From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Thomas Abraham <thomas.abraham@arm.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH edk2-platforms v2 3/3] Platform/ARM/SgiPkg: add MM based UEFI secure boot support
Date: Fri, 15 Mar 2019 13:51:45 +0100 [thread overview]
Message-ID: <CAKv+Gu-7kv9Nm3Xouuzxt7D=Aa-mhfwyx75veNWA4N=bmcsByg@mail.gmail.com> (raw)
In-Reply-To: <CAJuA9aiqLaVX1sFrDf5ogjhKEo+C0VYLM5Faiu_8_LWWMA8Obg@mail.gmail.com>
On Fri, 15 Mar 2019 at 13:47, Thomas Abraham <thomas.abraham@arm.com> wrote:
>
> On Fri, Mar 15, 2019 at 6:12 PM Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
> >
> > On Fri, 15 Mar 2019 at 13:30, Thomas Abraham <thomas.abraham@arm.com> wrote:
> > >
> > > On Fri, Mar 15, 2019 at 5:51 PM Ard Biesheuvel
> > > <ard.biesheuvel@linaro.org> wrote:
> > > >
> > > > On Tue, 12 Mar 2019 at 17:06, Jagadeesh Ujja <jagadeesh.ujja@arm.com> wrote:
> > > > >
> > > > > This implements support for UEFI secure boot on SGI platforms using
> > > > > the standalone MM framework. This moves all of the software handling
> > > > > of the UEFI authenticated variable store into the standalone MM
> > > > > context residing in a secure partition.
> > > > >
> > > > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > > > Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
> > > > > ---
> > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 34 +++++++++++++++++++-
> > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++
> > > > > Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 ++++++++++-
> > > > > Platform/ARM/SgiPkg/SgiPlatform.fdf | 7 +++-
> > > > > 4 files changed, 61 insertions(+), 3 deletions(-)
> > > > >
> > > > > diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> > > > > index 49fc919..b6aa90b 100644
> > > > > --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> > > > > +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> > > > > @@ -26,6 +26,7 @@
> > > > > SKUID_IDENTIFIER = DEFAULT
> > > > > FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
> > > > > DEFINE DEBUG_MESSAGE = TRUE
> > > > > + DEFINE SECURE_BOOT_ENABLE = FALSE
> > > > >
> > > >
> > > > Maybe I wasn't clear before, but I don't see the point of building the
> > > > MM component without secure boot enabled. So can we drop this from
> > > > this side?
> > >
> > > Hi Ard,
> > >
> > > On the SGI platforms, the MM component is used for platform RAS error
> > > handling as well and secure boot is not mandatory in such a build. So
> > > the build of MM component is being kept independent of secure boot.
> > >
> >
> > Hi Thomas,
> >
> > When building the MM side of the platform without secure boot, the
> > only MM modules that are included are
> >
> > > > > INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> > > > > INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> >
> > neither of which implement RAS handling. So are you saying this is
> > functionality that runs in MM context, but it has not been upstreamed
> > yet?
>
> Hi Ard,
>
> Yes, this functionality is yet to be upstreamed and there is work
> happening in that direction. So the MM build is being kept independent
> of secure boot feature.
>
OK, fair enough.
I will look in more detail once the NorFlashDxe changes are reviewed and merged.
next prev parent reply other threads:[~2019-03-15 12:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-12 16:06 [PATCH edk2-platforms v2 0/3] Platform/ARM/SgiPkg: Implement StandaloneMm based secure boot Jagadeesh Ujja
2019-03-12 16:06 ` [PATCH edk2-platforms v2 1/3] Platform/ARM/Sgi: define nor2 flash controller memory map Jagadeesh Ujja
2019-03-12 16:06 ` [PATCH edk2-platforms v2 2/3] Platform/ARM/Sgi: allow MM_STANDALONE modules to use NorFlashPlatformLib Jagadeesh Ujja
2019-03-12 16:06 ` [PATCH edk2-platforms v2 3/3] Platform/ARM/SgiPkg: add MM based UEFI secure boot support Jagadeesh Ujja
2019-03-15 12:21 ` Ard Biesheuvel
2019-03-15 12:30 ` Thomas Abraham
2019-03-15 12:34 ` Ard Biesheuvel
2019-03-15 12:47 ` Thomas Abraham
2019-03-15 12:51 ` Ard Biesheuvel [this message]
2019-03-15 8:19 ` [PATCH edk2-platforms v2 0/3] Platform/ARM/SgiPkg: Implement StandaloneMm based secure boot Jagadeesh Ujja
2019-03-15 11:36 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKv+Gu-7kv9Nm3Xouuzxt7D=Aa-mhfwyx75veNWA4N=bmcsByg@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox