From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: "Tian, Feng" <feng.tian@intel.com>,
"Gao, Liming" <liming.gao@intel.com>,
"Zeng, Star" <star.zeng@intel.com>,
"Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH V4 1/8] QuarkPlatformPkg/dec: Add test key file guid.
Date: Thu, 27 Oct 2016 01:27:35 +0000 [thread overview]
Message-ID: <E92EE9817A31E24EB0585FDF735412F56483BD0E@ORSMSX113.amr.corp.intel.com> (raw)
In-Reply-To: <1477189908-8336-2-git-send-email-jiewen.yao@intel.com>
Jiewen,
Why are these 2 PCDs added to a platform specific DEC file?
The same feedback applies to the Vlv2 platform.
Since we want platform agnostic detection for the use of
test keys, these PCDs should be added to SignedCapsulePkg.
I think the best place to do the check for use of test keys
and set the gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed PCD
is in a module in SignedCapsulePkg that is required to be present
and run every boot before BDS runs when recovery or capsule
support is enabled.
In a previous feedback email I suggested that this test key
check be moved to BdsEntry.c, but that will not work because that
module does not have access to PCDs defined in SignedCapsulePkg.
Best regards,
Mike
> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jiewen Yao
> Sent: Saturday, October 22, 2016 7:32 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Gao, Liming <liming.gao@intel.com>; Zeng, Star
> <star.zeng@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>
> Subject: [edk2] [PATCH V4 1/8] QuarkPlatformPkg/dec: Add test key file guid.
>
> We will add PKCS7 and RSA2048SHA256 test key file to FDF,
> to check if the platform is using default test key,
> or different production key.
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> QuarkPlatformPkg/QuarkPlatformPkg.dec | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/QuarkPlatformPkg/QuarkPlatformPkg.dec
> b/QuarkPlatformPkg/QuarkPlatformPkg.dec
> index f4ab18c..fbd7987 100644
> --- a/QuarkPlatformPkg/QuarkPlatformPkg.dec
> +++ b/QuarkPlatformPkg/QuarkPlatformPkg.dec
> @@ -895,6 +895,9 @@
> gQuarkPlatformTokenSpaceGuid.PcdFlashFvRecoveryBase|0xFFEC0400|UINT32|0xA00002AB
> gQuarkPlatformTokenSpaceGuid.PcdFlashFvRecoverySize|0x0003F000|UINT32|0xA00002AC
>
> + gQuarkPlatformTokenSpaceGuid.PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid|{0x04, 0xe1,
> 0xfe, 0xc4, 0x57, 0x66, 0x36, 0x49, 0xa6, 0x11, 0x13, 0x8d, 0xbc, 0x2a, 0x76,
> 0xad}|VOID*|0xA0010001
> + gQuarkPlatformTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid|{0xba, 0xf5, 0x93,
> 0xf0, 0x37, 0x6f, 0x16, 0x48, 0x9e, 0x52, 0x91, 0xbe, 0xa0, 0xf7, 0xe0,
> 0xb8}|VOID*|0xA0010002
> +
> [PcdsDynamic, PcdsDynamicEx]
> ## Provides the ability to enable the Fast Boot feature of the BIOS. This
> # enables the system to boot faster but may only enumerate the hardware
> --
> 2.7.4.windows.1
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
next prev parent reply other threads:[~2016-10-27 1:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-23 2:31 [PATCH V4 0/8] Add capsule support for Quark Jiewen Yao
2016-10-23 2:31 ` [PATCH V4 1/8] QuarkPlatformPkg/dec: Add test key file guid Jiewen Yao
2016-10-27 1:27 ` Kinney, Michael D [this message]
2016-10-27 1:31 ` Yao, Jiewen
2016-10-23 2:31 ` [PATCH V4 2/8] QuarkPlatformPkg/PlatformFlashAccessLib: Add instance for capsule update Jiewen Yao
2016-10-23 2:31 ` [PATCH V4 3/8] QuarkPlatformPkg/SystemFirmwareDescriptor: Add Descriptor " Jiewen Yao
2016-10-27 0:30 ` Kinney, Michael D
2016-10-23 2:31 ` [PATCH V4 4/8] QuarkPlatformPkg/SystemFirmwareUpdateConfig: Add capsule config file Jiewen Yao
2016-10-23 2:31 ` [PATCH V4 5/8] QuarkPlatformPkg/PlatformInit: Remove recovery PPI installation Jiewen Yao
2016-10-23 2:31 ` [PATCH V4 6/8] QuarkPlatformPkg/PlatformBootManager: Add capsule/recovery handling Jiewen Yao
2016-10-26 23:36 ` Kinney, Michael D
2016-10-27 1:48 ` Yao, Jiewen
2016-10-27 2:14 ` Kinney, Michael D
2016-10-23 2:31 ` [PATCH V4 7/8] QuarkPlatformPkg/dsc/fdf: Add capsule/recovery support Jiewen Yao
2016-10-27 0:40 ` Kinney, Michael D
2016-10-27 1:08 ` Yao, Jiewen
2016-10-23 2:31 ` [PATCH V4 8/8] QuarkPlatformPkg/Readme: add capsule/recovery related content Jiewen Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E92EE9817A31E24EB0585FDF735412F56483BD0E@ORSMSX113.amr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox