From 009e00db4cdda008d02f812301420b030410b932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 1 Sep 2025 17:59:15 +0200 Subject: [PATCH 1/6] DasharoVariablesLib/DasharoVariablesLib.c: Always allow capsule if descriptor is locked MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoVariablesLib/DasharoVariablesLib.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 94b527f71a..30e115c2f6 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -559,7 +559,7 @@ DasharoCapsulesCanPersistAcrossReset ( ) { EFI_STATUS Status; - UINT8 MeMode; + UINT8 MeMode, DescriptorWriteable; UINTN VarSize; // @@ -576,6 +576,23 @@ DasharoCapsulesCanPersistAcrossReset ( return FALSE; } + // + // If the descriptor is locked, we'll only be updating the BIOS region, so ME + // state is irrelevant. + // + VarSize = sizeof (DescriptorWriteable) + Status = gRT->GetVariable ( + "DescriptorWriteable", + &gDasharoSystemFeaturesTokenSpaceGuid, + NULL, + &VarSize, + &DescriptorWriteable + ); + + if (!EFI_ERROR (Status) && !DescriptorWriteable) { + return TRUE; + } + MeMode = DASHARO_ME_MODE_ENABLE; VarSize = sizeof (MeMode); From 4d28c9a94d6106f4d5c05576ad9ef08a20256263 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 1 Sep 2025 17:59:15 +0200 Subject: [PATCH 2/6] DasharoVariablesLib/DasharoVariablesLib.c: Always allow capsule if descriptor is locked MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../Library/DasharoVariablesLib/DasharoVariablesLib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 30e115c2f6..64c9d22e8d 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -580,9 +580,9 @@ DasharoCapsulesCanPersistAcrossReset ( // If the descriptor is locked, we'll only be updating the BIOS region, so ME // state is irrelevant. // - VarSize = sizeof (DescriptorWriteable) + VarSize = sizeof (DescriptorWriteable); Status = gRT->GetVariable ( - "DescriptorWriteable", + L"DescriptorWriteable", &gDasharoSystemFeaturesTokenSpaceGuid, NULL, &VarSize, From d3d9ca04685236647058064697f66afc4065fd17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 1 Sep 2025 18:04:49 +0200 Subject: [PATCH 3/6] DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: Hide HAP if descriptor is locked MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../DasharoSystemFeatures.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index c8bc03f828..8455093620 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -139,7 +139,8 @@ DasharoSystemFeaturesUiLibConstructor ( ) { EFI_STATUS Status; - UINTN BufferSize; + UINTN BufferSize, VarSize; + UINT8 DescriptorWriteable; if (!FixedPcdGetBool (PcdShowMenu)) return EFI_SUCCESS; @@ -206,6 +207,19 @@ DasharoSystemFeaturesUiLibConstructor ( PRIVATE_DATA(ShowMemorySpdProfile) = FixedPcdGetBool(PcdShowMemorySpdProfileOption); PRIVATE_DATA(ShowMemoryIbecc) = FixedPcdGetBool(PcdShowMemoryIbeccOption); + // HAP is only available if descriptor is not locked + VarSize = sizeof (DescriptorWriteable); + Status = gRT->GetVariable ( + L"DescriptorWriteable", + &gDasharoSystemFeaturesTokenSpaceGuid, + NULL, + &VarSize, + &DescriptorWriteable + ); + + if (!EFI_ERROR(Status)) + PRIVATE_DATA(MeHapAvailable) &= !DescriptorWriteable; + // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (PRIVATE_DATA(ShowSecurityMenu)) PRIVATE_DATA(ShowSecurityMenu) = FixedPcdGetBool (PcdDasharoEnterprise) || From af85ff649a8e3dbf2819caeeccc40a64cbacf7db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 2 Sep 2025 10:03:18 +0200 Subject: [PATCH 4/6] DasharoModulePkg: Add define for DescriptorWriteable EFI variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- DasharoModulePkg/Include/DasharoOptions.h | 3 ++- .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 2 +- .../Library/DasharoVariablesLib/DasharoVariablesLib.c | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h index 3ad5e34056..26ad167c6e 100644 --- a/DasharoModulePkg/Include/DasharoOptions.h +++ b/DasharoModulePkg/Include/DasharoOptions.h @@ -44,7 +44,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define DASHARO_VAR_CORE_ACTIVE_COUNT L"CoreActiveCount" #define DASHARO_VAR_HYPER_THREADING L"HyperThreading" #define DASHARO_VAR_USB_PORT_POWER L"UsbPortPower" -#define DASHARO_VAR_DGPU_STATE L"DGPUState" +#define DASHARO_VAR_DGPU_STATE L"DGPUState" +#define DASHARO_VAR_DESCRIPTOR_WRITEABLE L"DescriptorWriteable" // Other #define DASHARO_VAR_SMBIOS_UUID L"Type1UUID" diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 8455093620..4534723c78 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -210,7 +210,7 @@ DasharoSystemFeaturesUiLibConstructor ( // HAP is only available if descriptor is not locked VarSize = sizeof (DescriptorWriteable); Status = gRT->GetVariable ( - L"DescriptorWriteable", + DASHARO_VAR_DESCRIPTOR_WRITEABLE, &gDasharoSystemFeaturesTokenSpaceGuid, NULL, &VarSize, diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index 64c9d22e8d..f874036a3a 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -582,7 +582,7 @@ DasharoCapsulesCanPersistAcrossReset ( // VarSize = sizeof (DescriptorWriteable); Status = gRT->GetVariable ( - L"DescriptorWriteable", + DASHARO_VAR_DESCRIPTOR_WRITEABLE, &gDasharoSystemFeaturesTokenSpaceGuid, NULL, &VarSize, From e8894bed1b4143cd0cbb3f414a733adc0b519ef9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 2 Sep 2025 10:26:48 +0200 Subject: [PATCH 5/6] DasharoModulePkg/Library: Use correct GUID for DescriptorWriteable EFI var MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 2 +- .../Library/DasharoVariablesLib/DasharoVariablesLib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 4534723c78..72d1f594e5 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -211,7 +211,7 @@ DasharoSystemFeaturesUiLibConstructor ( VarSize = sizeof (DescriptorWriteable); Status = gRT->GetVariable ( DASHARO_VAR_DESCRIPTOR_WRITEABLE, - &gDasharoSystemFeaturesTokenSpaceGuid, + &gDasharoSystemFeaturesGuid, NULL, &VarSize, &DescriptorWriteable diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c index f874036a3a..3485b1d07d 100644 --- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c +++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c @@ -583,7 +583,7 @@ DasharoCapsulesCanPersistAcrossReset ( VarSize = sizeof (DescriptorWriteable); Status = gRT->GetVariable ( DASHARO_VAR_DESCRIPTOR_WRITEABLE, - &gDasharoSystemFeaturesTokenSpaceGuid, + &gDasharoSystemFeaturesGuid, NULL, &VarSize, &DescriptorWriteable From 09b49b3e3e460af1834887ed1ddf393f8bb0fd02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 2 Sep 2025 10:31:20 +0200 Subject: [PATCH 6/6] DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c: correct logic for descriptor writeability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .../Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c index 72d1f594e5..1f7e17a7d3 100644 --- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c +++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c @@ -218,7 +218,7 @@ DasharoSystemFeaturesUiLibConstructor ( ); if (!EFI_ERROR(Status)) - PRIVATE_DATA(MeHapAvailable) &= !DescriptorWriteable; + PRIVATE_DATA(MeHapAvailable) &= DescriptorWriteable; // Ensure at least one option is visible in given menu (if enabled), otherwise hide it if (PRIVATE_DATA(ShowSecurityMenu))