Re: [edk2-devel] [PATCH v4 16/28] SecurityPkg: Add VariableKey library function

Sun, 21 Aug 2022 20:52:59 -0700 

Judah,

This lib depends on a PPI. Then it cannot be a BASE lib. Please add module type
restriction like example below.

+  LIBRARY_CLASS                  = VariableKeyLib
  =>
+  LIBRARY_CLASS                  = VariableKeyLib|PEIM

With this addressed,

   Reviewed-by: Jian J Wang <jian.j.w...@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Vang, Judah <judah.v...@intel.com>
> Sent: Thursday, August 11, 2022 2:53 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.w...@intel.com>; Yao, Jiewen <jiewen....@intel.com>;
> Mistry, Nishant C <nishant.c.mis...@intel.com>
> Subject: [PATCH v4 16/28] SecurityPkg: Add VariableKey library function
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> 
> Provide function that retrieves the key for protected
> variables.
> 
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Nishant C Mistry <nishant.c.mis...@intel.com>
> Signed-off-by: Jian J Wang <jian.j.w...@intel.com>
> Signed-off-by: Nishant C Mistry <nishant.c.mis...@intel.com>
> Signed-off-by: Judah Vang <judah.v...@intel.com>
> ---
>  SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf | 36 ++++++++++++
>  SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c   | 59
> ++++++++++++++++++++
>  2 files changed, 95 insertions(+)
> 
> diff --git a/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf
> b/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf
> new file mode 100644
> index 000000000000..f62c80ce9943
> --- /dev/null
> +++ b/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf
> @@ -0,0 +1,36 @@
> +## @file
> +#  Provides default implementation of VariableKeyLib.
> +#
> +#  Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x00010029
> +  BASE_NAME                      = VariableKeyLib
> +  FILE_GUID                      = 7DF5A0BA-1DBB-4E67-A9F7-9FCCB1F9D250
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = VariableKeyLib
> +
> +#
> +# The following information is for reference only and not required by the 
> build
> tools.
> +#
> +#  VALID_ARCHITECTURES           = IA32 X64 Arm AArch64
> +#
> +
> +[Sources]
> +  VariableKeyLib.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +
> +[LibraryClasses]
> +  BaseLib
> +  DebugLib
> +
> +[PpiS]
> +  gKeyServicePpiGuid ## CONSUMES
> +
> diff --git a/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c
> b/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c
> new file mode 100644
> index 000000000000..31b22782cb0c
> --- /dev/null
> +++ b/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c
> @@ -0,0 +1,59 @@
> +/** @file
> +  VariableKeyLib implementation.
> +
> +Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <PiPei.h>
> +
> +#include <Library/PeiServicesLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/VariableKeyLib.h>
> +
> +#include <Ppi/KeyServicePpi.h>
> +
> +#define VAR_KEY_SALT       L"Key for RPMC Variable"
> +#define VAR_KEY_SALT_SIZE  sizeof (VAR_KEY_SALT)
> +
> +/**
> +  Retrieves the key for integrity and/or confidentiality of variables.
> +
> +  @param[out]     VariableKey         A pointer to pointer for the variable 
> key
> buffer.
> +  @param[in]      VariableKeySize     The size in bytes of the variable key.
> +
> +  @retval       EFI_SUCCESS             The variable key was returned.
> +  @retval       EFI_DEVICE_ERROR        An error occurred while attempting 
> to get
> the variable key.
> +  @retval       EFI_ACCESS_DENIED       The function was invoked after 
> locking
> the key interface.
> +  @retval       EFI_UNSUPPORTED         The variable key is not supported in 
> the
> current boot configuration.
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetVariableKey (
> +  OUT VOID   *VariableKey,
> +  IN  UINTN  VariableKeySize
> +  )
> +{
> +  EFI_STATUS       Status;
> +  KEY_SERVICE_PPI  *KeyService;
> +
> +  Status = PeiServicesLocatePpi (
> +             &gKeyServicePpiGuid,
> +             0,
> +             NULL,
> +             (void **)&KeyService
> +             );
> +  if (EFI_ERROR (Status)) {
> +    ASSERT_EFI_ERROR (Status);
> +    return Status;
> +  }
> +
> +  Status = KeyService->GenerateKey (
> +                         (UINT8 *)VAR_KEY_SALT,
> +                         VAR_KEY_SALT_SIZE,
> +                         VariableKey,
> +                         VariableKeySize
> +                         );
> +  return Status;
> +}
> --
> 2.35.1.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92605): https://edk2.groups.io/g/devel/message/92605
Mute This Topic: https://groups.io/mt/92953542/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to