From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7236DD8018D for ; Sun, 8 Oct 2023 20:26:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Ts3/j/Jh+GpzQ4POarP0mvqrFSPqPvP2lcnF3+aatNM=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1696796792; v=1; b=DPcdqTBApHXcDmXvVh/2tn0YoHjLgy9xAFa2v+vnODNyOIaFOOXjGz39RNUinojWuh5bPN9T VVKHgmzNoDC7KTj2zKonKEhZs6gprvDa3k7SSvVQP8LLstLrrNm+zdDj/3BlwZkHJiydd9MIjCO Z1uhYGu2wq2bpTSgyYnrNtkM= X-Received: by 127.0.0.2 with SMTP id hSgPYY7687511xKRv5urDqHB; Sun, 08 Oct 2023 13:26:32 -0700 X-Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) by mx.groups.io with SMTP id smtpd.web11.45952.1696796791425015209 for ; Sun, 08 Oct 2023 13:26:31 -0700 X-Received: by mail-ot1-f42.google.com with SMTP id 46e09a7af769-6c665b2469dso2635429a34.0 for ; Sun, 08 Oct 2023 13:26:31 -0700 (PDT) X-Gm-Message-State: qLwnm64jKBAL6Vnt8EQnhf3Yx7686176AA= X-Google-Smtp-Source: AGHT+IFx1Pmpc7UCP4LdztrI6+rpCVoLW5cQ2V7TShq1aIFAV/5WEO9dgRC+1fhWuW/rJha4qN5+ug== X-Received: by 2002:a05:6870:8553:b0:1d6:b7aa:c6ed with SMTP id w19-20020a056870855300b001d6b7aac6edmr15414820oaj.56.1696796790582; Sun, 08 Oct 2023 13:26:30 -0700 (PDT) X-Received: from [192.168.0.125] ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id s3-20020aa78283000000b00692b6fe1c7asm5063621pfm.179.2023.10.08.13.26.29 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 08 Oct 2023 13:26:29 -0700 (PDT) Message-ID: <0c19b0d2-0d80-4786-b6ef-13145ad968d3@gmail.com> Date: Sun, 8 Oct 2023 13:26:27 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib To: Laszlo Ersek , Gerd Hoffmann , devel@edk2.groups.io Cc: Ard Biesheuvel , Jian J Wang , Liming Gao , Nhi Pham , Oliver Steffen References: <20230920005752.2041-1-taylor.d.beebe@gmail.com> <20230920005752.2041-21-taylor.d.beebe@gmail.com> <2390fe7b-d994-4aed-8b45-97bf028b2cb3@gmail.com> <8ae346cc-36c0-55da-e939-bdf22ff5b7f4@redhat.com> <3be6502d-379e-7966-1db6-ca31e88626ed@redhat.com> From: "Taylor Beebe" In-Reply-To: <3be6502d-379e-7966-1db6-ca31e88626ed@redhat.com> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=DPcdqTBA; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) I appreciate the suggestions on how to add PEI fw_cfg parsing support --=20 it should speed up the investigation/implementation. The focus of this series is a more-or-less lateral update from the PCDs=20 to the new interface, and even then this transitional series has grown quite long and still has zero reviewed-bys 3 months in. There=20 are many more functional and test updates to come which can be done in parallel once this series is complete. The currently=20 planned work can be found on the Tianocore Memory Protections project (https://github.com/orgs/tianocore/projects/3). I'll add an item there=20 to add fw_cfg parsing support for PEI ArmVirt and assign myself. Any more task suggestions are welcome :) In this series, I'll add a FixedAtBuild PCD to ArmVirtPkg which will=20 dictate the protection profile used for the boot. The default will be the release profile. I'll also make the other updates mentioned in this=20 thread. -Taylor On 10/5/2023 5:57 AM, Laszlo Ersek wrote: > On 10/5/23 12:23, Gerd Hoffmann wrote: >> Hi, >> >>>>> An Arm compatible PEIM instance of QemuFwCfgLib will need to be creat= ed. >>>>> I'm happy to look into it, but I don't want to hang up this patch ser= ies on >>>>> that addition. Instead, I'll set the protection policy for ArmVirtPkg= to >>>>> the equivalent of the new GrubCompat profile in this series. >>>> Can you base the default policy (i.e., the one that takes effect in th= e >>>> absence of fw_cfg) on a PCD? >>> That would be nice indeed. >> While being at it: Does it make sense to have *two* defaults, one for >> secureboot=3Don (strict) and one for secureboot=3Doff (compat) ? > I'm not sure, for now we can't enforce truly secure secure boot anyway. > > Laszlo > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109403): https://edk2.groups.io/g/devel/message/109403 Mute This Topic: https://groups.io/mt/101469960/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-