From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [216.205.24.74])
 by mx.groups.io with SMTP id smtpd.web11.12073.1585317690246074184
 for <devel@edk2.groups.io>;
 Fri, 27 Mar 2020 07:01:30 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aDFNuhyu;
 spf=pass (domain: redhat.com, ip: 216.205.24.74, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1585317689;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=wifWeljkJeiKenOaf87Aw9oFBtDgWl76HDxCtnDYAEk=;
	b=aDFNuhyuwopbgxz6fH53rRni61TCZfpt97Ry1Ncyjuav/YefQzYKLIKOyMOXUgQhMg0Pgl
	iKSDOo1o+188OdFrNA7KHAmXxRV7Sj0ydt2WjTjRvVI8LFK92pHI4PhZdlmj769jBZ44tP
	6zIWUJ8nANKvsDSUw5gEFqd3gomJKQg=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-427-R0VHMrnSMhONXOWv4fqMNA-1; Fri, 27 Mar 2020 10:01:24 -0400
X-MC-Unique: R0VHMrnSMhONXOWv4fqMNA-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3F7AA800D5C;
	Fri, 27 Mar 2020 14:01:22 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-36.ams2.redhat.com [10.36.114.36])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5A02A7E303;
	Fri, 27 Mar 2020 14:01:20 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH 1/4] OvmfPkg: remove handling of properties table
To: devel@edk2.groups.io, ard.biesheuvel@linaro.org
Cc: Leif Lindholm <leif@nuviainc.com>,
 Michael D Kinney <michael.d.kinney@intel.com>, Ray Ni <ray.ni@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>,
 Bret Barkelew <Bret.Barkelew@microsoft.com>
References: <20200326102443.748-1-ard.biesheuvel@linaro.org>
 <20200326102443.748-2-ard.biesheuvel@linaro.org>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <27d58fac-467b-6d91-aa68-b64d10310171@redhat.com>
Date: Fri, 27 Mar 2020 15:01:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20200326102443.748-2-ard.biesheuvel@linaro.org>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit

On 03/26/20 11:24, Ard Biesheuvel wrote:
> The UEFI properties table and the associated memory protection feature was
> severely broken from the start, and has been deprecated for a while. Let's
> drop all references to it from OVMF so we can safely remove it from the
> DXE core as well.
> 
> Link: https://bugzilla.tianocore.org/show_bug.cgi?id=2633
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  OvmfPkg/OvmfPkgIa32.dsc             | 1 -
>  OvmfPkg/OvmfPkgIa32X64.dsc          | 1 -
>  OvmfPkg/OvmfPkgX64.dsc              | 1 -
>  OvmfPkg/OvmfXen.dsc                 | 1 -
>  OvmfPkg/PlatformPei/Platform.c      | 1 -
>  OvmfPkg/PlatformPei/PlatformPei.inf | 1 -
>  6 files changed, 6 deletions(-)
> 
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index 02ca17db8b2a..47926ac9e235 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -570,7 +570,6 @@ [PcdsDynamicDefault]
>  
>    # Noexec settings for DXE.
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE
> -  gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE
>  
>    # UefiCpuPkg PCDs related to initial AP bringup and general AP management.
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index d08cf558c6aa..37943624dc72 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -581,7 +581,6 @@ [PcdsDynamicDefault]
>  
>    # Noexec settings for DXE.
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE
> -  gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE
>  
>    # UefiCpuPkg PCDs related to initial AP bringup and general AP management.
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index b2dccc40a865..f41ebb95d717 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -580,7 +580,6 @@ [PcdsDynamicDefault]
>  
>    # Noexec settings for DXE.
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE
> -  gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE
>  
>    # UefiCpuPkg PCDs related to initial AP bringup and general AP management.
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64
> diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
> index 85fe39f7896c..67b95d7b788c 100644
> --- a/OvmfPkg/OvmfXen.dsc
> +++ b/OvmfPkg/OvmfXen.dsc
> @@ -483,7 +483,6 @@ [PcdsDynamicDefault]
>  
>    # Noexec settings for DXE.
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE
> -  gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE
>  
>    # Set memory encryption mask
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
> diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
> index 587ca68fc210..088e616a980c 100644
> --- a/OvmfPkg/PlatformPei/Platform.c
> +++ b/OvmfPkg/PlatformPei/Platform.c
> @@ -315,7 +315,6 @@ NoexecDxeInitialization (
>    VOID
>    )
>  {
> -  UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdPropertiesTableEnable);
>    UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdSetNxForStack);
>  }
>  
> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
> index 8531c63995c1..19f2424981bc 100644
> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
> @@ -94,7 +94,6 @@ [Pcd]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
>    gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
> -  gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable
>    gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
>    gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
> 

Given that the DEC default for PcdPropertiesTableEnable is FALSE, this
change is safe, regarding a bisection on a virtual machine configuration
where the PCD is not enabled explicitly. (IOW, if a VM configuration
does not care about this knob, then building OVMF right after this patch
will not cause the PCD to flip on.)

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks!
Laszlo