From: "Zeng, Star" <star.zeng@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>,
"Wu, Jiaxin" <jiaxin.wu@intel.com>
Cc: edk2-devel-01 <edk2-devel@lists.01.org>,
"Daniel P. Berrange" <berrange@redhat.com>,
"Zeng, Star" <star.zeng@intel.com>
Subject: Re: internal structure of EFI_TLS_CA_CERTIFICATE_VARIABLE
Date: Wed, 28 Mar 2018 11:10:53 +0000 [thread overview]
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103BA74071@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <59219fa4-9a1d-5e64-e967-33ce7efa05b2@redhat.com>
Laszlo,
There should be some places need to care about. I also need to check the detail.
I am ok to make the patch if it is not so urgent.
Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, March 28, 2018 6:07 PM
To: Zeng, Star <star.zeng@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
Cc: edk2-devel-01 <edk2-devel@lists.01.org>; Daniel P. Berrange <berrange@redhat.com>
Subject: Re: [edk2] internal structure of EFI_TLS_CA_CERTIFICATE_VARIABLE
Hi Star,
thanks for following up; comments below:
On 03/28/18 05:28, Zeng, Star wrote:
> Is there a PCD pointers to the siglist?
We discussed that earlier, but because HttpDxe -- which consumes the certificate list -- is a UEFI driver, we decided that it should not consume dynamic PCDs. The alternative (specified in the UEFI spec) was variables.
The earlier discussion wasn't exactly about the trusted CA cert list.
Instead, it was about the trusted cipher algo list. However, both of these knobs pose the same "info channel" questions. So here's the link into the cipher algo list discussion:
http://mid.mail-archive.com/895558F6EA4E3B41AC93A00D163B72741637DE9E@SHSMSX103.ccr.corp.intel.com
> For adding PcdMaxVolatileVariableSize: non-authenticated, volatile, I think it is acceptable if there are use cases.
Thank you for accepting the idea in theory :)
Do you think it is a simple change? Or is it intrusive?
If it is intrusive, then I'd prefer if one of the variable driver maintainers wrote the patch. It's a complex driver and there can be hidden assumptions and relationships that I might miss.
If it's a reasonably simple change then I'm happy to work on it.
Thanks!
Laszlo
next prev parent reply other threads:[~2018-03-28 11:04 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-20 14:55 internal structure of EFI_TLS_CA_CERTIFICATE_VARIABLE Laszlo Ersek
2018-03-21 1:30 ` Fu, Siyuan
2018-03-21 13:39 ` Laszlo Ersek
2018-03-22 2:02 ` Wu, Jiaxin
2018-03-22 9:20 ` Laszlo Ersek
2018-03-28 2:31 ` Laszlo Ersek
2018-03-28 3:28 ` Zeng, Star
2018-03-28 10:06 ` Laszlo Ersek
2018-03-28 11:10 ` Zeng, Star [this message]
2018-03-28 12:01 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0C09AFA07DD0434D9E2A0C6AEB0483103BA74071@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox