Re: [PATCH v2 4/5] OvmfPkg: raise max variable size (auth & non-auth) to 33KB for FD_SIZE_4MB

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Jordan Justen <jordan.l.justen@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
	edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Gary Ching-Pang Lin <glin@suse.com>
Subject: Re: [PATCH v2 4/5] OvmfPkg: raise max variable size (auth & non-auth) to 33KB for FD_SIZE_4MB
Date: Thu, 04 May 2017 11:50:04 -0700	[thread overview]
Message-ID: <149392380410.9783.3695261429662975796@jljusten-skl.jf.intel.com> (raw)
In-Reply-To: <795227c7-2191-239a-a940-4f5ea37adfc3@redhat.com>

On 2017-05-04 09:52:48, Laszlo Ersek wrote:
> On 05/04/17 18:36, Jordan Justen wrote:
> > On 2017-05-03 14:39:46, Laszlo Ersek wrote:
> >> The "ConfirmSetOfLargeVariable" test case of the Secure Boot Logo Test
> >> ("Microsoft.UefiSecureBootLogo.Tests") suite in the Microsoft Hardware
> >> Certification Kit sets a 32 KB large non-authenticated variable.
> > 
> > According to
> > http://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_Security_Microsoft_Fall_2016.pdf
> > 
> > "The maximum supported variable size must be at least 64kB"
> > 
> > Should we just bump the size to match this? We should be able to make
> > this change later once it is in a test/spec, but for some reason I
> > thought the requirement was already 64k.
> 
> The 32KB requirement comes from the most recent Secure Boot Logo Test. I

If the limit is 32k, why go with 33k? Does the test fail with a 32k
limit?

