MdeModulePkg: Add VarCheckLib library

What to do:
1. Add VarCheckLib LibraryClass definitions.
2. Implement VarCheckLib library instance.
The code logic are separated from Variable driver.

Why to do: Share code.
Separate variable check service from Variable driver in MdeModulePkg.
We are going to separate generic software logic code from Variable Driver
to benefit other variable driver implementation. Auth services has been done
to be AuthVariableLib, now to cover variable check service.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18278 6f19259b-4bc3-4df7-8a09-765794883524
diff --git a/MdeModulePkg/Include/Library/VarCheckLib.h b/MdeModulePkg/Include/Library/VarCheckLib.h
new file mode 100644
index 0000000..a423bc0
--- /dev/null
+++ b/MdeModulePkg/Include/Library/VarCheckLib.h
@@ -0,0 +1,180 @@
+/** @file

+  Provides variable check services and database management.

+

+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials are licensed and made available under

+the terms and conditions of the BSD License that accompanies this distribution.

+The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php.

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#ifndef _VARIABLE_CHECK_LIB_H_

+#define _VARIABLE_CHECK_LIB_H_

+

+#include <Protocol/VarCheck.h>

+

+typedef enum {

+  VarCheckRequestReserved0 = 0,

+  VarCheckRequestReserved1 = 1,

+  VarCheckFromTrusted = 2,

+  VarCheckFromUntrusted = 3,

+} VAR_CHECK_REQUEST_SOURCE;

+

+typedef

+VOID

+(EFIAPI *VAR_CHECK_END_OF_DXE_CALLBACK) (

+  VOID

+  );

+

+/**

+  Register END_OF_DXE callback.

+  The callback will be invoked by VarCheckLibInitializeAtEndOfDxe().

+

+  @param[in] Callback           END_OF_DXE callback.

+

+  @retval EFI_SUCCESS           The callback was registered successfully.

+  @retval EFI_INVALID_PARAMETER Callback is NULL.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the callback register request.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibRegisterEndOfDxeCallback (

+  IN VAR_CHECK_END_OF_DXE_CALLBACK  Callback

+  );

+

+/**

+  Var check initialize at END_OF_DXE.

+

+  This function needs to be called at END_OF_DXE.

+  Address pointers may be returned,

+  and caller needs to ConvertPointer() for the pointers.

+

+  @param[in, out] AddressPointerCount   Output pointer to address pointer count.

+

+  @return Address pointer buffer, NULL if input AddressPointerCount is NULL.

+

+**/

+VOID ***

+EFIAPI

+VarCheckLibInitializeAtEndOfDxe (

+  IN OUT UINTN                  *AddressPointerCount OPTIONAL

+  );

+

+/**

+  Register address pointer.

+  The AddressPointer may be returned by VarCheckLibInitializeAtEndOfDxe().

+

+  @param[in] AddressPointer     Address pointer.

+

+  @retval EFI_SUCCESS           The address pointer was registered successfully.

+  @retval EFI_INVALID_PARAMETER AddressPointer is NULL.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the address pointer register request.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibRegisterAddressPointer (

+  IN VOID                       **AddressPointer

+  );

+

+/**

+  Register SetVariable check handler.

+

+  @param[in] Handler            Pointer to check handler.

+

+  @retval EFI_SUCCESS           The SetVariable check handler was registered successfully.

+  @retval EFI_INVALID_PARAMETER Handler is NULL.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the SetVariable check handler register request.

+  @retval EFI_UNSUPPORTED       This interface is not implemented.

+                                For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibRegisterSetVariableCheckHandler (

+  IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER   Handler

+  );

+

+/**

+  Variable property set.

+

+  @param[in] Name               Pointer to the variable name.

+  @param[in] Guid               Pointer to the vendor GUID.

+  @param[in] VariableProperty   Pointer to the input variable property.

+

+  @retval EFI_SUCCESS           The property of variable specified by the Name and Guid was set successfully.

+  @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,

+                                or the fields of VariableProperty are not valid.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the variable property set request.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibVariablePropertySet (

+  IN CHAR16                         *Name,

+  IN EFI_GUID                       *Guid,

+  IN VAR_CHECK_VARIABLE_PROPERTY    *VariableProperty

+  );

+

+/**

+  Variable property get.

