/Library/AuthVariableLib.h | 4 +- MdeModulePkg/Include/Library/EncryptionVariableLib.h | 165 ++ MdeModulePkg/Include/Library/ProtectedVariableLib.h | 700 +++++++ MdeModulePkg/Universal/Variable/Pei/Variable.h | 80 +- MdeModulePkg/Universal/Variable/Pei/VariableParsing.h | 309 +++ MdeModulePkg/Universal/Variable/Pei/VariableStore.h | 116 ++ MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | 127 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.h | 91 +- MdePkg/Include/Ppi/ReadOnlyVariable2.h | 4 +- SecurityPkg/Include/Library/RpmcLib.h | 15 +- SecurityPkg/Include/Library/VariableKeyLib.h | 37 +- SecurityPkg/Include/Ppi/KeyServicePpi.h | 57 + SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h | 49 + SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h | 611 ++++++ CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c | 11 +- CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.c | 14 +- MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c | 449 ++++ MdeModulePkg/Universal/Variable/Pei/Variable.c | 890 ++------ MdeModulePkg/Universal/Variable/Pei/VariableParsing.c | 941 +++++++++ MdeModulePkg/Universal/Variable/Pei/VariableStore.c | 307 +++ MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c | 349 +++- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2142 +++++++++++--------- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 26 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c | 167 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c | 194 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.c | 320 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c | 2 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 39 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 67 +- SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c | 734 +++++++ SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c | 107 + SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c | 2103 +++++++++++++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c | 163 ++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c | 1327 ++++++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c | 209 ++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeCommon.c | 967 +++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c | 233 +++ SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 8 +- SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c | 59 + SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c | 6 +- SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni | 16 + 72 files changed, 12899 insertions(+), 1874 deletions(-) create mode 100644 MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull.inf create mode 100644 SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf create mode 100644 SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf create mode 100644 MdeModulePkg/Include/Guid/ProtectedVariable.h create mode 100644 MdeModulePkg/Include/Library/EncryptionVariableLib.h create mode 100644 MdeModulePkg/Include/Library/ProtectedVariableLib.h create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableParsing.h create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableStore.h create mode 100644 SecurityPkg/Include/Ppi/KeyServicePpi.h create mode 100644 SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h create mode 100644 MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableParsing.c create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableStore.c create mode 100644 SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c create mode 100644 SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeCommon.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c create mode 100644 SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c create mode 100644 SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90353): https://edk2.groups.io/g/devel/message/90353 Mute This Topic: https://groups.io/mt/91640182/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-