From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EDB5681E38 for ; Sun, 6 Nov 2016 18:32:37 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP; 06 Nov 2016 18:32:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,604,1473145200"; d="scan'208";a="1064854458" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga001.fm.intel.com with ESMTP; 06 Nov 2016 18:32:40 -0800 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 6 Nov 2016 18:32:40 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 6 Nov 2016 18:32:40 -0800 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.209]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.96]) with mapi id 14.03.0248.002; Mon, 7 Nov 2016 10:32:30 +0800 From: "Ni, Ruiyu" To: Laszlo Ersek , "Gao, Liming" , "edk2-devel@lists.01.org" Thread-Topic: [edk2] [PATCH 0/4] Defer 3rd party images loading to after EndOfDxe Thread-Index: AQHSNjbD6ygvYidH4ESmWUrBiphBX6DHwgcAgACVZlCAACyOgIAERNoA Date: Mon, 7 Nov 2016 02:32:29 +0000 Message-ID: <734D49CCEBEEF84792F5B80ED585239D58E56748@SHSMSX104.ccr.corp.intel.com> References: <20161104005942.345832-1-ruiyu.ni@intel.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14B49EAAD@shsmsx102.ccr.corp.intel.com> <734D49CCEBEEF84792F5B80ED585239D58E51C31@SHSMSX104.ccr.corp.intel.com> In-Reply-To: Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 0/4] Defer 3rd party images loading to after EndOfDxe X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2016 02:32:38 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks/Ray > -----Original Message----- > From: Laszlo Ersek [mailto:lersek@redhat.com] > Sent: Saturday, November 5, 2016 12:48 AM > To: Ni, Ruiyu ; Gao, Liming ; > edk2-devel@lists.01.org > Subject: Re: [edk2] [PATCH 0/4] Defer 3rd party images loading to after > EndOfDxe >=20 > On 11/04/16 07:09, Ni, Ruiyu wrote: > > No. > > The open source platform patch will be sent out later. >=20 > What are the deferred / 3rd party images? Do Driver#### and SysPrep#### > qualify? The images which are not from FV are treated as 3rd party images. And they = will be deferred to dispatch when they are dispatched before EndOfDxe event. It's a new feature in the BS.LoadImage() path which can disallow executing 3rd party images before EndOfDxe and re-execute them after EndOfDxe. >=20 > Or, is this related to value 3 ("Defer execution when there is security > violation") of: > - PcdOptionRomImageVerificationPolicy, > - PcdRemovableMediaImageVerificationPolicy, > - PcdFixedMediaImageVerificationPolicy? No. >=20 > Is the deferral documented somewhere in the UEFI spec, or do we have a > Mantis ticket / ECR about it? No. >=20 > Can we improve the commit messages please? From them, I have no idea > how the deferral is supposed to work. (I.e., what the agents are, and how > they interact.) Yes. I will embed my first paragraph of reply in the commit message. >=20 > Thanks > Laszlo >=20 > > From: Gao, Liming > > Sent: Friday, November 4, 2016 1:14 PM > > To: Ni, Ruiyu ; edk2-devel@lists.01.org > > Subject: RE: [edk2] [PATCH 0/4] Defer 3rd party images loading to > > after EndOfDxe > > > > Ray: > > Seemly, PlatformBdsLib library instance should call > EfiBootManagerDispatchDeferredImages(), right? Are there patches to > update PlatformBdsLib library instance? > > > > Thanks > > Liming > >> -----Original Message----- > >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf > >> Of Ruiyu Ni > >> Sent: Friday, November 04, 2016 9:00 AM > >> To: edk2-devel@lists.01.org > >> Subject: [edk2] [PATCH 0/4] Defer 3rd party images loading to after > >> EndOfDxe > >> > >> The patches change the default image loading policy by deferring 3rd > >> party images loading to after EndOfDxe and add a new BDS API to > >> dispatch the deferred images. > >> > >> Platform needs to call the new BDS API > >> EfiBootManagerDispatchDeferredImages after EndOfDxe to ensure that > >> any deferred images are loaded. > >> > >> Ruiyu Ni (4): > >> MdeModulePkg/SecurityStubDxe: Defer 3rd party image before > EndOfDxe > >> MdeModulePkg/UefiBootManager: Add > >> EfiBootManagerDispatchDeferredImages > >> MdeModulePkg/BdsDxe: Check deferred images before booting to OS > >> MdeModulePkg/SecurityStubDxe: Report failure if image is load > >> earlier > >> > >> MdeModulePkg/Include/Library/UefiBootManagerLib.h | 13 + > >> MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 113 ++++++ > >> .../Library/UefiBootManagerLib/InternalBm.h | 1 + > >> .../UefiBootManagerLib/UefiBootManagerLib.inf | 1 + > >> MdeModulePkg/Universal/BdsDxe/Bds.h | 4 +- > >> MdeModulePkg/Universal/BdsDxe/BdsDxe.inf | 2 + > >> MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 89 +++++ > >> .../SecurityStubDxe/Defer3rdPartyImageLoad.c | 413 > >> +++++++++++++++++++++ > >> .../SecurityStubDxe/Defer3rdPartyImageLoad.h | 95 +++++ > >> .../Universal/SecurityStubDxe/SecurityStub.c | 14 +- > >> .../Universal/SecurityStubDxe/SecurityStubDxe.inf | 11 +- > >> 11 files changed, 753 insertions(+), 3 deletions(-) create mode > >> 100644 > >> MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c > >> create mode 100644 > >> MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h > >> > >> -- > >> 2.9.0.windows.1 > >> > >> _______________________________________________ > >> edk2-devel mailing list > >> edk2-devel@lists.01.org > >> https://lists.01.org/mailman/listinfo/edk2-devel > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel > >