From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::d44; helo=mail-io1-xd44.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 38D9E211D9174 for ; Fri, 15 Mar 2019 05:51:57 -0700 (PDT) Received: by mail-io1-xd44.google.com with SMTP id f6so8118270iop.3 for ; Fri, 15 Mar 2019 05:51:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=96KHiDduS9423PGEh7oHtkGWASwqyuqnAINygirTRB0=; b=SHIhikUskXsjLUhSMVn5bIKEr30rf4YxfbbBfrRV3dGJarGmug9LgL/tkPBO97f4uo vG4ncCtQcd47Ne2vk9ygXghLW3sT8XlRm2zJu0Rfexo8KpJmpF3g6n77j8daeSaBetl0 tIlkMSSEM873NPkij4RXukbe++nI+uAVUp+YRqGMnQKI3+eqEOX15HCrICtbms2JDARj jbh6re4IkRI2bG7Aulhwe5xeJ7jYvHUQrRplGqCCFquA+7A5bw8fY7nfw7Ylt78Wm8S4 2dZZD9KIPUZNlG0ndEMqf028awRYxT8vgh8vyPPzbWn9J/WGjOJmIsc38y4sLQVUpDck c09w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=96KHiDduS9423PGEh7oHtkGWASwqyuqnAINygirTRB0=; b=d0JKRvsyUC0bs2txr/c0WsvyJm5W3ShzHd1or2d6dd95loPN5BKQnsjSwGLC/94yN1 yr/OSSbtb0iuR6CSaj8LmM9//R7v4t4u54m3NiMouKlp27N9Gu4r3Zlw221DfWQH9BTe xxq6TowUSGIECf+YIWN5bsM+eewGoPRkuDVslBhyNDd/chqfVchtXSLL1uXRZlndL6/R 69+goxHXtFTc0pF5r3Qhtgh2vEC7dlZNr7vnXBmOINne02a6dH9NYj80Fy7Ci/9dpqqX u+RqgD3Hy29t70/XpDuTmjCBFsyQIushQR8yHw5Xb8M/ydCvfo4MrVHpdpjjnwSS2cbs rupQ== X-Gm-Message-State: APjAAAWEVThCIo/VzKIK/gCtWYRf5frfaeRreGBsM4ly1ymKKMSfDgxa 6vpEXiwRNgpXWI/e3K3DXC41ERtm/HV0E8zSt3wP/U2g X-Google-Smtp-Source: APXvYqwJo3YgZ2AKcAeoZZW//wDucUk8b+8e7Z+PbUaGrqWWYTyaXgHzJ2R4M8aa7fwq8iCFE9DhpwdFt65BuPJDzSU= X-Received: by 2002:a5e:9b17:: with SMTP id j23mr2215426iok.60.1552654316310; Fri, 15 Mar 2019 05:51:56 -0700 (PDT) MIME-Version: 1.0 References: <1552406795-16588-1-git-send-email-jagadeesh.ujja@arm.com> <1552406795-16588-4-git-send-email-jagadeesh.ujja@arm.com> In-Reply-To: From: Ard Biesheuvel Date: Fri, 15 Mar 2019 13:51:45 +0100 Message-ID: To: Thomas Abraham Cc: "edk2-devel@lists.01.org" Subject: Re: [PATCH edk2-platforms v2 3/3] Platform/ARM/SgiPkg: add MM based UEFI secure boot support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Mar 2019 12:51:57 -0000 Content-Type: text/plain; charset="UTF-8" On Fri, 15 Mar 2019 at 13:47, Thomas Abraham wrote: > > On Fri, Mar 15, 2019 at 6:12 PM Ard Biesheuvel > wrote: > > > > On Fri, 15 Mar 2019 at 13:30, Thomas Abraham wrote: > > > > > > On Fri, Mar 15, 2019 at 5:51 PM Ard Biesheuvel > > > wrote: > > > > > > > > On Tue, 12 Mar 2019 at 17:06, Jagadeesh Ujja wrote: > > > > > > > > > > This implements support for UEFI secure boot on SGI platforms using > > > > > the standalone MM framework. This moves all of the software handling > > > > > of the UEFI authenticated variable store into the standalone MM > > > > > context residing in a secure partition. > > > > > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > Signed-off-by: Jagadeesh Ujja > > > > > --- > > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 34 +++++++++++++++++++- > > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++ > > > > > Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 ++++++++++- > > > > > Platform/ARM/SgiPkg/SgiPlatform.fdf | 7 +++- > > > > > 4 files changed, 61 insertions(+), 3 deletions(-) > > > > > > > > > > diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > index 49fc919..b6aa90b 100644 > > > > > --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > @@ -26,6 +26,7 @@ > > > > > SKUID_IDENTIFIER = DEFAULT > > > > > FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf > > > > > DEFINE DEBUG_MESSAGE = TRUE > > > > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > > > > > > > > > > > > Maybe I wasn't clear before, but I don't see the point of building the > > > > MM component without secure boot enabled. So can we drop this from > > > > this side? > > > > > > Hi Ard, > > > > > > On the SGI platforms, the MM component is used for platform RAS error > > > handling as well and secure boot is not mandatory in such a build. So > > > the build of MM component is being kept independent of secure boot. > > > > > > > Hi Thomas, > > > > When building the MM side of the platform without secure boot, the > > only MM modules that are included are > > > > > > > INF StandaloneMmPkg/Core/StandaloneMmCore.inf > > > > > INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf > > > > neither of which implement RAS handling. So are you saying this is > > functionality that runs in MM context, but it has not been upstreamed > > yet? > > Hi Ard, > > Yes, this functionality is yet to be upstreamed and there is work > happening in that direction. So the MM build is being kept independent > of secure boot feature. > OK, fair enough. I will look in more detail once the NorFlashDxe changes are reviewed and merged.