From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::443; helo=mail-wr1-x443.google.com; envelope-from=leif.lindholm@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7C2DE21190728 for ; Tue, 20 Nov 2018 08:23:10 -0800 (PST) Received: by mail-wr1-x443.google.com with SMTP id e3-v6so2624856wrs.5 for ; Tue, 20 Nov 2018 08:23:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=KbzU1DFFLciKPAKnVPpsRMoLFhLTT+sW0wx2vcrWyt8=; b=J/NHPKAycxs4OZWnJccoEmJD4u3ZqAfXZ4ni9z+l/ICnsFYWxbLdlGvAdBd75RAoo3 uv36KDNJ0DGJi4Ihle1dp5GApq9P9j/xwQQb3lU8U2QzrDJdJzFBNJfvwa8+sOYUYkHs qBmPXYvi82/HNAhNwS3jOhP4uzC3J0fJdVuuM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=KbzU1DFFLciKPAKnVPpsRMoLFhLTT+sW0wx2vcrWyt8=; b=IHyb7JhRbwkCVlpkGxAyhpxmYqZJb4W7uVwVNmGBDzz81np8Kk3xSihz3sfct+6Nqp Jk7CwuowTrlh592rXyAa2nYjMh31GzZix6tVpU9qWtBCxlX068rrH/egcl/COv19lrZt f0ll7jOxHw7er0fz57BbX+dgMv434Uh8HVunc6UVmBcyKJYSjnx23iqUBruJ9iuvDJiH NQilVZKq/etyQlRYyjlgK4/OYbqszG7RrZ6qQ3mkjX2/0ESHZeGKP1a+Ej/OkM5wbes3 PTM+jV3vzFpuezuXnj2lFQTsaRytOsm82LJtL0ppRkv2nxcetgpeVpgABdI1r8lBhhH9 o7Xg== X-Gm-Message-State: AA+aEWbnIbmfU348XXq1nuW3rfLzTusQ7j22T3MaXxWFN2+/95RisaWD qYunHFOafi8+QEJV5Us/Br17/w== X-Google-Smtp-Source: AFSGD/X6QNRiYLp7fe6AUFI8y+yr5DvXHiJj/mkB0SVwQfDjKfdglymTIqr0fVKSxeKmI4+HFZeNBQ== X-Received: by 2002:adf:ee06:: with SMTP id y6mr2594593wrn.261.1542730988830; Tue, 20 Nov 2018 08:23:08 -0800 (PST) Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id 60sm17067056wrb.81.2018.11.20.08.23.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 20 Nov 2018 08:23:07 -0800 (PST) Date: Tue, 20 Nov 2018 16:23:05 +0000 From: Leif Lindholm To: Ming Huang Cc: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org, graeme.gregory@linaro.org, ard.biesheuvel@linaro.org, michael.d.kinney@intel.com, lersek@redhat.com, wanghuiqiang@huawei.com, huangming23@huawei.com, zhangjinsong2@huawei.com, huangdaode@hisilicon.com, john.garry@huawei.com, xinliang.liu@linaro.org, zhangfeng56@huawei.com Message-ID: <20181120162305.dn3d5avmdyol6pwn@bivouac.eciton.net> References: <20181120090150.1102-1-ming.huang@linaro.org> <20181120090150.1102-2-ming.huang@linaro.org> <20181120121309.mwsoxljgjwy4yv7i@bivouac.eciton.net> <20181120125805.jn6xfxbg47izxwo2@bivouac.eciton.net> <1e4db632-9c2c-79e0-2bbe-cdc7913aa0c5@linaro.org> <20181120143912.p7jeqwjgtqsgmf75@bivouac.eciton.net> <067f13ef-f03e-327e-685f-f4d5516fb6a4@linaro.org> MIME-Version: 1.0 In-Reply-To: <067f13ef-f03e-327e-685f-f4d5516fb6a4@linaro.org> User-Agent: NeoMutt/20170113 (1.7.2) Subject: Re: [PATCH edk2-platforms v3 1/5] Hisilicon/D0x: Fix secure boot bug in FlashFvbDxe X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 16:23:10 -0000 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit On Tue, Nov 20, 2018 at 11:00:49PM +0800, Ming Huang wrote: > On 11/20/2018 10:39 PM, Leif Lindholm wrote: > > On Tue, Nov 20, 2018 at 10:29:57PM +0800, Ming Huang wrote: > >>>>> And all Hisilicon platforms still use > >>>>> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > >>>>> regardless of Secure Boot setting. > >>>>> > >>>>> So what problem does this patch solve? A runtime one? > >>>> > >>>> This patch solve bug in FlashFvbDxe. > >>> > >>> Yes, but what bug? What is the symptom? What _specific_ problem goes > >>> away by adding this patch? That information should have been in the > >>> original commit message. I have no information available to me as I > >>> now build -rc1 to suggest that this patch should be included. > >> > >> The bug is that gEfiAuthenticatedVariableGuid should be used in FlashFvbDxe, > >> not gEfiVariableGuid when enable secure boot. > > > > OK, I will ask a third time: what _problem_ does this solve? > > What is the symptom? > > When someone uses the buggy firmware, what does not work for them? > > This information _always_ needs to be in the commit message. > > This patch is using with series v1 patch 'Hisilicon/D06: Fix SBBR-SCT AuthVar issue' > to fix the SCT issue: > RT.SetVariable - Set Invalid Time Base Auth Variable – FAILURE; > RT.SetVariable - Create one Time Base Auth Variable, the expect return > status should be EFI_SUCCESS – FAILURE. OK, but if we don't have authenticated variables (all the way to the hardware), then this is the correct behaviour? Making the test pass anyway is not the correct solution. / Leif