-Jordan

> installed both the Windows Server 2008 R2 SP1 test controller and the
> Windows 2016 Server test client just the other day, together with the
> most recent filters, using the following descriptions:
> 
> https://msdn.microsoft.com/en-us/library/windows/hardware/jj123537.aspx
> https://github.com/daynix/VirtHCK/wiki#Checklist_for_a_New_Controller_VM
> https://github.com/daynix/VirtHCK/wiki#Checklist_for_a_New_Client_VM
> 
> Given that this limit can be bumped without breaking compatibility, as
> you say, I'd like to remain frugal with it, same as we were in James's
> commit f5404a3eba1d ("OvmfPkg: Increase the maximum size for
> Authenticated variables", 2016-03-24).
> 
> I don't understand why the plugfest presentation and the SB Logo Test
> require different limits... But, I'm certain our QE will find out in
> short order once the SB Logo Test catches up with the presentation, and
> I expect I'll submit the corresponding patch soon after.
> 
> I dislike the speculation in this series, but breaking compatibility is
> even worse. (A lot worse, to me at least.) So I consider the varstore
> restructuring the smaller of two wrongs. However, wrt.
> PcdMaxVariableSize, it seems we're not being forced to either of those
> wrongs (i.e., breaking compat or speculation), so we can delay the increase.
> 
> > 
> > Aside from this question:
> > 
> > Series Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
> 
> Thanks a lot!
> 
> I'll await your ACK for the above argument before pushing the series.
> 
> Thanks,
> Laszlo
> 
> >> In the FD_SIZE_4MB build, our live varstore is now 256 KB big, so we can
> >> accommodate this. Set both PcdMaxVariableSize and PcdMaxAuthVariableSize
> >> to 0x8400 -- beyond DataSize=0x8000 from the HCK test, we need some room
> >> for the variable name and attributes as well.
> >>
> >> Cc: Gary Ching-Pang Lin <glin@suse.com>
> >> Cc: Jordan Justen <jordan.l.justen@intel.com>
> >> Contributed-under: TianoCore Contribution Agreement 1.0
> >> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> >> ---
> >>
> >> Notes:
> >>     v2:
> >>     - adjust to FD_SIZE_IN_KB
> >>     - update commit msg to state 256 KB for the varstore [Jordan]
> >>
> >>  OvmfPkg/OvmfPkgIa32.dsc    | 6 ++++++
> >>  OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++++++
> >>  OvmfPkg/OvmfPkgX64.dsc     | 6 ++++++
> >>  3 files changed, 18 insertions(+)
> >>
> >> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> >> index 26b807dde9fa..e0779ddaa426 100644
> >> --- a/OvmfPkg/OvmfPkgIa32.dsc
> >> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> >> @@ -404,28 +404,34 @@ [PcdsFeatureFlag]
> >>    gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
> >>  !endif
> >>  !if $(SMM_REQUIRE) == TRUE
> >>    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
> >>    gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE
> >>  !endif
> >>  
> >>  [PcdsFixedAtBuild]
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
> >>    gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
> >> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!endif
> >> +!if $(FD_SIZE_IN_KB) == 4096
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
> >> +!endif
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
> >>  
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
> >>  
> >>    gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
> >>  
> >>    # DEBUG_INIT      0x00000001  // Initialization
> >>    # DEBUG_WARN      0x00000002  // Warnings
> >>    # DEBUG_LOAD      0x00000004  // Load events
> >>    # DEBUG_FS        0x00000008  // EFI File system
> >>    # DEBUG_POOL      0x00000010  // Alloc & Free (pool)
> >>    # DEBUG_PAGE      0x00000020  // Alloc & Free (page)
> >>    # DEBUG_INFO      0x00000040  // Informational debug messages
> >> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> >> index 41f06a6b6a66..bbe26e2cf452 100644
> >> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> >> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> >> @@ -409,28 +409,34 @@ [PcdsFeatureFlag]
> >>    gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
> >>  !endif
> >>  !if $(SMM_REQUIRE) == TRUE
> >>    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
> >>    gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE
> >>  !endif
> >>  
> >>  [PcdsFixedAtBuild]
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
> >>    gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
> >> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!endif
> >> +!if $(FD_SIZE_IN_KB) == 4096
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
> >> +!endif
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
> >>  
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
> >>  
> >>    gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
> >>  
> >>    # DEBUG_INIT      0x00000001  // Initialization
> >>    # DEBUG_WARN      0x00000002  // Warnings
> >>    # DEBUG_LOAD      0x00000004  // Load events
> >>    # DEBUG_FS        0x00000008  // EFI File system
> >>    # DEBUG_POOL      0x00000010  // Alloc & Free (pool)
> >>    # DEBUG_PAGE      0x00000020  // Alloc & Free (page)
> >>    # DEBUG_INFO      0x00000040  // Informational debug messages
> >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> >> index 053c84b685c5..ff795815f65f 100644
> >> --- a/OvmfPkg/OvmfPkgX64.dsc
> >> +++ b/OvmfPkg/OvmfPkgX64.dsc
> >> @@ -409,28 +409,34 @@ [PcdsFeatureFlag]
> >>    gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
> >>  !endif
> >>  !if $(SMM_REQUIRE) == TRUE
> >>    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
> >>    gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE
> >>  !endif
> >>  
> >>  [PcdsFixedAtBuild]
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
> >>    gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
> >> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +!endif
> >> +!if $(FD_SIZE_IN_KB) == 4096
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
> >> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
> >> +!endif
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
> >>  
> >>    gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
> >>  
> >>    gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
> >>  
> >>    # DEBUG_INIT      0x00000001  // Initialization
> >>    # DEBUG_WARN      0x00000002  // Warnings
> >>    # DEBUG_LOAD      0x00000004  // Load events
> >>    # DEBUG_FS        0x00000008  // EFI File system
> >>    # DEBUG_POOL      0x00000010  // Alloc & Free (pool)
> >>    # DEBUG_PAGE      0x00000020  // Alloc & Free (page)
> >>    # DEBUG_INFO      0x00000040  // Informational debug messages
> >> -- 
> >> 2.9.3
> >>
> >>
>

next prev parent reply	other threads:[~2017-05-04 18:50 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-03 21:39 [PATCH v2 0/5] OvmfPkg: add FD_SIZE_4MB for Windows HCK SB tests, and for future proofing Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 1/5] OvmfPkg: introduce the FD_SIZE_IN_KB macro / build flag Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 2/5] OvmfPkg/OvmfPkg.fdf.inc: extract VARS_LIVE_SIZE and VARS_SPARE_SIZE macros Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 3/5] OvmfPkg: introduce 4MB flash image (mainly) for Windows HCK Laszlo Ersek
2017-05-05  4:07   ` Laszlo Ersek
2017-05-05  8:57     ` Jordan Justen
2017-05-05 12:07       ` Laszlo Ersek
2017-05-05 15:43         ` Jordan Justen
2017-05-05 16:46           ` Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 4/5] OvmfPkg: raise max variable size (auth & non-auth) to 33KB for FD_SIZE_4MB Laszlo Ersek
2017-05-04 16:36   ` Jordan Justen
2017-05-04 16:52     ` Laszlo Ersek
2017-05-04 18:50       ` Jordan Justen [this message]
2017-05-04 19:27         ` Laszlo Ersek
2017-05-04 19:30           ` Laszlo Ersek
2017-05-04 23:00       ` Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 5/5] OvmfPkg: make the 4MB flash size the default Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=149392380410.9783.3695261429662975796@jljusten-skl.jf.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox