From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 407DB2117FD5D for ; Wed, 31 Oct 2018 06:58:59 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2018 06:58:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,447,1534834800"; d="scan'208";a="104264468" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga001.jf.intel.com with ESMTP; 31 Oct 2018 06:58:59 -0700 Received: from fmsmsx111.amr.corp.intel.com (10.18.116.5) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 31 Oct 2018 06:58:59 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx111.amr.corp.intel.com (10.18.116.5) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 31 Oct 2018 06:58:58 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.117]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.199]) with mapi id 14.03.0415.000; Wed, 31 Oct 2018 21:58:56 +0800 From: "Gao, Liming" To: Jagadeesh Ujja , "edk2-devel@lists.01.org" Thread-Topic: [edk2] [RFC PATCH 0/9] Extend secure variable service to be usable from Standalone MM Thread-Index: AQHUcQuJ7YFff1Yw2kOij1YyfKFxuKU5W2IQ Date: Wed, 31 Oct 2018 13:58:55 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E3629A5@SHSMSX104.ccr.corp.intel.com> References: <20181031110947.6305-1-jagadeesh.ujja@arm.com> In-Reply-To: <20181031110947.6305-1-jagadeesh.ujja@arm.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjYyZjk0MDAtOWUwMC00MmM4LTgwZjQtNWM1ODFlMmNlYjY1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiMnJ3ZDB3R2t1NnZCRElaWEtzdTNkZUt2MFJ6NnVZaHMwSUVMMmJjYVhkXC9ORzB2RnBRbmtVWnBlK1wvOVpFUkp2In0= dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [RFC PATCH 0/9] Extend secure variable service to be usable from Standalone MM X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2018 13:59:00 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Jagadeesh: I have some comments.=20 1) Edk2 don't use #ifdef/#else/#endif to switch the code logic. You can def= ine PCD to switch the code logic bases on PCD setting.=20 2) Edk2 MdeModulePkg should not depend on platform packages from edk2-platf= orms. MdeModulePkg includes the generic modules those are platform intenden= t.=20 3) mMmst is used widely. You can also introduce MmServiceTableLib for it.=20 4) CryptoPkg\Library\BaseCryptLib\BaseCryptLib.inf can be reused only if yo= u provide one dummy implementation UefiRuntimeServiceTableLib for MM_STANDA= LONE usage.=20 Thanks Liming > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ja= gadeesh Ujja > Sent: Wednesday, October 31, 2018 7:10 PM > To: edk2-devel@lists.01.org > Subject: [edk2] [RFC PATCH 0/9] Extend secure variable service to be usab= le from Standalone MM >=20 > This RFC patch series extends the existing secure variable service suppor= t > for use with Standalone MM. This is applicable to paltforms that use > Standalone Management Mode to protect access to non-volatile memory (NOR > flash in case of these patches) used to store the secure EFI variables. >=20 > The first patch pulls in additional libraries from the staging branch of > StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > variable service implementation supports only the traditional MM mode > and so the rest of the patches extends the existing secure variable > service support to be useable with Standalone MM mode as well. >=20 > This patch series is being posted as an RFC to get feedback on the > approach taken in these patches. >=20 > Jagadeesh Ujja (9): > StandaloneMmPkg: Pull in additonal libraries from staging branch > ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver > MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver > MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalon= e > MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver > CryptoPkg/BaseCryptLib: Hack to get time in MM Standalone mode > SecurityPkg/AuthVariableLib:allow reusability as MM_STANDALONE > MdeModulePkg VarCheckLib: allow reusability as MM_STANDALONE > CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library >=20 > .../Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 5 +- > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 116 ++- > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 15 +- > .../Drivers/NorFlashDxe/NorFlashFvbDxe.c | 26 +- > .../Drivers/NorFlashDxe/NorFlashMmStandalone.inf | 76 ++ > .../BaseCryptLib/BaseCryptLibMmStandalone.inf | 106 +++ > .../Library/BaseCryptLib/SysCall/TimerWrapper.c | 19 +- > MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +- > .../FaultTolerantWriteMmStandalone.inf | 100 +++ > .../FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 72 +- > .../FaultTolerantWriteDxe/UpdateWorkingBlock.c | 8 +- > .../Universal/Variable/RuntimeDxe/Variable.c | 16 +- > .../Universal/Variable/RuntimeDxe/Variable.h | 8 + > .../Variable/RuntimeDxe/VariableMmStandalone.inf | 134 ++++ > .../Universal/Variable/RuntimeDxe/VariableSmm.c | 73 +- > .../Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 20 +- > .../Library/AuthVariableLib/AuthVariableLib.inf | 5 +- > .../StandaloneMmCoreHobLib.inf | 2 +- > .../AArch64/StandaloneMmCoreHobLibInternal.c | 64 ++ > .../StandaloneMmHobLib/StandaloneMmHobLib.c | 655 +++++++++++++++= + > .../StandaloneMmHobLib/StandaloneMmHobLib.inf | 48 ++ > .../StandaloneMmMemoryAllocationLib.c | 824 +++++++++++++++= ++++++ > .../StandaloneMmMemoryAllocationLib.inf | 45 ++ > .../StandaloneMmServicesTableLib.c | 40 + > .../StandaloneMmServicesTableLib.inf | 36 + > 25 files changed, 2470 insertions(+), 48 deletions(-) > create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashMmStandalo= ne.inf > create mode 100644 CryptoPkg/Library/BaseCryptLib/BaseCryptLibMmStandalo= ne.inf > create mode 100644 MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTol= erantWriteMmStandalone.inf > create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableMm= Standalone.inf > create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/St= andaloneMmCoreHobLibInternal.c > create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/Standalone= MmHobLib.c > create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/Standalone= MmHobLib.inf > create mode 100644 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationL= ib/StandaloneMmMemoryAllocationLib.c > create mode 100644 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationL= ib/StandaloneMmMemoryAllocationLib.inf > create mode 100644 StandaloneMmPkg/Library/StandaloneMmServicesTableLib/= StandaloneMmServicesTableLib.c > create mode 100644 StandaloneMmPkg/Library/StandaloneMmServicesTableLib/= StandaloneMmServicesTableLib.inf >=20 > -- > 1.9.1 >=20 >=20 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel