From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <leif.lindholm@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:4864:20::441; helo=mail-wr1-x441.google.com;
 envelope-from=leif.lindholm@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com
 [IPv6:2a00:1450:4864:20::441])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C841021959CB2
 for <edk2-devel@lists.01.org>; Mon, 21 Jan 2019 09:03:44 -0800 (PST)
Received: by mail-wr1-x441.google.com with SMTP id s12so24265233wrt.4
 for <edk2-devel@lists.01.org>; Mon, 21 Jan 2019 09:03:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=QwH9gCjMoSdpyJdjdWRruLsjvFcDoXAem3HOibdJmek=;
 b=gRNiw+/fXTh45y4Er5ry4szdKg2eHYUYz04qDfpbeJhBH3UXuOwzEnQ+zCvo4P+nHb
 hJ6Y0y1tDFvNK0hn2p2yrb1ujGwCASCFT9MUkzByS38aUBOe8ceC17Fou3kNbj0zpfFr
 /EA8gimGBScjLNLHv2tebxKvqH7QlkyW3Jspw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=QwH9gCjMoSdpyJdjdWRruLsjvFcDoXAem3HOibdJmek=;
 b=TN8GpXl6SUJ6AJTpsjBXMlKS3HSf3owaNJI+O7Z/RyBesocDCiMq67wdsmUGyT/eZb
 E9dl4fJ/a+d+jXeu2EuvCrxbycZixczdvs9XcdZYXJtlz2okPYWJYb4sEDOVYEuyfuU+
 aKE8DjwcIaY66MGbvG+GIXrwNyQVLOUAUG1Sumotw9zfKiojQUjMmoX/5ZQEXTbdRD4W
 FH/B8S0/ZOKvlRA3qMpVBWNpQiftnjVFfUG2gpcu9K6meIKqvb8KnfM7sM564CHcGIwj
 XXe9mxDf0asjLN28BnG8TgWmcz5fbmYSrIZAQ/Y096xCsooz5sWvXO5xbVMGBl0JRem6
 T5iw==
X-Gm-Message-State: AJcUukfptQY+IFfU95+bNTSOYwKlvUwxmdBo9whqrkfULHw/rfKsPhGd
 72hL47EgIeB9X8z/2qTZf+vIVzWDueo=
X-Google-Smtp-Source: ALg8bN5OJ6pgS82u9MIJDSW2XkUp1amo70dyfdcCcloivC+OgBC50s+kedzQxvTademWTjTU3HC6SQ==
X-Received: by 2002:adf:f390:: with SMTP id m16mr27914807wro.71.1548090223222; 
 Mon, 21 Jan 2019 09:03:43 -0800 (PST)
Received: from bivouac.eciton.net (bivouac.eciton.net.
 [2a00:1098:0:86:1000:23:0:2])
 by smtp.gmail.com with ESMTPSA id t18sm31206998wmt.35.2019.01.21.09.03.41
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 21 Jan 2019 09:03:42 -0800 (PST)
Date: Mon, 21 Jan 2019 17:03:40 +0000
From: Leif Lindholm <leif.lindholm@linaro.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
 Masahisa Kojima <masahisa.kojima@linaro.org>
Message-ID: <20190121170340.zircwdlsombowtmp@bivouac.eciton.net>
References: <20190104144336.8941-1-ard.biesheuvel@linaro.org>
 <20190104144336.8941-7-ard.biesheuvel@linaro.org>
 <20190117110456.z22z2udhnbza3liy@bivouac.eciton.net>
 <CAKv+Gu_oF64XtqZi8J3nb536JVsxwGZVir70wJqi0F0y1CSgiw@mail.gmail.com>
 <20190117120817.c2kpkldlzn7zjrkg@bivouac.eciton.net>
 <CAKv+Gu-4QCiUxCXOfWQYZZD9k=JJTUWR1-GnwUTyooSYR7MWcQ@mail.gmail.com>
 <CAKv+Gu_a2jEsSh6ioCN7k-mYa_gKz60W65zrTpeAbZ-4Z+nXBQ@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAKv+Gu_a2jEsSh6ioCN7k-mYa_gKz60W65zrTpeAbZ-4Z+nXBQ@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Subject: Re: [PATCH edk2-platforms 6/7] Platform/DeveloperBox: add .DSC/.FDF description of MM components
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 17:03:45 -0000
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jan 21, 2019 at 05:57:20PM +0100, Ard Biesheuvel wrote:
> On Thu, 17 Jan 2019 at 13:18, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> >
> > On Thu, 17 Jan 2019 at 13:08, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> > >
> > > On Thu, Jan 17, 2019 at 12:10:01PM +0100, Ard Biesheuvel wrote:
> > > > > >  ################################################################################
> > > > > >  #
> > > > > > @@ -294,8 +295,10 @@ [PcdsFixedAtBuild.common]
> > > > > >  !endif
> > > > > >    gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|$(BUILD_NUMBER)
> > > > > >
> > > > > > -  gArmTokenSpaceGuid.PcdMmBufferBase|0xFFC00000
> > > > > > -  gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
> > > > > > +  gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> > > > >
> > > > > So, I can see why you add this hard-wired for the purpose of testing.
> > > > > But please, add a *very* conspicuous, and strongly worded, comment
> > > > > statement preceding it.
> > > >
> > > > Well, I was talking to Peter about this the other day: according to
> > > > the spec, this setting should only matter before exit boot services,
> > > > and since this platform only supports serial and GOP consoles, one
> > > > could argue that only a physically present user could interact with it
> > > > before that time.
> > >
> > > But that also makes the Pcd pointless.
> > >
> > > > The obvious way of implementing this non-trivially on this platform is
> > > > to use a DIP switch, but that requires you to open the case to
> > > > enroll/delete the platform key. Perhaps that does not matter, and it
> > > > would in fact produce a less dangerous reference implementation.
> > >
> > > I would be totally OK with that.
> > > I would also be totally OK with a DynamicPcd settable through the UI
> > > (which is what most machines I come across have).
> > >
> >
> > That won't work for this implementation: the state of dynamic PCDs
> > does not propagate into the MM world (nor should it), and so no MM
> > driver implementing the dynamic PCD protocol exists.
> >
> > > But I would also be cool with a sufficiently evil "here be dragons"
> > > statement, pointing out that we don't care that much
> > > *on*this*specific*system* because the NOR isn't actually hw protected
> > > anyway, and this implementation is all about exercising the software
> > > stack..
> > >
> >
> > I'll go with that for the time being.
> 
> I'll add the following:
> 
> diff --git a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc
> b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc
> index f191edcb78dd..1ac8c8f95722 100644
> --- a/Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc
> +++ b/Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc
> @@ -301,6 +301,13 @@
>  !endif
>    gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|$(BUILD_NUMBER)
> 
> +  #
> +  # NOTE: this platform is not fully secure (the NOR flash is mapped
> non-secure)
> +  # and so the MM based secure boot implementation it provides should
> be treated
> +  # as a reference only. For this reason, it does not make a lot of sense to
> +  # implement an elaborate PlatformSecureLib implementation that can assert
> +  # physical presence, and instead, we'll stick with the default PCD based one.
> +  #
>    gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> 
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000

Totally happy with that.
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>