From: Laszlo Ersek <lersek@redhat.com>
To: "Zeng, Star" <star.zeng@intel.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>,
"Wu, Jiaxin" <jiaxin.wu@intel.com>
Cc: edk2-devel-01 <edk2-devel@lists.01.org>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: internal structure of EFI_TLS_CA_CERTIFICATE_VARIABLE
Date: Wed, 28 Mar 2018 12:06:41 +0200 [thread overview]
Message-ID: <59219fa4-9a1d-5e64-e967-33ce7efa05b2@redhat.com> (raw)
In-Reply-To: <0C09AFA07DD0434D9E2A0C6AEB0483103BA73C29@shsmsx102.ccr.corp.intel.com>
Hi Star,
thanks for following up; comments below:
On 03/28/18 05:28, Zeng, Star wrote:
> Is there a PCD pointers to the siglist?
We discussed that earlier, but because HttpDxe -- which consumes the
certificate list -- is a UEFI driver, we decided that it should not
consume dynamic PCDs. The alternative (specified in the UEFI spec) was
variables.
The earlier discussion wasn't exactly about the trusted CA cert list.
Instead, it was about the trusted cipher algo list. However, both of
these knobs pose the same "info channel" questions. So here's the link
into the cipher algo list discussion:
http://mid.mail-archive.com/895558F6EA4E3B41AC93A00D163B72741637DE9E@SHSMSX103.ccr.corp.intel.com
> For adding PcdMaxVolatileVariableSize: non-authenticated, volatile, I think it is acceptable if there are use cases.
Thank you for accepting the idea in theory :)
Do you think it is a simple change? Or is it intrusive?
If it is intrusive, then I'd prefer if one of the variable driver
maintainers wrote the patch. It's a complex driver and there can be
hidden assumptions and relationships that I might miss.
If it's a reasonably simple change then I'm happy to work on it.
Thanks!
Laszlo
next prev parent reply other threads:[~2018-03-28 10:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-20 14:55 internal structure of EFI_TLS_CA_CERTIFICATE_VARIABLE Laszlo Ersek
2018-03-21 1:30 ` Fu, Siyuan
2018-03-21 13:39 ` Laszlo Ersek
2018-03-22 2:02 ` Wu, Jiaxin
2018-03-22 9:20 ` Laszlo Ersek
2018-03-28 2:31 ` Laszlo Ersek
2018-03-28 3:28 ` Zeng, Star
2018-03-28 10:06 ` Laszlo Ersek [this message]
2018-03-28 11:10 ` Zeng, Star
2018-03-28 12:01 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59219fa4-9a1d-5e64-e967-33ce7efa05b2@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox