For a more detail description of the UEFI variable protected feature you can view the Readme.md located at the following location: https://github.com/judahvang/edk2/tree/rpmc-update
Judah Vang (28): MdeModulePkg: Add new GUID for Variable Store Info SecurityPkg: Add new GUIDs for MdeModulePkg: Update AUTH_VARIABLE_INFO struct MdeModulePkg: Add reference to new Ppi Guid MdeModulePkg: Add new ProtectedVariable GUIDs MdeModulePkg: Add new include files MdeModulePkg: Add Null ProtectedVariable Library MdeModulePkg: Add new Variable functionality MdeModulePkg: Add support for Protected Variables SecurityPkg: Add new KeyService types and defines SecurityPkg: Update RPMC APIs with index SecurityPkg: Add new variable types and functions SecurityPkg: Fix GetVariableKey API SecurityPkg: Add null encryption variable libs SecurityPkg: Add VariableKey library function SecurityPkg: Add EncryptionVariable lib with AES SecurityPkg: Add Protected Variable Services MdeModulePkg: Reference Null ProtectedVariableLib SecurityPkg: Add references to new *.inf files ArmVirtPkg: Add reference to ProtectedVariableNull UefiPayloadPkg: Add ProtectedVariable reference EmulatorPkg: Add ProtectedVariable reference OvmfPkg: Add ProtectedVariable reference OvmfPkg: Add ProtectedVariableLib reference OvmfPkg: Add ProtectedVariableLib reference OvmfPkg: Add ProtectedVariableLib reference OvmfPkg: Add ProtectedVariable reference CryptoPkg: Enable cypto HMAC KDF library MdeModulePkg/MdeModulePkg.dec | 13 +- SecurityPkg/SecurityPkg.dec | 43 +- ArmVirtPkg/ArmVirtQemu.dsc | 3 +- EmulatorPkg/EmulatorPkg.dsc | 3 +- MdeModulePkg/MdeModulePkg.dsc | 4 +- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +- OvmfPkg/Bhyve/BhyveX64.dsc | 3 +- OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/Microvm/MicrovmX64.dsc | 3 +- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfXen.dsc | 3 +- SecurityPkg/SecurityPkg.dsc | 13 +- UefiPayloadPkg/UefiPayloadPkg.dsc | 2 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +- MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull.inf | 34 + MdeModulePkg/Universal/Variable/Pei/VariablePei.inf | 10 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 3 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 4 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 +- SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf | 43 + SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf | 38 + SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf | 64 + SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf | 68 + SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf | 67 + SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLib.inf | 62 + SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf | 36 + MdeModulePkg/Include/Guid/ProtectedVariable.h | 22 + MdeModulePkg/Include/Library/AuthVariableLib.h | 4 +- MdeModulePkg/Include/Library/EncryptionVariableLib.h | 165 ++ MdeModulePkg/Include/Library/ProtectedVariableLib.h | 700 +++++++ MdeModulePkg/Universal/Variable/Pei/Variable.h | 80 +- MdeModulePkg/Universal/Variable/Pei/VariableParsing.h | 309 +++ MdeModulePkg/Universal/Variable/Pei/VariableStore.h | 116 ++ MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | 126 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.h | 91 +- MdePkg/Include/Ppi/ReadOnlyVariable2.h | 4 +- SecurityPkg/Include/Library/RpmcLib.h | 15 +- SecurityPkg/Include/Library/VariableKeyLib.h | 37 +- SecurityPkg/Include/Ppi/KeyServicePpi.h | 57 + SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h | 49 + SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h | 611 ++++++ MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c | 449 ++++ MdeModulePkg/Universal/Variable/Pei/Variable.c | 886 ++------ MdeModulePkg/Universal/Variable/Pei/VariableParsing.c | 941 +++++++++ MdeModulePkg/Universal/Variable/Pei/VariableStore.c | 305 +++ MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c | 349 +++- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2139 +++++++++++--------- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 26 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c | 167 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c | 194 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.c | 320 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c | 2 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 39 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 41 +- SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c | 728 +++++++ SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c | 107 + SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c | 2095 +++++++++++++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c | 163 ++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c | 1331 ++++++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c | 209 ++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeCommon.c | 975 +++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c | 233 +++ SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 8 +- SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c | 59 + SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c | 6 +- SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni | 16 + 69 files changed, 12845 insertions(+), 1863 deletions(-) create mode 100644 MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull.inf create mode 100644 SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf create mode 100644 SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLib.inf create mode 100644 SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf create mode 100644 MdeModulePkg/Include/Guid/ProtectedVariable.h create mode 100644 MdeModulePkg/Include/Library/EncryptionVariableLib.h create mode 100644 MdeModulePkg/Include/Library/ProtectedVariableLib.h create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableParsing.h create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableStore.h create mode 100644 SecurityPkg/Include/Ppi/KeyServicePpi.h create mode 100644 SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h create mode 100644 MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableParsing.c create mode 100644 MdeModulePkg/Universal/Variable/Pei/VariableStore.c create mode 100644 SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c create mode 100644 SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeCommon.c create mode 100644 SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c create mode 100644 SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c create mode 100644 SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89418): https://edk2.groups.io/g/devel/message/89418 Mute This Topic: https://groups.io/mt/90781879/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-