On Sat, 28 Oct 2023 at 03:18, Michael Kubacki <mikub...@linux.microsoft.com> wrote: > > From: Michael Kubacki <michael.kuba...@microsoft.com> > > Adds a new module (dynamic shell command) to ShellPkg that lists > variable policy information for all UEFI variables on the system. > > Some other UEFI variable related functionality is also included to > give a greater sense of platform UEFI variable state. >
Thanks, this looks usefu. For the series, Reviewed-by: Ard Biesheuvel <a...@kernel.org> Could we add it to ArmVirtPkg as well please? > Like all dynamic shell commands, a platform only needs to include > VariablePolicyDynamicCommand.inf in their flash image to have > the command registered in their UEFI shell. > > The shell command is added to OvmfPkg so it is available in an > easily obtainable virtual platform. > > The code can also be built as a standalone EFI application. > > This is being made available to ease auditing and enabling of UEFI > variable policy to encourage its adoption for securing UEFI > variables. > > --- > > Command Help: > > Lists UEFI variable policy information. > > VARPOLICY [-p] [-s] [-v] > > -p - The policy flag will print variable policy info for each variable. > > -s - The stats flag will print overall UEFI variable policy statistics. > > -v - The verbose flag indicates all known information should be printed. > > This includes a dump of the corresponding UEFI variable data in > addition to all other UEFI variable policy information. > > EXAMPLES: > > * To dump all active UEFI variables: > fs0:\> varpolicy > > * To include UEFI variable policy information: > varpolicy -p > > * To include UEFI variable statistics: > varpolicy -s > > Press ENTER to continue or 'Q' break: > > --- > > v2 changes: > > - Allow the variable policy dynamic command to also be built as a > standalone EFI app. > > Images showing example output are available in the PR: > https://github.com/tianocore/edk2/pull/4835 > > Cc: Anatol Belski <anbel...@linux.microsoft.com> > Cc: Anthony Perard <anthony.per...@citrix.com> > Cc: Dandan Bi <dandan...@intel.com> > Cc: Gerd Hoffmann <kra...@redhat.com> > Cc: Hao A Wu <hao.a...@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Jianyong Wu <jianyong...@arm.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Jordan Justen <jordan.l.jus...@intel.com> > Cc: Julien Grall <jul...@xen.org> > Cc: Liming Gao <gaolim...@byosoft.com.cn> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Cc: Zhichao Gao <zhichao....@intel.com> > > Michael Kubacki (3): > MdeModulePkg/VariablePolicy: Add more granular variable policy > querying > ShellPkg: Add varpolicy dynamic shell command and app > OvmfPkg: Add varpolicy shell command > > MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c > | 174 +++- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c > | 304 +++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c > | 4 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c > | 346 +++++++- > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.c > | 877 ++++++++++++++++++++ > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.c > | 59 ++ > > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.c > | 157 ++++ > MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h > | 39 +- > MdeModulePkg/Include/Library/VariablePolicyLib.h > | 107 +++ > MdeModulePkg/Include/Protocol/VariablePolicy.h > | 133 ++- > MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > | 1 + > OvmfPkg/CloudHv/CloudHvX64.dsc > | 4 + > OvmfPkg/Microvm/MicrovmX64.dsc > | 4 + > OvmfPkg/OvmfPkgIa32.dsc > | 4 + > OvmfPkg/OvmfPkgIa32X64.dsc > | 4 + > OvmfPkg/OvmfPkgX64.dsc > | 4 + > OvmfPkg/OvmfXen.dsc > | 4 + > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.h > | 126 +++ > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.uni > | 86 ++ > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.inf > | 58 ++ > > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf > | 57 ++ > ShellPkg/ShellPkg.dsc > | 5 + > 22 files changed, 2511 insertions(+), 46 deletions(-) > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.c > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.c > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.c > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.h > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.uni > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.inf > create mode 100644 > ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf > > -- > 2.42.0.windows.2 > > > > ------------ > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#110234): https://edk2.groups.io/g/devel/message/110234 > Mute This Topic: https://groups.io/mt/102234059/5717338 > Group Owner: devel+ow...@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [ardb+tianoc...@kernel.org] > ------------ > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110238): https://edk2.groups.io/g/devel/message/110238 Mute This Topic: https://groups.io/mt/102234059/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
