From: "Laszlo Ersek" <lersek@redhat.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy
Date: Fri, 31 Jan 2020 11:01:41 +0100 [thread overview]
Message-ID: <7e45e0d5-31dd-8d7e-338f-545d17572aa2@redhat.com> (raw)
In-Reply-To: <e6800678-40ad-5944-054b-cbcafeb10bbf@redhat.com>
On 01/31/20 10:28, Laszlo Ersek wrote:
> Hi Mike,
>
> On 01/31/20 09:12, Laszlo Ersek wrote:
>
>> So let me push this series as-is for TianoCore#2129, with your R-b
>> applied.
>
> My pull request (with the "push" label set) seems to have stalled. The
> checks have passed (twice -- I closed and reopened the PR once, to
> re-trigger mergify), but the branch is not being merged.
>
> https://github.com/tianocore/edk2/pull/324
BTW, here are the changes between the posted & reviewed series, and the
pull request:
- I had to replace an EFI_D_INFO macro with DEBUG_INFO, due to
checkpatch complaints. (The macro is not introduced anew, it is
touched only by un-indenting.)
- Normal administrativa (picked up R-b tags and Message-Id's, and noted
Mike substituting for the SecurityPkg reviewers during the CNY
holidays)
See the git-range-diff output after my sig.
Thanks,
Laszlo
1: 71155b00b2b7 ! 1: 4c8cd26ce423 SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
@@ -19,6 +19,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-2-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
2: 9ad18d2e3adb ! 2: f04114b6d6b2 SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
@@ -45,6 +45,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-3-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
3: e211153f9a32 ! 3: da0e0dfc67c4 SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal
@@ -35,6 +35,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-4-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
4: 3ad36b80defa ! 4: d930abc95422 SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
@@ -26,6 +26,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-5-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
5: 379ac43e909b ! 5: 91b24a413440 SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure
@@ -21,6 +21,11 @@
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-6-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
6: c53a99ceb9f2 ! 6: 937d1c73965e SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting
@@ -13,6 +13,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-7-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
7: c259648bbb30 ! 7: be0040ffa6cf SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call
@@ -20,6 +20,12 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-8-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: replace EFI_D_INFO w/ DEBUG_INFO for PatchCheck.py]
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -101,7 +107,7 @@
+ NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
+ AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
+ if (NameStr != NULL) {
-+ DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
++ DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
+ FreePool(NameStr);
}
+ Status = EFI_SECURITY_VIOLATION;
8: ca43b52bbd96 ! 8: feffd6bfd886 SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable
@@ -17,6 +17,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-9-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -38,7 +43,7 @@
@@
- DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
+ DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
FreePool(NameStr);
}
- Status = EFI_SECURITY_VIOLATION;
9: 22edc076c210 ! 9: 116742d3de8f SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
@@ -21,6 +21,11 @@
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-10-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
10: e0b5e3b25eff ! 10: b73c1a576b78 SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail
@@ -28,6 +28,11 @@
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-11-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
11: 60363427926f ! 11: 1493b3ebadca SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies
@@ -37,6 +37,11 @@
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 5db28a6753d307cdfb1cfdeb2f63739a9f959837
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+ Message-Id: <20200116190705.18816-12-lersek@redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+ [lersek@redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810@intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
next prev parent reply other threads:[~2020-01-31 10:01 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 19:06 [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy Laszlo Ersek
2020-01-16 19:06 ` [PATCH 01/11] SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus" Laszlo Ersek
2020-01-16 19:06 ` [PATCH 02/11] SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break Laszlo Ersek
2020-01-16 19:06 ` [PATCH 03/11] SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal Laszlo Ersek
2020-01-16 19:06 ` [PATCH 04/11] SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status Laszlo Ersek
2020-01-16 19:06 ` [PATCH 05/11] SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure Laszlo Ersek
2020-01-16 19:07 ` [PATCH 06/11] SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting Laszlo Ersek
2020-01-16 19:07 ` [PATCH 07/11] SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call Laszlo Ersek
2020-01-16 19:07 ` [PATCH 08/11] SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable Laszlo Ersek
2020-01-16 19:07 ` [PATCH 09/11] SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL) Laszlo Ersek
2020-01-16 19:07 ` [PATCH 10/11] SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail Laszlo Ersek
2020-01-16 19:07 ` [PATCH 11/11] SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies Laszlo Ersek
2020-01-31 2:59 ` [edk2-devel] [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy Michael D Kinney
2020-01-31 8:12 ` Laszlo Ersek
2020-01-31 9:28 ` Laszlo Ersek
2020-01-31 10:01 ` Laszlo Ersek [this message]
2020-01-31 10:07 ` Laszlo Ersek
2020-01-31 16:52 ` Michael D Kinney
2020-01-31 16:59 ` Laszlo Ersek
2020-01-31 17:28 ` Michael D Kinney
2020-01-31 20:19 ` Laszlo Ersek
2020-02-05 13:02 ` setting the push label at once, when opening a PR [was: SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy] Laszlo Ersek
2020-02-05 16:16 ` Michael D Kinney
2020-02-05 20:01 ` Laszlo Ersek
2020-01-31 16:31 ` [edk2-devel] [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy Michael D Kinney
2020-01-31 17:00 ` Laszlo Ersek
2020-01-31 17:12 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7e45e0d5-31dd-8d7e-338f-545d17572aa2@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox