From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (NAM04-SN1-obe.outbound.protection.outlook.com [40.92.11.16]) by mx.groups.io with SMTP id smtpd.web10.10551.1589304043608091295 for ; Tue, 12 May 2020 10:20:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=AR8idQO7; spf=pass (domain: outlook.com, ip: 40.92.11.16, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gAaCYkUV61LoWkeOvI7x0iUJYv989UzIOSP2CxZrps8iGW1XYPW7u8dFo3W/ldTDTbF2fhw/FyeYYQAK0mL2zClRWPr5ZmrhBp6dlHa3O1AgeT5Iu7MwHiG2+NESM4r7FGgRTQlCMUadszA5VVTKFww0rzhzypI8B41fXrodx9X4dMJhuZyVrUlDMEUOutlDhJrtGlUqoKrZDJrd0ZA/8RdNF/LGotxh+8eQ6PkGK2QyCPFSq5fYOMf6gSUKaHnsJRLDoeo0qTOO40MsCpW0JPnQMgJCIZtDJxrtmmnBhIMhvKd9G5ipYSaY3skCOlhWao8QZ+79UzgHROsDnno0Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xn4JJ3Du57T4OeiA/TZ5x/kANiSTqPznj9UhwwvI0W4=; b=OsSW2O8oXU5iYL3Y7UHiqqlHS1ZxyXC0yujtKym01B11NLHm2niz9rOq4KsZsMPvr3Vd2kG8ep8cjuce7ceTn7T2nHaUYkTy9fNO1PIGKflr3QoX5ejc3pol/BAfogKuAx2GUxUWW8JtevpQQNKGJco5idD/3zwMKK3AFfIpsrHhhN9WpFipZYeCgFa+lALDyPmQQwEPwoS/Qfq45GaMHnIeBQ8tvz6+WbT1LTXhsS9xm7wkEa6M8Dzf2U4VaGx0nxapDGO66ASlFchCMYxtIFw50E5JUT2z7iVFMRGxiSzMDyB60urFWSJq50jg4FvKxFq5BPdZjr37/yaBLZv11g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xn4JJ3Du57T4OeiA/TZ5x/kANiSTqPznj9UhwwvI0W4=; b=AR8idQO7XHcn56Sx/Xi04iBoJrwYcjJ3JZWyJ4V7eZO/HJaPLOglU5DY3k7Pv+VziujXIikpGwuQa8akiyK9vFfkJ+CQd5q/vEfP0l1j5VumnvUtacA4K/KBkjyxYigGwJlwH5uKMExLDqDt3wckCMy9SqVYThVp3+izEchj3vykmP8Hsqw6NTFUOsltvV70BZL3YOHN3j++RqC4RbZsuzUzAM1igrjoWd3RZ7fGZXjcUmi2v2dyw2vVSJeX0428BAc0A95hAu9NsSvSR/2TmKoTV1OoGVWj0uPfZqelHGA90CCsThBt4WhAGQZIFcHChosRcFdvesqcy3uQQCYnfw== Received: from SN1NAM04FT011.eop-NAM04.prod.protection.outlook.com (10.152.88.57) by SN1NAM04HT072.eop-NAM04.prod.protection.outlook.com (10.152.88.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27; Tue, 12 May 2020 17:20:42 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e4c::40) by SN1NAM04FT011.mail.protection.outlook.com (2a01:111:e400:7e4c::104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 17:20:42 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:3004830E3E940ACA61913347CAD3EE175221CC63A2EA791F5BF0514976838ED4;UpperCasedChecksum:14285A211C2A2212125EB13743502106964B70D0E56969C5665DCB1610ABC6A0;SizeAsReceived:9650;Count:50 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.2979.033; Tue, 12 May 2020 17:20:42 +0000 Subject: Re: [edk2-devel] [PATCH v2 00/12] Add the VariablePolicy feature To: Laszlo Ersek , devel@edk2.groups.io Cc: Jiewen Yao , Chao Zhang , Jian J Wang , Hao A Wu , Liming Gao , Jordan Justen , Ard Biesheuvel , Andrew Fish , Ray Ni , Anthony Perard , Julien Grall , Maurice Ma , Guo Dong , Benjamin You References: <11a89bca-ea96-9ba0-2177-e995b98e6943@redhat.com> <6d21e1a2-f0e7-35a0-7c2e-7798d21f86e9@redhat.com> <8b7785a4-2b11-f5f8-ed23-65b672e4f9c4@redhat.com> From: "Michael Kubacki" Message-ID: Date: Tue, 12 May 2020 10:20:41 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 In-Reply-To: <8b7785a4-2b11-f5f8-ed23-65b672e4f9c4@redhat.com> X-ClientProxiedBy: MWHPR19CA0069.namprd19.prod.outlook.com (2603:10b6:300:94::31) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <434eaba5-1706-ef89-b0ac-03683535add9@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [IPv6:2001:4898:d8:39:925:94f3:de95:dcdc] (2001:4898:80e8:7:8946:94f3:de95:dcdc) by MWHPR19CA0069.namprd19.prod.outlook.com (2603:10b6:300:94::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20 via Frontend Transport; Tue, 12 May 2020 17:20:41 +0000 X-Microsoft-Original-Message-ID: <434eaba5-1706-ef89-b0ac-03683535add9@outlook.com> X-TMN: [uIHjuP7f46p+sGYjZgkRD1K4MJ25MesYTH3blhYcDqAZHCNKOGvwbNu0Je2nzz65] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 50 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 8df29d2e-2533-4d8f-6b82-08d7f698cc2e X-MS-TrafficTypeDiagnostic: SN1NAM04HT072: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mIFXCsEONMhUEEaqOztPJGgwovJqsUmJEF2tA7aIaQmnRbyZADQsikhBpjMPe/mTE3dXC2EQr1i2KbHC/rhw1Fq3LZHg2hKSgVk1UOWep3a/SKb1IOWzOTiBaLmCoVv3rcZI/qZRWeUzVxLk1qTu7nSggGy+yBqUTBq6IH9lTLmkVeOm7yJk1BpIVFAyZkX5hPV05mZZo2DHPwSBIW+SGWREegYYvvb7Oe7HvRzbylFcEE5OP5tcIeHoLr9s+GYD X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: D2TpdSuDN7+jLjcGJctj0MfVlyaUet9Ol6gglGxQZW+0SEJOmKCHNqP51O+kWX9fZ/uECF7wmtkSA1LWhCbpdAp5jo7c2OdXq5A6XZjrOTlv0SF1hFBIbpO0Wc93pN6HhIa8+RyJRI7a1aPRIhc5jD3yLl32aJ7XPofhcc2gsncgGOPoBhJsBbhbKfMgZtMXXPfnbwESY4W6wF5Ro1DGgg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8df29d2e-2533-4d8f-6b82-08d7f698cc2e X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 17:20:41.9769 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT072 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit While most of the feedback in the series is relevant for the author (Bret), this is a change I will make for the patches I generate. Thanks, Michael On 5/12/2020 5:37 AM, Laszlo Ersek wrote: > On 05/12/20 14:15, Laszlo Ersek wrote: >> On 05/12/20 13:52, Laszlo Ersek wrote: >>> On 05/12/20 08:46, Michael Kubacki wrote: >>>> From: Michael Kubacki >>>> >>>> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2522 >>>> >>>> The 12 patches in this series add the VariablePolicy feature to the >>>> core, deprecate Edk2VarLock (while adding a compatibility layer to >>>> reduce code churn), and integrate the VariablePolicy libraries and >>>> protocols into Variable Services. >>>> >>>> Since the integration requires multiple changes, including adding >>>> libraries, a protocol, an SMI communication handler, and >>>> VariableServices integration, the patches are broken up by >>>> individual library additions and then a final integration. >>>> Security-sensitive changes like bypassing Authenticated Variable >>>> enforcement are also broken out into individual patches so that >>>> attention can be called directly to them. > > (4) Can you please run SetupGit.py in your edk2 clone, for the future? > > It will mark the DEC, DSC, etc "ini-style" files with the "diff=ini" > attribute. Furthermore, it will set the "xfuncname" knob for the > "diff=ini"-marked files. > > As a result, when you format a patch that modifies e.g. a DSC file, the > "@@" hunk headers will display the section being modified. For example: > >> @@ -492,6 +496,9 @@ [PcdsFixedAtBuild] >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000 >> !endif >> >> + # Optional: Omit if VariablePolicy should be always-on. >> + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable|TRUE >> + >> gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 >> >> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 > > Note that the "@@" hunk header now states "[PcdsFixedAtBuild]". It tells > me as a reviewer about the access method of the PCD that was chosen for > OvmfPkg. > > Such hunk headers improve reviewer throughput quite a bit. > > Thanks, > Laszlo >