[PATCH] Maintainers.txt: Add reviewers for security features.

[PATCH] Maintainers.txt: Add reviewers for security features.

[Dong, Eric]

Add reviewers to review security related changes.
Impacted below modules:

MdeModulePkg: Pei Core
F: MdeModulePkg/Core/Pei/

SecurityPkg: Tcg related modules
F: SecurityPkg/Tcg/

SecurityPkg: Secure boot related modules
F: SecurityPkg/Library/DxeImageVerificationLib/
F: SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/
F: SecurityPkg/Library/AuthVariableLib/

UefiCpuPkg: Sec related modules
F: UefiCpuPkg/SecCore/
F: UefiCpuPkg/ResetVector/

Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
---
 Maintainers.txt | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/Maintainers.txt b/Maintainers.txt
index 76f336b7dc..4f316cfc60 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -258,6 +258,14 @@ F: MdeModulePkg/Universal/Console/
 R: Zhichao Gao <zhichao.gao@intel.com>
 R: Ray Ni <ray.ni@intel.com>
 
+MdeModulePkg: Pei Core
+F: MdeModulePkg/Core/Pei/
+R: Dandan Bi <dandan.bi@intel.com>
+R: Liming Gao <liming.gao@intel.com>
+R: Debkumar De <debkumar.de@intel.com>
+R: Harry Han <harry.han@intel.com>
+R: Catharine West <catharine.west@intel.com>
+
 MdeModulePkg: Core services (PEI, DXE and Runtime) modules
 F: MdeModulePkg/*Mem*/
 F: MdeModulePkg/*SectionExtract*/
@@ -265,7 +273,6 @@ F: MdeModulePkg/*StatusCode*/
 F: MdeModulePkg/Application/DumpDynPcd/
 F: MdeModulePkg/Core/Dxe/
 F: MdeModulePkg/Core/DxeIplPeim/
-F: MdeModulePkg/Core/Pei/
 F: MdeModulePkg/Core/RuntimeDxe/
 F: MdeModulePkg/Include/*Mem*.h
 F: MdeModulePkg/Include/*Pcd*.h
@@ -463,6 +470,17 @@ M: Jiewen Yao <jiewen.yao@intel.com>
 M: Jian J Wang <jian.j.wang@intel.com>
 R: Chao Zhang <chao.b.zhang@intel.com>
 
+SecurityPkg: Tcg related modules
+F: SecurityPkg/Tcg/
+R: Qi Zhang <qi1.zhang@intel.com>
+R: Rahul Kumar <rahul1.kumar@intel.com>
+
+SecurityPkg: Secure boot related modules
+F: SecurityPkg/Library/DxeImageVerificationLib/
+F: SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/
+F: SecurityPkg/Library/AuthVariableLib/
+R: Min Xu <min.m.xu@intel.com>
+
 ShellPkg
 F: ShellPkg/
 W: https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg
@@ -486,6 +504,14 @@ W: https://github.com/tianocore/tianocore.github.io/wiki/UefiCpuPkg
 M: Eric Dong <eric.dong@intel.com>
 M: Ray Ni <ray.ni@intel.com>
 R: Laszlo Ersek <lersek@redhat.com>
+R: Rahul Kumar <rahul1.kumar@intel.com>
+
+UefiCpuPkg: Sec related modules
+F: UefiCpuPkg/SecCore/
+F: UefiCpuPkg/ResetVector/
+R: Debkumar De <debkumar.de@intel.com>
+R: Harry Han <harry.han@intel.com>
+R: Catharine West <catharine.west@intel.com>
 
 UefiPayloadPkg
 F: UefiPayloadPkg/
-- 
2.23.0.windows.1

Re: [PATCH] Maintainers.txt: Add reviewers for security features.

