From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+109354+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id C48A194161E
	for <rebecca@openfw.io>; Thu,  5 Oct 2023 12:57:50 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=gZXSYT8Pyu+Jx8bSmYa2ZnXbzkyN9VH7GnLdzZyb2hQ=;
 c=relaxed/simple; d=groups.io;
 h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1696510669; v=1;
 b=AZHvR+TBRHs146dlXjDiYoRk68R/vmayX+Je0a9UCzoUZIlTkyM6MoxQMLHmlqWhzMbvyFs4
 YmQb63xrcR1C5zsz/4nz9Q2wU5Q2001it0QJsqxleqtkPVbOhWv+PfnIsWp0RqsxUHRpZ8AHbL2
 YPjYQUE6+QqN1ZsPPRBE3M30=
X-Received: by 127.0.0.2 with SMTP id vigCYY7687511xqElZ6x0vNT; Thu, 05 Oct 2023 05:57:49 -0700
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web10.14486.1696510668688227610
 for <devel@edk2.groups.io>;
 Thu, 05 Oct 2023 05:57:48 -0700
X-Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-198-ee07HZ6YOBC8KLiuTWTOjA-1; Thu, 05 Oct 2023 08:57:42 -0400
X-MC-Unique: ee07HZ6YOBC8KLiuTWTOjA-1
X-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 17D8D1C068C0;
	Thu,  5 Oct 2023 12:57:40 +0000 (UTC)
X-Received: from [10.39.194.153] (unknown [10.39.194.153])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0AAB7140E953;
	Thu,  5 Oct 2023 12:57:37 +0000 (UTC)
Message-ID: <3be6502d-379e-7966-1db6-ca31e88626ed@redhat.com>
Date: Thu, 5 Oct 2023 14:57:36 +0200
MIME-Version: 1.0
Subject: Re: [edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib
To: Gerd Hoffmann <kraxel@redhat.com>, devel@edk2.groups.io
Cc: taylor.d.beebe@gmail.com, Ard Biesheuvel <ardb@kernel.org>,
 Jian J Wang <jian.j.wang@intel.com>, Liming Gao <gaoliming@byosoft.com.cn>,
 Nhi Pham <nhi@os.amperecomputing.com>, Oliver Steffen <osteffen@redhat.com>
References: <20230920005752.2041-1-taylor.d.beebe@gmail.com>
 <20230920005752.2041-21-taylor.d.beebe@gmail.com>
 <wwmq5ek5t62qxpz27acnlwq5idtflu6in4olbjw7agowfiiirr@7kfhd6trcrqq>
 <2390fe7b-d994-4aed-8b45-97bf028b2cb3@gmail.com>
 <cpauc7ga7j6o6q3f52tma32xy6g5ejpvzlgz6gyc3iqkmso274@2mheu7xhjjsn>
 <f4f37bb4-c93c-4a00-9d17-d68a83cf80d0@gmail.com>
 <8ae346cc-36c0-55da-e939-bdf22ff5b7f4@redhat.com>
 <obmpdjppx44hg2kioq2z3tkiy5vw2cod3atguosgd6swfk655t@naw3dfztwdtj>
 <xjocf2kong5etvui5nedepmok2vgtoqasx5ht2r2pzqutp3wgn@tdnhmwit4yc6>
From: "Laszlo Ersek" <lersek@redhat.com>
In-Reply-To: <xjocf2kong5etvui5nedepmok2vgtoqasx5ht2r2pzqutp3wgn@tdnhmwit4yc6>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,lersek@redhat.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: knxPLfhUVlOeN98Lu4O0qCywx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=AZHvR+TB;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

On 10/5/23 12:23, Gerd Hoffmann wrote:
>   Hi,
>=20
>>>> An Arm compatible PEIM instance of QemuFwCfgLib will need to be create=
d.
>>>> I'm happy to look into it, but I don't want to hang up this patch seri=
es on
>>>> that addition. Instead, I'll set the protection policy for ArmVirtPkg =
to
>>>> the equivalent of the new GrubCompat profile in this series.
>>>
>>> Can you base the default policy (i.e., the one that takes effect in the
>>> absence of fw_cfg) on a PCD?
>>
>> That would be nice indeed.
>=20
> While being at it:  Does it make sense to have *two* defaults, one for
> secureboot=3Don (strict) and one for secureboot=3Doff (compat) ?

I'm not sure, for now we can't enforce truly secure secure boot anyway.

Laszlo



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109354): https://edk2.groups.io/g/devel/message/109354
Mute This Topic: https://groups.io/mt/101469960/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562=
12/xyzzy [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-