From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::d41; helo=mail-io1-xd41.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7519B211BA445 for ; Mon, 21 Jan 2019 09:40:43 -0800 (PST) Received: by mail-io1-xd41.google.com with SMTP id b16so17062332ior.1 for ; Mon, 21 Jan 2019 09:40:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Pklx0+YsBJvh6iQ2+hugxE/TKuG8wQJMzY0T2li10PE=; b=VTUlr3eiBO4Jp5lQVLgUBsxVHvVorXY9SxrtCwyK2v0jJT+mCi9CeE1zNmSwkiBx4O /HnlEwKKLlC0ema/SzXzXL9WrWLy9AZeqUYDfJHjLlSWDpf4hgmpp+7JDtg+mocv17VX z9XK4xRy6nrjECfxPIRQ3lU75y1Nb4pULrt+Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Pklx0+YsBJvh6iQ2+hugxE/TKuG8wQJMzY0T2li10PE=; b=oelNtkb343PMU0tkxZwOfCsXK38CmIWB7f0DOHibc7aY3pETAjLI9T0r37+tCAYrhA 23dUFG2JURoX68wloxx+px9DgJtqY0z5cZgyRY5pnJJvUoxs5IbTBdjE6chEH8ghDqcC VUkIze/mQ3WxPgGHDoj71VdeoegNzhe/Fgh/pICN2pYtGbteqEeql2cVB06pllZVzaTI F8xai1HRd7lUySdvE7xRwJkpD4DmZaKwUluVp0XPvizZYqyqyl/HGGJLSqD9r6hhE2jT N4KjW8/DqsU9I05voYl6dWbHcwTE05ThZzTW17DyEOComaD8vhYHD8dPzArXe1Ut6+Qj YGTw== X-Gm-Message-State: AJcUukeK4JHtCEGcF0RtsKJcC2V1ZuAXv0hFImKB8f1Xpfuw+7qQ368S 8qGdj+fSTcIHCbrBhYkyz4OlNTAbzsE2G8edHKWKhWFv+Gs= X-Google-Smtp-Source: ALg8bN5tZ/zfmDZFuSRpwrC70+1XuhwyVPyn8Q3r5sKRe/6zf0qQaKhM64DUHppSo6blc9dRMfNxe4SQ/a9e1SKwc4w= X-Received: by 2002:a5d:8410:: with SMTP id i16mr17214254ion.173.1548092442430; Mon, 21 Jan 2019 09:40:42 -0800 (PST) MIME-Version: 1.0 References: <20190104144336.8941-1-ard.biesheuvel@linaro.org> <20190117111422.yuwqcz6ogoah462k@bivouac.eciton.net> In-Reply-To: <20190117111422.yuwqcz6ogoah462k@bivouac.eciton.net> From: Ard Biesheuvel Date: Mon, 21 Jan 2019 18:40:31 +0100 Message-ID: To: Leif Lindholm Cc: "edk2-devel@lists.01.org" , Masahisa Kojima Subject: Re: [PATCH edk2-platforms 0/7] Silicon/SynQuacer: implement SMM based secure boot X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2019 17:40:43 -0000 Content-Type: text/plain; charset="UTF-8" On Thu, 17 Jan 2019 at 12:14, Leif Lindholm wrote: > > On Fri, Jan 04, 2019 at 03:43:29PM +0100, Ard Biesheuvel wrote: > > Wire up the various pieces so that the authenticated variable store > > runs entirely in standalone MM context residing in a secure partition. > > > > This primarily involves refactoring the platform's NOR flash driver so > > we can build a version that can work in the standalone MM context. > > Beyond that, it is just a matter of enabling all the boilerplate in > > the .DSC and .FDF files. > > > > Note that the resulting standalone MM firmware volume needs to be > > wrapped in a FIP, which is not part of the build sequence. > > > > Cc: Leif Lindholm > > Cc: Masahisa Kojima > > > > Ard Biesheuvel (7): > > Silicon/SynQuacer/Fip006Dxe: drop block I/O and disk I/O routines > > Silicon/SynQuacer/Fip006Dxe: factor out DXE specific pieces > > Silicon/SynQuacer/Fip006Dxe: implement standalone MM variant > > Silicon/SynQuacer/Fip006Dxe: use proper accessor for unaligned access > > Platform/DeveloperBox: create shared .DSC include file > > Platform/DeveloperBox: add .DSC/.FDF description of MM components > > Platform/DeveloperBox: add MM based UEFI secure boot support > > For the patches I haven't commented on individually: > Reviewed-by: Leif Lindholm > Thanks Series pushed as 9b725b6ebb39..d571b43f8741 > > .../Socionext/DeveloperBox/DeveloperBox.dsc | 304 +--- > > .../DeveloperBox/DeveloperBox.dsc.inc | 315 ++++ > > .../Socionext/DeveloperBox/DeveloperBox.fdf | 13 + > > .../Socionext/DeveloperBox/DeveloperBoxMm.dsc | 103 ++ > > .../Socionext/DeveloperBox/DeveloperBoxMm.fdf | 161 ++ > > .../SynQuacer/Drivers/Fip006Dxe/Fip006Dxe.inf | 9 +- > > .../Drivers/Fip006Dxe/Fip006StandaloneMm.inf | 71 + > > .../SynQuacer/Drivers/Fip006Dxe/NorFlash.c | 1006 +++++++++++++ > > .../Fip006Dxe/{NorFlashDxe.h => NorFlash.h} | 93 +- > > .../Drivers/Fip006Dxe/NorFlashBlockIoDxe.c | 138 -- > > .../SynQuacer/Drivers/Fip006Dxe/NorFlashDxe.c | 1341 ++--------------- > > .../{NorFlashFvbDxe.c => NorFlashFvb.c} | 197 +-- > > .../SynQuacer/Drivers/Fip006Dxe/NorFlashSmm.c | 182 +++ > > 13 files changed, 2076 insertions(+), 1857 deletions(-) > > create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc > > create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc > > create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf > > create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/Fip006StandaloneMm.inf > > create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlash.c > > rename Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/{NorFlashDxe.h => NorFlash.h} (85%) > > delete mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlashBlockIoDxe.c > > rename Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/{NorFlashFvbDxe.c => NorFlashFvb.c} (76%) > > create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlashSmm.c > > > > -- > > 2.17.1 > >