[Laszlo Ersek]

Hi Eric,

On 06/01/20 10:07, Eric Dong wrote:
> Add reviewers to review security related changes.
> Impacted below modules:
> 
> MdeModulePkg: Pei Core
> F: MdeModulePkg/Core/Pei/
> 
> SecurityPkg: Tcg related modules
> F: SecurityPkg/Tcg/
> 
> SecurityPkg: Secure boot related modules
> F: SecurityPkg/Library/DxeImageVerificationLib/
> F: SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/
> F: SecurityPkg/Library/AuthVariableLib/
> 
> UefiCpuPkg: Sec related modules
> F: UefiCpuPkg/SecCore/
> F: UefiCpuPkg/ResetVector/
> 
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Debkumar De <debkumar.de@intel.com>
> Cc: Harry Han <harry.han@intel.com>
> Cc: Catharine West <catharine.west@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Min Xu <min.m.xu@intel.com>
> ---
>  Maintainers.txt | 28 +++++++++++++++++++++++++++-
>  1 file changed, 27 insertions(+), 1 deletion(-)

This patch should be split in at least 3 parts (one per package). Maybe
even 4 parts (if we want to keep the TCG vs. Secure Boot section update
separate).

There are two reasons for this:

(1) Better review granularity.

For a (random!) example, Debkumar De is not added under SecurityPkg,
therefore Debkumar should not be forced to look at the SecurityPkg
hunks. But now that's a problem, because the patch contains everything.

(2) Such patches are actually code. They influence how
"BaseTools/Scripts/GetMaintainer.py  works.

For example, when you introduce "MdeModulePkg: Pei Core" as a separate
subsystem, I have to verify that you also remove it from under
"MdeModulePkg: Core services (PEI, DXE and Runtime) modules".

In addition, I review that Dandan and Liming *remain* reviewers for the
PEI Core (because they are listed under "MdeModulePkg: Core services
(PEI, DXE and Runtime) modules" as well), and that Debkumar, Harry and
Catharine are *new* reviewers. I also have to check that the resultant
reviewer list, for the new "MdeModulePkg: Pei Core" subsystem does not
overlap with the general MdeModulePkg owners (Jian, Hao).

So that's all good, but it's complex enough that I really don't want to
handle *multiple packages* in this regard in a single patch. The same
procedure has to be done for SecurityPkg and UefiCpuPkg as well (on the
reviewer side), and having them all in a single patch makes the review
needlessly difficult.

So split this up please.

Thanks
Laszlo

> 
> diff --git a/Maintainers.txt b/Maintainers.txt
> index 76f336b7dc..4f316cfc60 100644
> --- a/Maintainers.txt
> +++ b/Maintainers.txt
> @@ -258,6 +258,14 @@ F: MdeModulePkg/Universal/Console/
>  R: Zhichao Gao <zhichao.gao@intel.com>
>  R: Ray Ni <ray.ni@intel.com>
>  
> +MdeModulePkg: Pei Core
> +F: MdeModulePkg/Core/Pei/
> +R: Dandan Bi <dandan.bi@intel.com>
> +R: Liming Gao <liming.gao@intel.com>
> +R: Debkumar De <debkumar.de@intel.com>
> +R: Harry Han <harry.han@intel.com>
> +R: Catharine West <catharine.west@intel.com>
> +
>  MdeModulePkg: Core services (PEI, DXE and Runtime) modules
>  F: MdeModulePkg/*Mem*/
>  F: MdeModulePkg/*SectionExtract*/
> @@ -265,7 +273,6 @@ F: MdeModulePkg/*StatusCode*/
>  F: MdeModulePkg/Application/DumpDynPcd/
>  F: MdeModulePkg/Core/Dxe/
>  F: MdeModulePkg/Core/DxeIplPeim/
> -F: MdeModulePkg/Core/Pei/
>  F: MdeModulePkg/Core/RuntimeDxe/
>  F: MdeModulePkg/Include/*Mem*.h
>  F: MdeModulePkg/Include/*Pcd*.h
> @@ -463,6 +470,17 @@ M: Jiewen Yao <jiewen.yao@intel.com>
>  M: Jian J Wang <jian.j.wang@intel.com>
>  R: Chao Zhang <chao.b.zhang@intel.com>
>  
> +SecurityPkg: Tcg related modules
> +F: SecurityPkg/Tcg/
> +R: Qi Zhang <qi1.zhang@intel.com>
> +R: Rahul Kumar <rahul1.kumar@intel.com>
> +
> +SecurityPkg: Secure boot related modules
> +F: SecurityPkg/Library/DxeImageVerificationLib/
> +F: SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/
> +F: SecurityPkg/Library/AuthVariableLib/
> +R: Min Xu <min.m.xu@intel.com>
> +
>  ShellPkg
>  F: ShellPkg/
>  W: https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg
> @@ -486,6 +504,14 @@ W: https://github.com/tianocore/tianocore.github.io/wiki/UefiCpuPkg
>  M: Eric Dong <eric.dong@intel.com>
>  M: Ray Ni <ray.ni@intel.com>
>  R: Laszlo Ersek <lersek@redhat.com>
> +R: Rahul Kumar <rahul1.kumar@intel.com>
> +
> +UefiCpuPkg: Sec related modules
> +F: UefiCpuPkg/SecCore/
> +F: UefiCpuPkg/ResetVector/
> +R: Debkumar De <debkumar.de@intel.com>
> +R: Harry Han <harry.han@intel.com>
> +R: Catharine West <catharine.west@intel.com>
>  
>  UefiPayloadPkg
>  F: UefiPayloadPkg/
> 

Re: [edk2-devel] [PATCH] Maintainers.txt: Add reviewers for security features.

[Dong, Eric]

[-- Attachment #1: Type: text/plain, Size: 6601 bytes --]

Hi Laszlo,

Thanks for your comments. I will split it in my next version patches.

Thanks,
Eric
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Laszlo Ersek
Sent: Tuesday, June 2, 2020 9:42 PM
To: Dong, Eric <eric.dong@intel.com>; devel@edk2.groups.io
Cc: Wu, Hao A <hao.a.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>; Ni, Ray <ray.ni@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han, Harry <harry.han@intel.com>; West, Catharine <catharine.west@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; Xu, Min M <min.m.xu@intel.com>
Subject: Re: [edk2-devel] [PATCH] Maintainers.txt: Add reviewers for security features.

Hi Eric,

On 06/01/20 10:07, Eric Dong wrote:
> Add reviewers to review security related changes.
> Impacted below modules:
>
> MdeModulePkg: Pei Core
> F: MdeModulePkg/Core/Pei/
>
> SecurityPkg: Tcg related modules
> F: SecurityPkg/Tcg/
>
> SecurityPkg: Secure boot related modules
> F: SecurityPkg/Library/DxeImageVerificationLib/
> F: SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/
> F: SecurityPkg/Library/AuthVariableLib/
>
> UefiCpuPkg: Sec related modules
> F: UefiCpuPkg/SecCore/
> F: UefiCpuPkg/ResetVector/
>
> Signed-off-by: Eric Dong <eric.dong@intel.com<mailto:eric.dong@intel.com>>
> Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Cc: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>
> Cc: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> Cc: Debkumar De <debkumar.de@intel.com<mailto:debkumar.de@intel.com>>
> Cc: Harry Han <harry.han@intel.com<mailto:harry.han@intel.com>>
> Cc: Catharine West <catharine.west@intel.com<mailto:catharine.west@intel.com>>
> Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
> Cc: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> ---
>  Maintainers.txt | 28 +++++++++++++++++++++++++++-
>  1 file changed, 27 insertions(+), 1 deletion(-)

This patch should be split in at least 3 parts (one per package). Maybe
even 4 parts (if we want to keep the TCG vs. Secure Boot section update
separate).

There are two reasons for this:

(1) Better review granularity.

For a (random!) example, Debkumar De is not added under SecurityPkg,
therefore Debkumar should not be forced to look at the SecurityPkg
hunks. But now that's a problem, because the patch contains everything.

(2) Such patches are actually code. They influence how
"BaseTools/Scripts/GetMaintainer.py  works.

For example, when you introduce "MdeModulePkg: Pei Core" as a separate
subsystem, I have to verify that you also remove it from under
"MdeModulePkg: Core services (PEI, DXE and Runtime) modules".

