From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [216.205.24.74]) by mx.groups.io with SMTP id smtpd.web12.52222.1584969721947699548 for ; Mon, 23 Mar 2020 06:22:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NNWqiH4J; spf=pass (domain: redhat.com, ip: 216.205.24.74, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1584969721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LvECStiCndvpjAoRVYnUP85FUAViVzWtNhi1eMpq/iY=; b=NNWqiH4JT3ecLqWn3dBe1ZoODUxRnci7zKGh80SFDOKTaFELvrpivaagTBAbh46c5D4Cms 3S28nW7PT1ITvyh4xFg1FIv1H3WL6mqaQ1kFzryrLi9Gk/bM7suPU5KQ5U8rUHnad93Y8n Pz/k1BpKuZHcDzlKvkAznRp3VxnmqVw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-367-AYxMNcKLMd-OJ_C8TyBeNA-1; Mon, 23 Mar 2020 09:21:54 -0400 X-MC-Unique: AYxMNcKLMd-OJ_C8TyBeNA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EDAC2100550E; Mon, 23 Mar 2020 13:21:51 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-32.ams2.redhat.com [10.36.112.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1BD6660BE2; Mon, 23 Mar 2020 13:21:50 +0000 (UTC) Subject: Re: [edk2-devel] Questions about UEFI MAT / PcdPropertiesTableEnable To: devel@edk2.groups.io, tigerliu@zhaoxin.com References: <986b51e441804c3ba288a0af210d0f4f@zhaoxin.com> From: "Laszlo Ersek" Message-ID: <4c1161fc-2f1a-3a18-fe7e-9a395a5a532c@redhat.com> Date: Mon, 23 Mar 2020 14:21:49 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <986b51e441804c3ba288a0af210d0f4f@zhaoxin.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 03/17/20 10:27, Tiger Liu(BJ-RD) wrote: > Hi, Experts: > I have a question about UEFI MAT / PcdPropertiesTableEnable. > Device protection in Windows Security, standard hardware security requirement is described as below: > TPM 2.0 > Secure Boot Enabled > DEP > UEFI MAT > > And UEFI MAT feature is related with PcdPropertiesTableEnable. > > But I found the newest UDK kernel, this PCD is still set with FALSE. > > So, is there any concerns if setting its default value as TRUE. The properties table should not be used. It has been superseded by the memory attributes table, per spec. In edk2, the properties table is controlled by the PCD, regardless of the memory attributes table. In edk2, the memory attributes table is always produced, regardless of the properties table. Please see the discussion under: [edk2] [patch 0/7] Add UEFI2.6 MemoryAttributesTable support. http://mid.mail-archive.com/1454069539-4056-1-git-send-email-jiewen.yao@intel.com Thanks Laszlo