+

+  @param[in]  Name              Pointer to the variable name.

+  @param[in]  Guid              Pointer to the vendor GUID.

+  @param[out] VariableProperty  Pointer to the output variable property.

+

+  @retval EFI_SUCCESS           The property of variable specified by the Name and Guid was got successfully.

+  @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.

+  @retval EFI_NOT_FOUND         The property of variable specified by the Name and Guid was not found.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibVariablePropertyGet (

+  IN CHAR16                         *Name,

+  IN EFI_GUID                       *Guid,

+  OUT VAR_CHECK_VARIABLE_PROPERTY   *VariableProperty

+  );

+

+/**

+  SetVariable check.

+

+  @param[in] VariableName       Name of Variable to set.

+  @param[in] VendorGuid         Variable vendor GUID.

+  @param[in] Attributes         Attribute value of the variable.

+  @param[in] DataSize           Size of Data to set.

+  @param[in] Data               Data pointer.

+  @param[in] RequestSource      Request source.

+

+  @retval EFI_SUCCESS           The SetVariable check result was success.

+  @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, GUID,

+                                DataSize and Data value was supplied.

+  @retval EFI_WRITE_PROTECTED   The variable in question is read-only.

+  @retval Others                The other return status from check handler.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibSetVariableCheck (

+  IN CHAR16                     *VariableName,

+  IN EFI_GUID                   *VendorGuid,

+  IN UINT32                     Attributes,

+  IN UINTN                      DataSize,

+  IN VOID                       *Data,

+  IN VAR_CHECK_REQUEST_SOURCE   RequestSource

+  );

+

+#endif

diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
new file mode 100644
index 0000000..cf00154
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c
@@ -0,0 +1,650 @@
+/** @file

+  Implementation functions and structures for var check services.

+

+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+This program and the accompanying materials

+are licensed and made available under the terms and conditions of the BSD License

+which accompanies this distribution.  The full text of the license may be found at

+http://opensource.org/licenses/bsd-license.php

+

+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include <Library/VarCheckLib.h>

+#include <Library/BaseLib.h>

+#include <Library/BaseMemoryLib.h>

+#include <Library/DebugLib.h>

+#include <Library/MemoryAllocationLib.h>

+

+#include <Guid/GlobalVariable.h>

+#include <Guid/HardwareErrorVariable.h>

+

+BOOLEAN mVarCheckLibEndOfDxe    = FALSE;

+

+#define VAR_CHECK_TABLE_SIZE    0x8

+

+UINTN                                   mVarCheckLibEndOfDxeCallbackCount = 0;

+UINTN                                   mVarCheckLibEndOfDxeCallbackMaxCount = 0;

+VAR_CHECK_END_OF_DXE_CALLBACK           *mVarCheckLibEndOfDxeCallback = NULL;

+

+UINTN                                   mVarCheckLibAddressPointerCount = 0;

+UINTN                                   mVarCheckLibAddressPointerMaxCount = 0;

+VOID                                    ***mVarCheckLibAddressPointer = NULL;

+

+UINTN                                   mNumberOfVarCheckHandler = 0;

+UINTN                                   mMaxNumberOfVarCheckHandler = 0;

+VAR_CHECK_SET_VARIABLE_CHECK_HANDLER    *mVarCheckHandlerTable = NULL;

+

+typedef struct {

+  EFI_GUID                      Guid;

+  VAR_CHECK_VARIABLE_PROPERTY   VariableProperty;

+  //CHAR16                        *Name;

+} VAR_CHECK_VARIABLE_ENTRY;

+

+UINTN                                   mNumberOfVarCheckVariable = 0;

+UINTN                                   mMaxNumberOfVarCheckVariable = 0;

+VARIABLE_ENTRY_PROPERTY                 **mVarCheckVariableTable = NULL;

+

+//

+// Handle variables with wildcard name specially.

+//

+VARIABLE_ENTRY_PROPERTY mVarCheckVariableWithWildcardName[] = {

+  {

+    &gEfiGlobalVariableGuid,

+    L"Boot####",

+    {

+      0

+    },

+  },

+  {

+    &gEfiGlobalVariableGuid,

+    L"Driver####",

+    {

+      0

+    },

+  },

+  {

+    &gEfiGlobalVariableGuid,

+    L"SysPrep####",

+    {

+      0

+    },

+  },

+  {

+    &gEfiGlobalVariableGuid,

+    L"Key####",

+    {

+      0

+    },

+  },

+  {

+    &gEfiHardwareErrorVariableGuid,

+    L"HwErrRec####",

+    {

+      0

+    },

+  },

+};

+

+/**

+  Check if a Unicode character is a hexadecimal character.

+

+  This function checks if a Unicode character is a

+  hexadecimal character.  The valid hexadecimal character is

+  L'0' to L'9', L'a' to L'f', or L'A' to L'F'.

+

+

+  @param[in] Char       The character to check against.

+

+  @retval TRUE          If the Char is a hexadecmial character.

+  @retval FALSE         If the Char is not a hexadecmial character.

+

+**/

+BOOLEAN

+EFIAPI

+VarCheckInternalIsHexaDecimalDigitCharacter (

+  IN CHAR16             Char

+  )

+{

+  return (BOOLEAN) ((Char >= L'0' && Char <= L'9') || (Char >= L'A' && Char <= L'F') || (Char >= L'a' && Char <= L'f'));

+}

+

+/**

+  Variable property get with wildcard name.

+

+  @param[in] VariableName       Pointer to variable name.

+  @param[in] VendorGuid         Pointer to variable vendor GUID.

+  @param[in] WildcardMatch      Try wildcard match or not.

+

+  @return Pointer to variable property.

+

+**/

+VAR_CHECK_VARIABLE_PROPERTY *

+VariablePropertyGetWithWildcardName (

+  IN CHAR16                         *VariableName,

+  IN EFI_GUID                       *VendorGuid,

+  IN BOOLEAN                        WildcardMatch

+  )

+{

+  UINTN     Index;

+  UINTN     NameLength;

+

+  NameLength = StrLen (VariableName) - 4;

+  for (Index = 0; Index < sizeof (mVarCheckVariableWithWildcardName)/sizeof (mVarCheckVariableWithWildcardName[0]); Index++) {

+    if (CompareGuid (mVarCheckVariableWithWildcardName[Index].Guid, VendorGuid)){

+      if (WildcardMatch) {

+        if ((StrLen (VariableName) == StrLen (mVarCheckVariableWithWildcardName[Index].Name)) &&

+            (StrnCmp (VariableName, mVarCheckVariableWithWildcardName[Index].Name, NameLength) == 0) &&

+            VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength]) &&

+            VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) &&

+            VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) &&

+            VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength + 3])) {

+          return &mVarCheckVariableWithWildcardName[Index].VariableProperty;

+        }

+      }

+      if (StrCmp (mVarCheckVariableWithWildcardName[Index].Name, VariableName) == 0) {

+        return  &mVarCheckVariableWithWildcardName[Index].VariableProperty;

+      }

+    }

+  }

+

+  return NULL;

+}

+

+/**

+  Variable property get function.

+

+  @param[in] Name           Pointer to the variable name.

+  @param[in] Guid           Pointer to the vendor GUID.

+  @param[in] WildcardMatch  Try wildcard match or not.

+

+  @return Pointer to the property of variable specified by the Name and Guid.

+

+**/

+VAR_CHECK_VARIABLE_PROPERTY *

+VariablePropertyGetFunction (

+  IN CHAR16                 *Name,

+  IN EFI_GUID               *Guid,

+  IN BOOLEAN                WildcardMatch

+  )

+{

+  UINTN                     Index;

+  VAR_CHECK_VARIABLE_ENTRY  *Entry;

+  CHAR16                    *VariableName;

+

+  for (Index = 0; Index < mNumberOfVarCheckVariable; Index++) {

+    Entry = (VAR_CHECK_VARIABLE_ENTRY *) mVarCheckVariableTable[Index];

+    VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));

+    if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {

+      return &Entry->VariableProperty;

+    }

+  }

+

+  return VariablePropertyGetWithWildcardName (Name, Guid, WildcardMatch);

+}

+

+/**

+  Var check add table entry.

+

+  @param[in, out] Table         Pointer to table buffer.

+  @param[in, out] MaxNumber     Pointer to maximum number of entry in the table.

+  @param[in, out] CurrentNumber Pointer to current number of entry in the table.

+  @param[in]      Entry         Entry will be added to the table.

+

+  @retval EFI_SUCCESS           Reallocate memory successfully.

+  @retval EFI_OUT_OF_RESOURCES  No enough memory to allocate.

+

+**/

+EFI_STATUS

+VarCheckAddTableEntry (

+  IN OUT UINTN      **Table,

+  IN OUT UINTN      *MaxNumber,

+  IN OUT UINTN      *CurrentNumber,

+  IN UINTN          Entry

+  )

+{

+  UINTN     *TempTable;

+

+  //

+  // Check whether the table is enough to store new entry.

+  //

+  if (*CurrentNumber == *MaxNumber) {

+    //

+    // Reallocate memory for the table.

+    //

+    TempTable = ReallocateRuntimePool (

+                  *MaxNumber * sizeof (UINTN),

+                  (*MaxNumber + VAR_CHECK_TABLE_SIZE) * sizeof (UINTN),

+                  *Table

+                  );

+

+    //

+    // No enough resource to allocate.

+    //

+    if (TempTable == NULL) {

+      return EFI_OUT_OF_RESOURCES;

+    }

+

+    *Table = TempTable;

+    //

+    // Increase max number.

+    //

+    *MaxNumber += VAR_CHECK_TABLE_SIZE;

+  }

+

+  //

+  // Add entry to the table.

+  //

+  (*Table)[*CurrentNumber] = Entry;

+  (*CurrentNumber)++;

+

+  return EFI_SUCCESS;

+}

+

+/**

+  Register END_OF_DXE callback.

+  The callback will be invoked by VarCheckLibInitializeAtEndOfDxe().

+

+  @param[in] Callback           END_OF_DXE callback.

+

+  @retval EFI_SUCCESS           The callback was registered successfully.

+  @retval EFI_INVALID_PARAMETER Callback is NULL.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the callback register request.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibRegisterEndOfDxeCallback (

+  IN VAR_CHECK_END_OF_DXE_CALLBACK  Callback

+  )

+{

+  EFI_STATUS    Status;

+

+  if (Callback == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (mVarCheckLibEndOfDxe) {

+    return EFI_ACCESS_DENIED;

+  }

+

+  Status = VarCheckAddTableEntry (

+           (UINTN **) &mVarCheckLibEndOfDxeCallback,

+           &mVarCheckLibEndOfDxeCallbackMaxCount,

+           &mVarCheckLibEndOfDxeCallbackCount,

+           (UINTN) Callback

+           );

+

+  DEBUG ((EFI_D_INFO, "VarCheckLibRegisterEndOfDxeCallback - 0x%x %r\n", Callback, Status));

+

+  return Status;

+}

+

+/**

+  Var check initialize at END_OF_DXE.

+

+  This function needs to be called at END_OF_DXE.

+  Address pointers may be returned,

+  and caller needs to ConvertPointer() for the pointers.

+

+  @param[in, out] AddressPointerCount   Output pointer to address pointer count.

+

+  @return Address pointer buffer, NULL if input AddressPointerCount is NULL.

+

+**/

+VOID ***

+EFIAPI

+VarCheckLibInitializeAtEndOfDxe (

+  IN OUT UINTN                  *AddressPointerCount OPTIONAL

+  )

+{

+  VOID                          *TempTable;

+  UINTN                         TotalCount;

+  UINTN                         Index;

+

+  for (Index = 0; Index < mVarCheckLibEndOfDxeCallbackCount; Index++) {

+    //

+    // Invoke the callback registered by VarCheckLibRegisterEndOfDxeCallback().

+    //

+    mVarCheckLibEndOfDxeCallback[Index] ();

+  }

+  if (mVarCheckLibEndOfDxeCallback != NULL) {

+    //

+    // Free the callback buffer.

+    //

+    mVarCheckLibEndOfDxeCallbackCount = 0;

+    mVarCheckLibEndOfDxeCallbackMaxCount = 0;

+    FreePool ((VOID *) mVarCheckLibEndOfDxeCallback);

+    mVarCheckLibEndOfDxeCallback = NULL;

+  }

+

+  mVarCheckLibEndOfDxe = TRUE;

+

+  if (AddressPointerCount == NULL) {

+    if (mVarCheckLibAddressPointer != NULL) {

+      //

+      // Free the address pointer buffer.