In addition, I review that Dandan and Liming *remain* reviewers for the
PEI Core (because they are listed under "MdeModulePkg: Core services
(PEI, DXE and Runtime) modules" as well), and that Debkumar, Harry and
Catharine are *new* reviewers. I also have to check that the resultant
reviewer list, for the new "MdeModulePkg: Pei Core" subsystem does not
overlap with the general MdeModulePkg owners (Jian, Hao).

So that's all good, but it's complex enough that I really don't want to
handle *multiple packages* in this regard in a single patch. The same
procedure has to be done for SecurityPkg and UefiCpuPkg as well (on the
reviewer side), and having them all in a single patch makes the review
needlessly difficult.

So split this up please.

Thanks
Laszlo

>
> diff --git a/Maintainers.txt b/Maintainers.txt
> index 76f336b7dc..4f316cfc60 100644
> --- a/Maintainers.txt
> +++ b/Maintainers.txt
> @@ -258,6 +258,14 @@ F: MdeModulePkg/Universal/Console/
>  R: Zhichao Gao <zhichao.gao@intel.com<mailto:zhichao.gao@intel.com>>
>  R: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>
>
> +MdeModulePkg: Pei Core
> +F: MdeModulePkg/Core/Pei/
> +R: Dandan Bi <dandan.bi@intel.com<mailto:dandan.bi@intel.com>>
> +R: Liming Gao <liming.gao@intel.com<mailto:liming.gao@intel.com>>
> +R: Debkumar De <debkumar.de@intel.com<mailto:debkumar.de@intel.com>>
> +R: Harry Han <harry.han@intel.com<mailto:harry.han@intel.com>>
> +R: Catharine West <catharine.west@intel.com<mailto:catharine.west@intel.com>>
> +
>  MdeModulePkg: Core services (PEI, DXE and Runtime) modules
>  F: MdeModulePkg/*Mem*/
>  F: MdeModulePkg/*SectionExtract*/
> @@ -265,7 +273,6 @@ F: MdeModulePkg/*StatusCode*/
>  F: MdeModulePkg/Application/DumpDynPcd/
>  F: MdeModulePkg/Core/Dxe/
>  F: MdeModulePkg/Core/DxeIplPeim/
> -F: MdeModulePkg/Core/Pei/
>  F: MdeModulePkg/Core/RuntimeDxe/
>  F: MdeModulePkg/Include/*Mem*.h
>  F: MdeModulePkg/Include/*Pcd*.h
> @@ -463,6 +470,17 @@ M: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>  M: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
>  R: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
>
> +SecurityPkg: Tcg related modules
> +F: SecurityPkg/Tcg/
> +R: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> +R: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
> +
> +SecurityPkg: Secure boot related modules
> +F: SecurityPkg/Library/DxeImageVerificationLib/
> +F: SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/
> +F: SecurityPkg/Library/AuthVariableLib/
> +R: Min Xu <min.m.xu@intel.com<mailto:min.m.xu@intel.com>>
> +
>  ShellPkg
>  F: ShellPkg/
>  W: https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg
> @@ -486,6 +504,14 @@ W: https://github.com/tianocore/tianocore.github.io/wiki/UefiCpuPkg
>  M: Eric Dong <eric.dong@intel.com<mailto:eric.dong@intel.com>>
>  M: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>
>  R: Laszlo Ersek <lersek@redhat.com<mailto:lersek@redhat.com>>
> +R: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
> +
> +UefiCpuPkg: Sec related modules
> +F: UefiCpuPkg/SecCore/
> +F: UefiCpuPkg/ResetVector/
> +R: Debkumar De <debkumar.de@intel.com<mailto:debkumar.de@intel.com>>
> +R: Harry Han <harry.han@intel.com<mailto:harry.han@intel.com>>
> +R: Catharine West <catharine.west@intel.com<mailto:catharine.west@intel.com>>
>
>  UefiPayloadPkg
>  F: UefiPayloadPkg/
>




[-- Attachment #2: Type: text/html, Size: 18153 bytes --]