From: "Sami Mujawar" <sami.mujawar@arm.com>
To: Sayanta Pattanayak <Sayanta.Pattanayak@arm.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>, nd <nd@arm.com>
Subject: Re: [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
Date: Wed, 26 May 2021 18:20:48 +0000 [thread overview]
Message-ID: <AS8PR08MB68063262C546375B9F2498F084249@AS8PR08MB6806.eurprd08.prod.outlook.com> (raw)
In-Reply-To: <VI1PR08MB4477CE4364A15AE07768920698249@VI1PR08MB4477.eurprd08.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 3446 bytes --]
Hi Sayanta,
Thanks for confirming.
With that.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
From: Sayanta Pattanayak <Sayanta.Pattanayak@arm.com>
Date: Wednesday, 26 May 2021 at 19:15
To: Sami Mujawar <Sami.Mujawar@arm.com>, devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>, nd <nd@arm.com>
Subject: RE: [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
Hi Sami,
Thanks for the review and suggestion. Please find my reply inline.
>
> Hi Sayanta,
>
> Thank you for this patch.
>
> Please find my response inline marked [SAMI].
>
> Regards,
>
> Sami Mujawar
>
> On 24/05/2021 06:23 PM, Sayanta Pattanayak wrote:
> > Enable the use of UEFI secure boot for Arm's Neoverse reference design
> > platforms. The UEFI authenticated variable store uses NOR flash 2
> > which is accessible from Standalone MM context residing in a secure
> partition.
> >
> > Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
> > ---
> > Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 31
> +++++++++++++++++++
> > Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 32
> ++++++++++++++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 15 +++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 15 +++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++
> > Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +++++-
> > 6 files changed, 106 insertions(+), 1 deletion(-)
> >
<...>
> > ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> > +!endif
> > diff --git a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > index 3389ff676a91..6839ec35da8a 100644
> > --- a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > +++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > @@ -59,6 +59,19 @@
> >
> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmH
> obLib.inf
> >
> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Stan
> daloneMmServicesTableLib.inf
> >
> >
> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAll
> ocati
> > onLib/StandaloneMmMemoryAllocationLib.inf
> > +!if $(SECURE_STORAGE_ENABLE) == TRUE
> > +
> > +AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.i
> > +nf
> > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > +
> >
> +NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/Standalon
> > +eMmNorFlashLib.inf
> > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> [SAMI] There is a recent patch series that adds ARMv8.5 FEAT_RNG support
> to BaseRngLib
> see
> https://github.com/tianocore/edk2/commit/9301e5644cef5a5234f71b178373
> dd508cabb9ee.
> Can this be used instead of BaseRngLibTimerLib? BaseRngLibTimerLib is for
> non-production use so it would be good to avoid.
> Indeed, this would require that Sgi platforms are ARMv8.5 or above. If not,
> then can we conditionally use BaseRngLibTimerLib for platforms that do not
> support FEAT_RNG.
> [/SAMI]
Current SGI platforms with secureboot are of pre ARMv8.5. For ARMv8.5 and above SGI platform, will follow the conditional approach.
Regards,
Sayanta
<...>
[-- Attachment #2: Type: text/html, Size: 6847 bytes --]
next prev parent reply other threads:[~2021-05-26 18:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-24 17:22 [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot sayanta.pattanayak
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 1/3] Platform/Sgi: refactor StandaloneMM platform description file Sayanta Pattanayak
2021-05-25 13:57 ` Sami Mujawar
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 2/3] Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib Sayanta Pattanayak
2021-05-25 13:57 ` Sami Mujawar
2021-05-24 17:23 ` [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot Sayanta Pattanayak
2021-05-25 14:00 ` Sami Mujawar
2021-05-26 18:15 ` Sayanta Pattanayak
2021-05-26 18:20 ` Sami Mujawar [this message]
2021-06-01 18:09 ` [edk2-devel] [edk2-platforms][PATCH V1 0/3] " Thomas Abraham
2021-06-02 18:18 ` Sami Mujawar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AS8PR08MB68063262C546375B9F2498F084249@AS8PR08MB6806.eurprd08.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox