From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CE21F1A1E34 for ; Sun, 9 Oct 2016 20:43:39 -0700 (PDT) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP; 09 Oct 2016 20:43:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,470,1473145200"; d="scan'208,217";a="770734751" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by FMSMGA003.fm.intel.com with ESMTP; 09 Oct 2016 20:43:39 -0700 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 9 Oct 2016 20:43:39 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 9 Oct 2016 20:43:38 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.15]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.101]) with mapi id 14.03.0248.002; Mon, 10 Oct 2016 11:43:38 +0800 From: "Yao, Jiewen" To: "Kinney, Michael D" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" Thread-Topic: [edk2] [PATCH 0/4] Show test key info on front page Thread-Index: AQHSIiR+G07CexNBvUeDww5MU+HZC6Cf2cqAgAExM2A= Date: Mon, 10 Oct 2016 03:43:37 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386A07ED@shsmsx102.ccr.corp.intel.com> References: <1476014313-11992-1-git-send-email-jiewen.yao@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [PATCH 0/4] Show test key info on front page X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 03:43:40 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Mike That is a good idea, which we did consider that before. However, the problem is: Only Platform know which key is recovery key and w= hich key is capsule update key. The SecurityPkg only knows it is RSA2048SHA256 key or PKCS7 cert, it does n= ot know what is the purpose. It is also legal that a platform is choose another instance besides PKCS7 o= r RSA2048SHA256, such as SM2, which is a Chinese algo, for recovery or caps= ule update. What we want to show in the UI is the "purpose" of key, not the "algorithm"= of the key. PlatformPkg knows the former, while SecurityPkg knows the latter. Please let me know your thought. Thank you Yao Jiewen From: Kinney, Michael D Sent: Monday, October 10, 2016 1:25 AM To: Yao, Jiewen ; edk2-devel@lists.01.org; Kinney, Mi= chael D Subject: RE: [edk2] [PATCH 0/4] Show test key info on front page Jiewen, It does not make sense to put the check for use of test keys into a platfor= m specific library that requires every platform to implement that logic. The real cons= umers of these keys are the section extraction libs in the SecurityPkg. Can we move these= checks into those libraries? Mike > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ji= ewen Yao > Sent: Sunday, October 9, 2016 4:58 AM > To: edk2-devel@lists.01.org > Subject: [edk2] [PATCH 0/4] Show test key info on front page > > This series patch supports to show the test key information > on the front page. > PcdTestKeyUsed is added to MdeModulePkg. > > This PCD can be set by platform to indicate if there is any > test key used in current BIOS, such as recovery key, > or capsule update key. > Then the generic UI may consume this PCD to show warning information. > > Jiewen Yao (4): > MdeModulePkg/dec: Add PcdTestKeyUsed PCD. > MdeModulePkg/UiApp: Show test key warning info in FrontPage. > QuarkPlatformPkg/Bds: Produce PcdTestKeyUsed. > Vlv2TbleDevicePkg/Bds: Produce PcdTestKeyUsed. > > MdeModulePkg/Application/UiApp/FrontPageCustomizedUi.c = | 34 > ++++++++++++++++++++ > MdeModulePkg/Application/UiApp/FrontPageStrings.uni = | 8 > ++++- > MdeModulePkg/Application/UiApp/UiApp.inf = | 3 +- > MdeModulePkg/MdeModulePkg.dec = | 11 > +++++++ > QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c = | 11 > +++++++ > QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.h = | 5 +++ > QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf | 1 + > Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c = | 11 > +++++++ > Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.h = | 5 +++ > Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf = | 2 ++ > 10 files changed, 89 insertions(+), 2 deletions(-) > > -- > 2.7.4.windows.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel