From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61])
 by mx.groups.io with SMTP id smtpd.web11.4788.1589287070770881662
 for <devel@edk2.groups.io>;
 Tue, 12 May 2020 05:37:50 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=g52kMUzd;
 spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1589287070;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=F03yKY20MpynL6mQB5zgjh6mIVp0jRaNeTvJAuqmCCw=;
	b=g52kMUzddIig1vnmHMAkvFGfM3uXfJb36wJ9PQnfdZa9I951lhdsds4EgKRaHKJTWPhy61
	JDiTMT3SqtptHPnI+xJnsldZvCqt3mRDg6sHWZ+Nm16/JOkVsGjDIbAzzg2a/oWLeOH9Ft
	sOdEcLgg59BVjuK7NesIzxgZv6i9/V0=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-434-8Rnue4HdNmaO7JEI4RLSOg-1; Tue, 12 May 2020 08:37:46 -0400
X-MC-Unique: 8Rnue4HdNmaO7JEI4RLSOg-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DD8911054F8B;
	Tue, 12 May 2020 12:37:43 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-120.ams2.redhat.com [10.36.114.120])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 774021D4;
	Tue, 12 May 2020 12:37:40 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v2 00/12] Add the VariablePolicy feature
From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, michael.kubacki@outlook.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Chao Zhang <chao.b.zhang@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Liming Gao <liming.gao@intel.com>, Jordan Justen
 <jordan.l.justen@intel.com>, Ard Biesheuvel <ard.biesheuvel@arm.com>,
 Andrew Fish <afish@apple.com>, Ray Ni <ray.ni@intel.com>,
 Anthony Perard <anthony.perard@citrix.com>, Julien Grall <julien@xen.org>,
 Maurice Ma <maurice.ma@intel.com>, Guo Dong <guo.dong@intel.com>,
 Benjamin You <benjamin.you@intel.com>
References: <MWHPR07MB3440F5CB92F0D7DCF94AA14FE9BE0@MWHPR07MB3440.namprd07.prod.outlook.com>
 <11a89bca-ea96-9ba0-2177-e995b98e6943@redhat.com>
 <6d21e1a2-f0e7-35a0-7c2e-7798d21f86e9@redhat.com>
Message-ID: <8b7785a4-2b11-f5f8-ed23-65b672e4f9c4@redhat.com>
Date: Tue, 12 May 2020 14:37:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <6d21e1a2-f0e7-35a0-7c2e-7798d21f86e9@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

On 05/12/20 14:15, Laszlo Ersek wrote:
> On 05/12/20 13:52, Laszlo Ersek wrote:
>> On 05/12/20 08:46, Michael Kubacki wrote:
>>> From: Michael Kubacki <michael.kubacki@microsoft.com>
>>>
>>> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2522
>>>
>>> The 12 patches in this series add the VariablePolicy feature to the
>>> core, deprecate Edk2VarLock (while adding a compatibility layer to
>>> reduce code churn), and integrate the VariablePolicy libraries and
>>> protocols into Variable Services.
>>>
>>> Since the integration requires multiple changes, including adding
>>> libraries, a protocol, an SMI communication handler, and
>>> VariableServices integration, the patches are broken up by
>>> individual library additions and then a final integration.
>>> Security-sensitive changes like bypassing Authenticated Variable
>>> enforcement are also broken out into individual patches so that
>>> attention can be called directly to them.

(4) Can you please run SetupGit.py in your edk2 clone, for the future?

It will mark the DEC, DSC, etc "ini-style" files with the "diff=ini"
attribute. Furthermore, it will set the "xfuncname" knob for the
"diff=ini"-marked files.

As a result, when you format a patch that modifies e.g. a DSC file, the
"@@" hunk headers will display the section being modified. For example:

> @@ -492,6 +496,9 @@ [PcdsFixedAtBuild]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
>  !endif
>
> +  # Optional: Omit if VariablePolicy should be always-on.
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|TRUE
> +
>    gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
>
>    gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07

Note that the "@@" hunk header now states "[PcdsFixedAtBuild]". It tells
me as a reviewer about the access method of the PCD that was chosen for
OvmfPkg.

Such hunk headers improve reviewer throughput quite a bit.

Thanks,
Laszlo