+      //

+      mVarCheckLibAddressPointerCount = 0;

+      mVarCheckLibAddressPointerMaxCount = 0;

+      FreePool ((VOID *) mVarCheckLibAddressPointer);

+      mVarCheckLibAddressPointer = NULL;

+    }

+    return NULL;

+  }

+

+  //

+  // Get the total count needed.

+  // Also cover VarCheckHandler and the entries, and VarCheckVariable and the entries.

+  //

+  TotalCount = mVarCheckLibAddressPointerCount + (mNumberOfVarCheckHandler + 1) + (mNumberOfVarCheckVariable + 1);

+  TempTable = ReallocateRuntimePool (

+                mVarCheckLibAddressPointerMaxCount * sizeof (VOID **),

+                TotalCount * sizeof (VOID **),

+                (VOID *) mVarCheckLibAddressPointer

+                );

+

+  if (TempTable != NULL) {

+    mVarCheckLibAddressPointer = (VOID ***) TempTable;

+

+    //

+    // Cover VarCheckHandler and the entries.

+    //

+    mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckHandlerTable;

+    for (Index = 0; Index < mNumberOfVarCheckHandler; Index++) {

+      mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckHandlerTable[Index];

+    }

+

+    //

+    // Cover VarCheckVariable and the entries.

+    //

+    mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckVariableTable;

+    for (Index = 0; Index < mNumberOfVarCheckVariable; Index++) {

+      mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckVariableTable[Index];

+    }

+

+    ASSERT (mVarCheckLibAddressPointerCount == TotalCount);

+    mVarCheckLibAddressPointerMaxCount = mVarCheckLibAddressPointerCount;

+  }

+

+  *AddressPointerCount = mVarCheckLibAddressPointerCount;

+  return mVarCheckLibAddressPointer;

+}

+

+/**

+  Register address pointer.

+  The AddressPointer may be returned by VarCheckLibInitializeAtEndOfDxe().

+

+  @param[in] AddressPointer     Address pointer.

+

+  @retval EFI_SUCCESS           The address pointer was registered successfully.

+  @retval EFI_INVALID_PARAMETER AddressPointer is NULL.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the address pointer register request.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibRegisterAddressPointer (

+  IN VOID                       **AddressPointer

+  )

+{

+  EFI_STATUS    Status;

+

+  if (AddressPointer == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (mVarCheckLibEndOfDxe) {

+    return EFI_ACCESS_DENIED;

+  }

+

+  Status = VarCheckAddTableEntry(

+           (UINTN **) &mVarCheckLibAddressPointer,

+           &mVarCheckLibAddressPointerMaxCount,

+           &mVarCheckLibAddressPointerCount,

+           (UINTN) AddressPointer

+           );

+

+  DEBUG ((EFI_D_INFO, "VarCheckLibRegisterAddressPointer - 0x%x %r\n", AddressPointer, Status));

+

+  return Status;

+}

+

+/**

+  Register SetVariable check handler.

+

+  @param[in] Handler            Pointer to check handler.

+

+  @retval EFI_SUCCESS           The SetVariable check handler was registered successfully.

+  @retval EFI_INVALID_PARAMETER Handler is NULL.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the SetVariable check handler register request.

+  @retval EFI_UNSUPPORTED       This interface is not implemented.

+                                For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibRegisterSetVariableCheckHandler (

+  IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER   Handler

+  )

+{

+  EFI_STATUS    Status;

+

+  if (Handler == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (mVarCheckLibEndOfDxe) {

+    return EFI_ACCESS_DENIED;

+  }

+

+  Status =  VarCheckAddTableEntry(

+             (UINTN **) &mVarCheckHandlerTable,

+             &mMaxNumberOfVarCheckHandler,

+             &mNumberOfVarCheckHandler,

+             (UINTN) Handler

+             );

+

+  DEBUG ((EFI_D_INFO, "VarCheckLibRegisterSetVariableCheckHandler - 0x%x %r\n", Handler, Status));

+

+  return Status;

+}

+

+/**

+  Variable property set.

+

+  @param[in] Name               Pointer to the variable name.

+  @param[in] Guid               Pointer to the vendor GUID.

+  @param[in] VariableProperty   Pointer to the input variable property.

+

+  @retval EFI_SUCCESS           The property of variable specified by the Name and Guid was set successfully.

+  @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,

+                                or the fields of VariableProperty are not valid.

+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has

+                                already been signaled.

+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource for the variable property set request.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibVariablePropertySet (

+  IN CHAR16                         *Name,

+  IN EFI_GUID                       *Guid,

+  IN VAR_CHECK_VARIABLE_PROPERTY    *VariableProperty

+  )

+{

+  EFI_STATUS                    Status;

+  VAR_CHECK_VARIABLE_ENTRY      *Entry;

+  CHAR16                        *VariableName;

+  VAR_CHECK_VARIABLE_PROPERTY   *Property;

+

+  if (Name == NULL || Name[0] == 0 || Guid == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (VariableProperty == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (mVarCheckLibEndOfDxe) {

+    return EFI_ACCESS_DENIED;

+  }

+

+  Status = EFI_SUCCESS;

+

+  Property = VariablePropertyGetFunction (Name, Guid, FALSE);

+  if (Property != NULL) {

+    CopyMem (Property, VariableProperty, sizeof (*VariableProperty));

+  } else {

+    Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name));

+    if (Entry == NULL) {

+      return EFI_OUT_OF_RESOURCES;

+    }

+    VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));

+    StrCpyS (VariableName, StrSize (Name)/sizeof (CHAR16), Name);

+    CopyGuid (&Entry->Guid, Guid);

+    CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty));

+

+    Status = VarCheckAddTableEntry(

+               (UINTN **) &mVarCheckVariableTable,

+               &mMaxNumberOfVarCheckVariable,

+               &mNumberOfVarCheckVariable,

+               (UINTN) Entry

+               );

+

+    if (EFI_ERROR (Status)) {

+      FreePool (Entry);

+    }

+  }

+

+  return Status;

+}

+

+/**

+  Variable property get.

+

+  @param[in]  Name              Pointer to the variable name.

+  @param[in]  Guid              Pointer to the vendor GUID.

+  @param[out] VariableProperty  Pointer to the output variable property.

+

+  @retval EFI_SUCCESS           The property of variable specified by the Name and Guid was got successfully.

+  @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.

+  @retval EFI_NOT_FOUND         The property of variable specified by the Name and Guid was not found.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibVariablePropertyGet (

+  IN CHAR16                         *Name,

+  IN EFI_GUID                       *Guid,

+  OUT VAR_CHECK_VARIABLE_PROPERTY   *VariableProperty

+  )

+{

+  VAR_CHECK_VARIABLE_PROPERTY   *Property;

+

+  if (Name == NULL || Name[0] == 0 || Guid == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  if (VariableProperty == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  Property = VariablePropertyGetFunction (Name, Guid, TRUE);

+  if (Property != NULL) {

+    CopyMem (VariableProperty, Property, sizeof (*VariableProperty));

+    return EFI_SUCCESS;

+  }

+

+  return EFI_NOT_FOUND;

+}

+

+/**

+  SetVariable check.

+

+  @param[in] VariableName       Name of Variable to set.

+  @param[in] VendorGuid         Variable vendor GUID.

+  @param[in] Attributes         Attribute value of the variable.

+  @param[in] DataSize           Size of Data to set.

+  @param[in] Data               Data pointer.

+  @param[in] RequestSource      Request source.

+

+  @retval EFI_SUCCESS           The SetVariable check result was success.

+  @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, GUID,

+                                DataSize and Data value was supplied.

+  @retval EFI_WRITE_PROTECTED   The variable in question is read-only.

+  @retval Others                The other return status from check handler.

+

+**/

+EFI_STATUS

+EFIAPI

+VarCheckLibSetVariableCheck (

+  IN CHAR16                     *VariableName,

+  IN EFI_GUID                   *VendorGuid,

+  IN UINT32                     Attributes,

+  IN UINTN                      DataSize,

+  IN VOID                       *Data,

+  IN VAR_CHECK_REQUEST_SOURCE   RequestSource

+  )

+{

+  EFI_STATUS                    Status;

+  UINTN                         Index;

+  VAR_CHECK_VARIABLE_PROPERTY   *Property;

+

+  if (!mVarCheckLibEndOfDxe) {

+    //

+    // Only do check after End Of Dxe.

+    //

+    return EFI_SUCCESS;

+  }

+

+  Property = VariablePropertyGetFunction (VariableName, VendorGuid, TRUE);

+  if (Property != NULL) {

+    if ((RequestSource != VarCheckFromTrusted) && ((Property->Property & VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY) != 0)) {

+      DEBUG ((EFI_D_INFO, "Variable Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName));

+      return EFI_WRITE_PROTECTED;

+    }

+    if (!((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0))) {

+      //

+      // Not to delete variable.

+      //

+      if ((Property->Attributes != 0) && ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes)) {

+        DEBUG ((EFI_D_INFO, "Variable Check Attributes(0x%08x to 0x%08x) fail %r - %g:%s\n", Property->Attributes, Attributes, EFI_INVALID_PARAMETER, VendorGuid, VariableName));

+        return EFI_INVALID_PARAMETER;

+      }

+      if (DataSize != 0) {

+        if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) {

+          DEBUG ((EFI_D_INFO, "Variable Check DataSize fail(0x%x not in 0x%x - 0x%x) %r - %g:%s\n", DataSize, Property->MinSize, Property->MaxSize, EFI_INVALID_PARAMETER, VendorGuid, VariableName));

+          return EFI_INVALID_PARAMETER;

+        }

+      }

+    }

+  }

+

+  for (Index = 0; Index < mNumberOfVarCheckHandler; Index++) {

+    Status = mVarCheckHandlerTable[Index] (

+               VariableName,

+               VendorGuid,

+               Attributes,

+               DataSize,

+               Data

+               );

+    if (EFI_ERROR (Status)) {

+      DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));

+      return Status;

+    }

+  }

+  return EFI_SUCCESS;

+}

diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
new file mode 100644
index 0000000..099f83d
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -0,0 +1,51 @@
+## @file

+#  Provides variable check services and database management.

+#

+#  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+#

+#  This program and the accompanying materials

+#  are licensed and made available under the terms and conditions

+#  of the BSD License which accompanies this distribution.  The

+#  full text of the license may be found at

+#  http://opensource.org/licenses/bsd-license.php

+#

+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+#

+##

+

+[Defines]

+  INF_VERSION                    = 0x00010005

+  BASE_NAME                      = VarCheckLib

+  MODULE_UNI_FILE                = VarCheckLib.uni

+  FILE_GUID                      = 63E12D08-0C5D-47F8-95E4-09F89D7506C5

+  MODULE_TYPE                    = DXE_RUNTIME_DRIVER

+  VERSION_STRING                 = 1.0

+  LIBRARY_CLASS                  = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER

+

+#

+# The following information is for reference only and not required by the build tools.

+#

+#  VALID_ARCHITECTURES           = IA32 X64

+#

+

+[Sources]

+  VarCheckLib.c

+

+[Packages]

+  MdePkg/MdePkg.dec

+  MdeModulePkg/MdeModulePkg.dec

+

+[LibraryClasses]

+  BaseLib

+  BaseMemoryLib

+  DebugLib

+  MemoryAllocationLib

+

+[Guids]

+  ## SOMETIMES_CONSUMES  ## Variable:L"Boot####"

+  ## SOMETIMES_CONSUMES  ## Variable:L"Driver####"

+  ## SOMETIMES_CONSUMES  ## Variable:L"SysPrep####"

+  ## SOMETIMES_CONSUMES  ## Variable:L"Key####"

+  gEfiGlobalVariableGuid

+  gEfiHardwareErrorVariableGuid  ## SOMETIMES_CONSUMES   ## Variable:L"HwErrRec####"

diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.uni b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.uni
new file mode 100644
index 0000000..d9761a1
--- /dev/null
+++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.uni
Binary files differ
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 9a3f2cd..4cd9c4d 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -123,6 +123,10 @@
   #

   AuthVariableLib|Include/Library/AuthVariableLib.h

 

+  ## @libraryclass  Provides variable check services and database management.

+  #

+  VarCheckLib|Include/Library/VarCheckLib.h

+

 [Guids]

   ## MdeModule package token space guid

   # Include/Guid/MdeModulePkgTokenSpace.h