| /** @file | |
| Temporary location of the RequestToLock shim code while projects | |
| are moved to VariablePolicy. Should be removed when deprecated. | |
| Copyright (c) Microsoft Corporation. | |
| SPDX-License-Identifier: BSD-2-Clause-Patent | |
| **/ | |
| #include <Uefi.h> | |
| #include <Library/DebugLib.h> | |
| #include <Library/MemoryAllocationLib.h> | |
| #include <Library/VariablePolicyLib.h> | |
| #include <Library/VariablePolicyHelperLib.h> | |
| #include <Protocol/VariableLock.h> | |
| /** | |
| DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING. | |
| Mark a variable that will become read-only after leaving the DXE phase of | |
| execution. Write request coming from SMM environment through | |
| EFI_SMM_VARIABLE_PROTOCOL is allowed. | |
| @param[in] This The VARIABLE_LOCK_PROTOCOL instance. | |
| @param[in] VariableName A pointer to the variable name that will be made | |
| read-only subsequently. | |
| @param[in] VendorGuid A pointer to the vendor GUID that will be made | |
| read-only subsequently. | |
| @retval EFI_SUCCESS The variable specified by the VariableName and | |
| the VendorGuid was marked as pending to be | |
| read-only. | |
| @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. | |
| Or VariableName is an empty string. | |
| @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or | |
| EFI_EVENT_GROUP_READY_TO_BOOT has already been | |
| signaled. | |
| @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock | |
| request. | |
| **/ | |
| EFI_STATUS | |
| EFIAPI | |
| VariableLockRequestToLock ( | |
| IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, | |
| IN CHAR16 *VariableName, | |
| IN EFI_GUID *VendorGuid | |
| ) | |
| { | |
| EFI_STATUS Status; | |
| VARIABLE_POLICY_ENTRY *NewPolicy; | |
| DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! %a() will go away soon!\n", __FUNCTION__)); | |
| DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!\n")); | |
| DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", VendorGuid, VariableName)); | |
| NewPolicy = NULL; | |
| Status = CreateBasicVariablePolicy( | |
| VendorGuid, | |
| VariableName, | |
| VARIABLE_POLICY_NO_MIN_SIZE, | |
| VARIABLE_POLICY_NO_MAX_SIZE, | |
| VARIABLE_POLICY_NO_MUST_ATTR, | |
| VARIABLE_POLICY_NO_CANT_ATTR, | |
| VARIABLE_POLICY_TYPE_LOCK_NOW, | |
| &NewPolicy | |
| ); | |
| if (!EFI_ERROR( Status )) { | |
| Status = RegisterVariablePolicy (NewPolicy); | |
| // | |
| // If the error returned is EFI_ALREADY_STARTED, we need to check the | |
| // current database for the variable and see whether it's locked. If it's | |
| // locked, we're still fine, but also generate a DEBUG_WARN message so the | |
| // duplicate lock can be removed. | |
| // | |
| if (Status == EFI_ALREADY_STARTED) { | |
| Status = ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL); | |
| if (Status == EFI_WRITE_PROTECTED) { | |
| DEBUG ((DEBUG_WARN, " Variable: %g %s is already locked!\n", VendorGuid, VariableName)); | |
| Status = EFI_SUCCESS; | |
| } else { | |
| DEBUG ((DEBUG_ERROR, " Variable: %g %s can not be locked!\n", VendorGuid, VariableName)); | |
| Status = EFI_ACCESS_DENIED; | |
| } | |
| } | |
| } | |
| if (EFI_ERROR (Status)) { | |
| DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status )); | |
| } | |
| if (NewPolicy != NULL) { | |
| FreePool( NewPolicy ); | |
| } | |
| return Status; | |
| } |