From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: hao.a.wu@intel.com) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by groups.io with SMTP; Wed, 19 Jun 2019 01:16:48 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jun 2019 01:16:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,392,1557212400"; d="scan'208";a="161985260" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga007.fm.intel.com with ESMTP; 19 Jun 2019 01:16:47 -0700 Received: from fmsmsx158.amr.corp.intel.com (10.18.116.75) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Jun 2019 01:16:47 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx158.amr.corp.intel.com (10.18.116.75) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 19 Jun 2019 01:16:47 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.83]) with mapi id 14.03.0439.000; Wed, 19 Jun 2019 16:16:45 +0800 From: "Wu, Hao A" To: "Xu, Wei6" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Chao B" Subject: Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib. Thread-Topic: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib. Thread-Index: AQHVG7VRiyPcLXupfkS1utpRRoJ/iaaWLwRggAv8DgCAAIlZwA== Date: Wed, 19 Jun 2019 08:16:44 +0000 Message-ID: References: <20190605154203.11012-1-wei6.xu@intel.com> <20190605154203.11012-8-wei6.xu@intel.com> <59B8EAB3797CDB4091332F0685A110ED50D9746F@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <59B8EAB3797CDB4091332F0685A110ED50D9746F@SHSMSX104.ccr.corp.intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable >=20 > No, that's how it is designed. > PcdCodRelocationDevPath is used by platform to specify a device to store > temp Cod relocation file. > If this PCD is not available, it means that platform doesn't have a requi= rement > to store the file to a specific place. > Then save the file to the device where the capsules are placed. >=20 Got it. I suggest to add comments to explicitly mention this in the codes. >=20 > For Capsule On Disk, no capsule hob means the Cod temp relocations file i= s > corrupted, which also means current boot is insecure. > Then force reset to re-apply normal boot platform secure policy. > I will update the description. Do you have comments for it? > If the behavior change of the 'ProcessCapsules' API is covered during design review process, then updating the comments is good to me. Best Regards, Hao Wu >=20 > BR, > Wei Xu