1 /** @file
2   Temporary location of the RequestToLock shim code while projects
3   are moved to VariablePolicy. Should be removed when deprecated.
4 
5   Copyright (c) Microsoft Corporation.
6   SPDX-License-Identifier: BSD-2-Clause-Patent
7 
8 **/
9 
10 #include <Uefi.h>
11 #include <Library/DebugLib.h>
12 #include <Library/MemoryAllocationLib.h>
13 #include <Library/VariablePolicyLib.h>
14 #include <Library/VariablePolicyHelperLib.h>
15 #include <Protocol/VariableLock.h>
16 
17 /**
18   DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING.
19   Mark a variable that will become read-only after leaving the DXE phase of
20   execution. Write request coming from SMM environment through
21   EFI_SMM_VARIABLE_PROTOCOL is allowed.
22 
23   @param[in] This          The VARIABLE_LOCK_PROTOCOL instance.
24   @param[in] VariableName  A pointer to the variable name that will be made
25                            read-only subsequently.
26   @param[in] VendorGuid    A pointer to the vendor GUID that will be made
27                            read-only subsequently.
28 
29   @retval EFI_SUCCESS           The variable specified by the VariableName and
30                                 the VendorGuid was marked as pending to be
31                                 read-only.
32   @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
33                                 Or VariableName is an empty string.
34   @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or
35                                 EFI_EVENT_GROUP_READY_TO_BOOT has already been
36                                 signaled.
37   @retval EFI_OUT_OF_RESOURCES  There is not enough resource to hold the lock
38                                 request.
39 **/
40 EFI_STATUS
41 EFIAPI
VariableLockRequestToLock(IN CONST EDKII_VARIABLE_LOCK_PROTOCOL * This,IN CHAR16 * VariableName,IN EFI_GUID * VendorGuid)42 VariableLockRequestToLock (
43   IN CONST EDKII_VARIABLE_LOCK_PROTOCOL  *This,
44   IN CHAR16                              *VariableName,
45   IN EFI_GUID                            *VendorGuid
46   )
47 {
48   EFI_STATUS             Status;
49   VARIABLE_POLICY_ENTRY  *NewPolicy;
50 
51   DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! %a() will go away soon!\n", __FUNCTION__));
52   DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!\n"));
53   DEBUG ((DEBUG_ERROR, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", VendorGuid, VariableName));
54 
55   NewPolicy = NULL;
56   Status = CreateBasicVariablePolicy(
57              VendorGuid,
58              VariableName,
59              VARIABLE_POLICY_NO_MIN_SIZE,
60              VARIABLE_POLICY_NO_MAX_SIZE,
61              VARIABLE_POLICY_NO_MUST_ATTR,
62              VARIABLE_POLICY_NO_CANT_ATTR,
63              VARIABLE_POLICY_TYPE_LOCK_NOW,
64              &NewPolicy
65              );
66   if (!EFI_ERROR( Status )) {
67     Status = RegisterVariablePolicy (NewPolicy);
68 
69     //
70     // If the error returned is EFI_ALREADY_STARTED, we need to check the
71     // current database for the variable and see whether it's locked. If it's
72     // locked, we're still fine, but also generate a DEBUG_ERROR message so the
73     // duplicate lock can be removed.
74     //
75     if (Status == EFI_ALREADY_STARTED) {
76       Status = ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL);
77       if (Status == EFI_WRITE_PROTECTED) {
78         DEBUG ((DEBUG_ERROR, "  Variable: %g %s is already locked!\n", VendorGuid, VariableName));
79         Status = EFI_SUCCESS;
80       } else {
81         DEBUG ((DEBUG_ERROR, "  Variable: %g %s can not be locked!\n", VendorGuid, VariableName));
82         Status = EFI_ACCESS_DENIED;
83       }
84     }
85   }
86   if (EFI_ERROR (Status)) {
87     DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, VariableName, Status ));
88   }
89   if (NewPolicy != NULL) {
90     FreePool( NewPolicy );
91   }
92 
93   return Status;
94 }
95