Re: [edk2-devel] Questions about UEFI MAT / PcdPropertiesTableEnable

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, tigerliu@zhaoxin.com
Subject: Re: [edk2-devel] Questions about UEFI MAT / PcdPropertiesTableEnable
Date: Mon, 23 Mar 2020 14:21:49 +0100	[thread overview]
Message-ID: <4c1161fc-2f1a-3a18-fe7e-9a395a5a532c@redhat.com> (raw)
In-Reply-To: <986b51e441804c3ba288a0af210d0f4f@zhaoxin.com>

On 03/17/20 10:27, Tiger Liu(BJ-RD) wrote:
> Hi, Experts:
> I have a question about UEFI MAT / PcdPropertiesTableEnable.
> Device protection in Windows Security, standard hardware security requirement is described as below:
> TPM 2.0
> Secure Boot Enabled
> DEP
> UEFI MAT
> 
> And UEFI MAT feature is related with PcdPropertiesTableEnable.
> 
> But I found the newest UDK kernel, this PCD is still set with FALSE.
> 
> So, is there any concerns if setting its default value as TRUE.

The properties table should not be used. It has been superseded by the memory attributes table, per spec.

In edk2, the properties table is controlled by the PCD, regardless of the memory attributes table.

In edk2, the memory attributes table is always produced, regardless of the properties table.

Please see the discussion under:

[edk2] [patch 0/7] Add UEFI2.6 MemoryAttributesTable support.
http://mid.mail-archive.com/1454069539-4056-1-git-send-email-jiewen.yao@intel.com

Thanks
Laszlo

next prev parent reply	other threads:[~2020-03-23 13:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-17  9:27 [edk2-devel] Questions about UEFI MAT / PcdPropertiesTableEnable Tiger Liu(BJ-RD)
2020-03-23 13:21 ` Laszlo Ersek [this message]
2020-03-25  5:17   ` Ni, Ray
2020-03-25 16:54     ` Laszlo Ersek
2020-03-25 17:00       ` Ard Biesheuvel
2020-03-25 20:34         ` [EXTERNAL] " Bret Barkelew
  -- strict thread matches above, loose matches on Subject: below --
2020-03-25  3:36 Tiger Liu(BJ-RD)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4c1161fc-2f1a-3a18-fe7e-9a395a5a532c@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox