From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bcr@google.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:400e:c05::233; helo=mail-pg0-x233.google.com;
 envelope-from=bcr@google.com; receiver=edk2-devel@lists.01.org 
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com
 [IPv6:2607:f8b0:400e:c05::233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id E67A821F0DA51
 for <edk2-devel@lists.01.org>; Mon,  5 Feb 2018 13:46:10 -0800 (PST)
Received: by mail-pg0-x233.google.com with SMTP id x25so7145169pge.3
 for <edk2-devel@lists.01.org>; Mon, 05 Feb 2018 13:51:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=mJSCDNSNDCw1swiHnQwAyv16fCwW/nCa+mKjrhOdTFs=;
 b=XykInhFUa8ebD5WWNqMcZSVgUifE02UcK2UKwD8EfZahitRw8JwqYmyEXAW0dpjO7L
 fHXld+HgcNgRoIZGPovbZfg+3bltH27ET9vpphpvCHIEueWMhWcbAtYPSFSRhcbJpWkl
 748ZrrCljO3DH6DG2l9XYI1hr5Poq6QyShYFT5BjoHWH/Z2/ADMA1dMDSc/YXaLMw8F1
 dil1Tf8rolmRe6rFNnd6fc8/jDEKF8/xXGfW5Z//0eN4im7/7Q8qXu/iXqbm3Qy5KdGs
 2XmGF5MqArkgmexLYmhTIM2aiK0NnoPNSuy904AVYsWe1PuxMIm2Zi+FrLH23QwLgkAm
 sg1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=mJSCDNSNDCw1swiHnQwAyv16fCwW/nCa+mKjrhOdTFs=;
 b=WUDN/3XjDFpTIgqCXdyw1NLpjFiMTBx+8hCe2H8wggAT81sktmD9gM9Qht9MWb8xIM
 a75r5eNQR7uh0xQ9Q59a3OQCKpSGBy7hibpzjvTvrosLeiUESKvW6Wn/BkBmNAp29mEA
 1oSdUNQES7SAjSHi/rBXX3n1CxIgq/VV/28vswAZiBky7npvmkXN0hCy8htOAV6QDt8h
 gjcyXfvnT0sKxVfCs+nPM7TS3oHTK/gQ+jahioTFb9MIcxbxA/IY0pfCDXIIhHgI2QsL
 8WCypDIczMEuRU73uKjUunpAViZGdH/jRk9ZTq64BYEw5h+oEOyYiieGvdTbl1GxtZYh
 UnIQ==
X-Gm-Message-State: APf1xPCXpGmjJ7auvbsD2Yev68j9lTWv5pzEObVbBVyevjPe3BKStj3D
 dG7BX/89XpzIpI9T37IH1utbV9g5dax7LHRNJWT6MJhum9k=
X-Google-Smtp-Source: AH8x225JmL2XMKV+nGNzIFii5ZFB3cxowlh6T3MTwg9Q9LKOTDVX3yvoPJ5jN1Ms1/T+vWX7587CqiwYgO+T55+6MRs=
X-Received: by 10.99.1.130 with SMTP id 124mr181156pgb.208.1517867512158; Mon,
 05 Feb 2018 13:51:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.236.186.143 with HTTP; Mon, 5 Feb 2018 13:51:51 -0800 (PST)
From: Bryan Rosario <bcr@google.com>
Date: Mon, 5 Feb 2018 13:51:51 -0800
Message-ID: <CAAz1XL+TyRLK-T0wGzpMre6Z8tosE9ztPo=n8J6LX5sxk21mqQ@mail.gmail.com>
To: edk2-devel@lists.01.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
Subject: Why does EDK2 disable time checks on certificates?
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2018 21:46:11 -0000
Content-Type: text/plain; charset="UTF-8"

See here ("Currently certificate time expiration checking is ignored."):
https://github.com/tianocore/tianocore.github.io/wiki/How-to-Enable-Security
.

Is this behavior part of the UEFI specification or is it EDK2-only? And
what's the reasoning for it?

Thanks,
Bryan