From: Leif Lindholm <leif.lindholm@linaro.org>
To: Laszlo Ersek <lersek@redhat.com>
Cc: kalyan-nagabhirava <kalyankumar.nagabhirava@linaro.org>,
edk2-devel@lists.01.org, ard.biesheuvel@linaro.org,
mark.gregotski@linaro.org, Marcin Wojtas <mw@semihalf.com>
Subject: Re: [PATCH] [edk2-platforms]:Enabling Secure boot feature support on hikey platfrom
Date: Mon, 27 Nov 2017 16:57:36 +0000 [thread overview]
Message-ID: <20171127165736.drp63cy7vdxc2sak@bivouac.eciton.net> (raw)
In-Reply-To: <f61e3e29-6621-2031-cf97-882364d9f826@redhat.com>
On Mon, Nov 27, 2017 at 02:02:32PM +0100, Laszlo Ersek wrote:
> On 11/26/17 16:22, Leif Lindholm wrote:
> > (Adding Laszlo to cc based on a single comment I make below.)
> >
> > On Tue, Nov 21, 2017 at 04:23:36PM +0530, kalyan-nagabhirava wrote:
>
> >> [Guids.common]
> >> gHiKeyTokenSpaceGuid = { 0x91148425, 0xcdd2, 0x4830, { 0x8b, 0xd0, 0xc6, 0x1c, 0x6d, 0xea, 0x36, 0x21 } }
> >> + gHwTokenSpaceGuid = { 0x99999999, 0x74c5, 0x4043, { 0xb4, 0x17, 0xa3, 0x22, 0x38, 0x14, 0xce, 0x76 } }
> >
> > This very much looks like a not properly generated GUID.
> > GUIDs must always be generated using an RFC4122-compliant algorithm.
> > I generally recommend using
> > https://www.guidgenerator.com/online-guid-generator.aspx.
>
> I just run "uuidgen" in a terminal window.
Yeah, I just prefer pointing to someone that does not require
installing anything, or requires specific operating systems.
> >> +EFI_STATUS
> >> +EFIAPI
> >> +FvbSetAttributes(
> >> + IN CONST EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL *This,
> >> + IN OUT EFI_FVB_ATTRIBUTES_2 *Attributes
> >> + )
> >> +{
> >> + DEBUG ((DEBUG_BLKIO, "FvbSetAttributes(0x%X) is not supported\n",*Attributes));
> >> + return EFI_UNSUPPORTED;
> >
> > As per my (very) recent comment to Marcin, I do not believe returning
> > EFI_UNSUPPORTED is a valid thing to do here. Which to me suggests the
> > implementation of FvbGetAttributes is also incorrect.
> >
> > Laszlo - what's your take on this in conjunction with PI 1.6 section
> > 3.4.2? OvmfPkg does something very similar in
> > EmuVariableFvbRuntimeDxe/Fvb.c.
>
> I guess you are right. The particular OvmfPkg code that you mention is
> likely also spec-breaking.
>
> FWIW, in the OVMF flash driver that actually uses pflash, namely
>
> OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c
>
> the FvbSetVolumeAttributes() function appears both appropriate for the
> spec and generic enough to copy elsewhere.
Yes, that looks good, thanks!
Marcin, Kalyan - please have a look at that implementation for
inspiration.
/
Leif
next prev parent reply other threads:[~2017-11-27 16:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-21 10:53 [PATCH] [edk2-platforms]:Enabling Secure boot feature support on hikey platfrom kalyan-nagabhirava
2017-11-26 15:22 ` Leif Lindholm
2017-11-27 13:02 ` Laszlo Ersek
2017-11-27 16:57 ` Leif Lindholm [this message]
2017-11-28 7:35 ` Kalyan Nagabhirava
2017-11-28 12:37 ` Leif Lindholm
2017-11-28 13:01 ` Kalyan Nagabhirava
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171127165736.drp63cy7vdxc2sak@bivouac.eciton.net \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox