public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: gaoliming <gaoliming@byosoft.com.cn>,
	'Laszlo Ersek' <lersek@redhat.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Mistry, Nishant C" <nishant.c.mistry@intel.com>
Cc: "afish@apple.com" <afish@apple.com>,
	'Leif Lindholm' <leif@nuviainc.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
Date: Mon, 23 Nov 2020 05:23:13 +0000	[thread overview]
Message-ID: <SN6PR11MB3312C222D5CEA363DE317A4DB6FC0@SN6PR11MB3312.namprd11.prod.outlook.com> (raw)
In-Reply-To: <01b601d6c134$163599c0$42a0cd40$@byosoft.com.cn>

Liming,
I'm ok to revert the patch. Thanks doing it.

Jiewen,
Currently the RpmcLib has no real users in edk2 master. I don't see reasons
to keep old interface. Besides, new interface can be used for one RPMC use
case (e.g. defining a default RPMC index), even if variable protection feature
just needs one eventually. From potential design change due to security
consideration, I prefer to just keep new interface to reduce the impact.

Regards,
Jian

> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Monday, November 23, 2020 9:01 AM
> To: 'Laszlo Ersek' <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>
> Cc: afish@apple.com; 'Leif Lindholm' <leif@nuviainc.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> RpmcLib
> 
> Thanks for your comments. If no other comments, I will sent the patch to revert
> this patch.
> 
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: Laszlo Ersek <lersek@redhat.com>
> > 发送时间: 2020年11月20日 19:02
> > 收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> > gaoliming@byosoft.com.cn; Wang, Jian J <jian.j.wang@intel.com>; Mistry,
> > Nishant C <nishant.c.mistry@intel.com>
> > 抄送: afish@apple.com; 'Leif Lindholm' <leif@nuviainc.com>; Kinney, Michael
> > D <michael.d.kinney@intel.com>
> > 主题: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
> >
> > On 11/20/20 08:11, Yao, Jiewen wrote:
> > > I agree with Liming.
> > >
> > > I recommend we follow the code-freeze process.
> > > 	"By the date of the soft feature freeze, developers must have sent their
> > patches to the mailing list and received positive maintainer reviews
> > (Reviewed-by or Acked-by tags)."
> > >
> > > The re-design could be compatible in some way. For example, we can keep
> > old API and define RequestMonotonicCounterEx(),
> > IncrementMonotonicCounterEx().
> > >
> > > I am also thinking that we should check in together with a lib consumer to
> > show the design to see what is really needed for the counter index.
> > >
> > > So I vote to revert the change.
> >
> > I agree. Without knowing many of the details:
> >
> > The patch references
> > <https://bugzilla.tianocore.org/show_bug.cgi?id=2594>, and that ticket
> > is a TianoCore Feature Request. Additionally, comment#0 on the BZ says:
> >
> > "Two more features are needed to be added to non-volatile variable
> > services [...] This BZ is for RPMC based solution only".
> >
> > I think the patch should not have been committed.
> >
> > Thanks
> > Laszlo
> >
> > >
> > >> -----Original Message-----
> > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > >> gaoliming
> > >> Sent: Friday, November 20, 2020 2:55 PM
> > >> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Mistry,
> > >> Nishant C <nishant.c.mistry@intel.com>
> > >> Cc: afish@apple.com; lersek@redhat.com; 'Leif Lindholm'
> > >> <leif@nuviainc.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> > >> Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >> RpmcLib
> > >>
> > >> Jian:
> > >>  The commit message mentions that the re-design requires multiple
> > RPMC
> > >> counter usages.
> > >>  The library API is also updated to support multiple RPMC. So, I think this
> > >> is new feature.
> > >>
> > >>  But, this is just my idea. I would like to collect more feedback from the
> > >> mail list.
> > >>
> > >> Thanks
> > >> Liming
> > >>> -----邮件原件-----
> > >>> 发件人: Wang, Jian J <jian.j.wang@intel.com>
> > >>> 发送时间: 2020年11月20日 14:33
> > >>> 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn; Mistry,
> > >> Nishant C
> > >>> <nishant.c.mistry@intel.com>
> > >>> 主题: RE: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >> RpmcLib
> > >>>
> > >>> Liming,
> > >>>
> > >>> Sorry, I didn't notice it. But the patch was just updating the existing
> > >> code. It'd
> > >>> be
> > >>> more like bug fix than feature, I think.
> > >>>
> > >>> Regards,
> > >>> Jian
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > >>> gaoliming
> > >>>> Sent: Friday, November 20, 2020 2:27 PM
> > >>>> To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>;
> > Mistry,
> > >>>> Nishant C <nishant.c.mistry@intel.com>
> > >>>> Cc: gaoliming@byosoft.com.cn
> > >>>> Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to
> > the
> > >>>> RpmcLib
> > >>>>
> > >>>> Jian:
> > >>>>  This change is like a feature instead of bug fix. Now, we are in soft
> > >>>> feature freeze phase.
> > >>>>  According to SFF definition
> > >>>>
> > https://github.com/tianocore/tianocore.github.io/wiki/SoftFeatureFreeze,
> > >>>>  this feature should be deferred to next stable tag.
> > >>>>
> > >>>>  So, I suggest to revert this change, and merge it after the stable tag
> > >>>> 202011.
> > >>>>
> > >>>> Thanks
> > >>>> Liming
> > >>>>> -----邮件原件-----
> > >>>>> 发件人: bounce+27952+67669+4905953+8761045@groups.io
> > >>>>> <bounce+27952+67669+4905953+8761045@groups.io> 代表 Wang,
> > >>> Jian J
> > >>>>> 发送时间: 2020年11月18日 11:35
> > >>>>> 收件人: devel@edk2.groups.io; Mistry, Nishant C
> > >>>>> <nishant.c.mistry@intel.com>
> > >>>>> 主题: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >>> RpmcLib
> > >>>>>
> > >>>>>
> > >>>>> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> > >>>>>
> > >>>>> Regards,
> > >>>>> Jian
> > >>>>>
> > >>>>>> -----Original Message-----
> > >>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > >>> Nishant
> > >>>>>> Mistry
> > >>>>>> Sent: Thursday, November 12, 2020 2:49 AM
> > >>>>>> To: devel@edk2.groups.io
> > >>>>>> Subject: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >>> RpmcLib
> > >>>>>>
> > >>>>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> > >>>>>>
> > >>>>>> The re-design requires multiple RPMC counter usages.
> > >>>>>> The consumer will be capable of selecting amongst multiple counters.
> > >>>>>>
> > >>>>>> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > >>>>>> ---
> > >>>>>>  SecurityPkg/Include/Library/RpmcLib.h         | 6 +++++-
> > >>>>>>  SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 6 +++++-
> > >>>>>>  2 files changed, 10 insertions(+), 2 deletions(-)
> > >>>>>>
> > >>>>>> diff --git a/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> b/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> index 5882bfae2f..3c15bce1ce 100644
> > >>>>>> --- a/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> +++ b/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >>>>>>  /**
> > >>>>>>    Requests the monotonic counter from the designated RPMC
> > >>> counter.
> > >>>>>>
> > >>>>>> +  @param[in]    CounterIndex            The RPMC index
> > >>>>>>    @param[out]   CounterValue            A pointer to a
> > buffer
> > >>> to
> > >>>>> store the RPMC
> > >>>>>> value.
> > >>>>>>
> > >>>>>>    @retval       EFI_SUCCESS             The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>> @@ -23,12 +24,15 @@ SPDX-License-Identifier:
> > BSD-2-Clause-Patent
> > >>>>>>  EFI_STATUS
> > >>>>>>  EFIAPI
> > >>>>>>  RequestMonotonicCounter (
> > >>>>>> +  IN  UINT8   CounterIndex,
> > >>>>>>    OUT UINT32  *CounterValue
> > >>>>>>    );
> > >>>>>>
> > >>>>>>  /**
> > >>>>>>    Increments the monotonic counter in the SPI flash device by 1.
> > >>>>>>
> > >>>>>> +  @param[in]    CounterIndex            The RPMC index
> > >>>>>> +
> > >>>>>>    @retval       EFI_SUCCESS             The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>>    @retval       EFI_DEVICE_ERROR        A device error
> > >>> occurred
> > >>>>> while attempting
> > >>>>>> to update the counter.
> > >>>>>>    @retval       EFI_UNSUPPORTED         The operation is
> > >>>>> un-supported.
> > >>>>>> @@ -36,7 +40,7 @@ RequestMonotonicCounter (
> > >>>>>>  EFI_STATUS
> > >>>>>>  EFIAPI
> > >>>>>>  IncrementMonotonicCounter (
> > >>>>>> -  VOID
> > >>>>>> +  IN  UINT8   CounterIndex
> > >>>>>>    );
> > >>>>>>
> > >>>>>>  #endif
> > >>>>>> diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> index e1dd09eb10..697e493a7c 100644
> > >>>>>> --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> +++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >>>>>>  /**
> > >>>>>>    Requests the monotonic counter from the designated RPMC
> > >>> counter.
> > >>>>>>
> > >>>>>> +  @param[in]    CounterIndex            The RPMC index
> > >>>>>>    @param[out]   CounterValue            A pointer to a
> > buffer
> > >>> to
> > >>>>> store the RPMC
> > >>>>>> value.
> > >>>>>>
> > >>>>>>    @retval       EFI_SUCCESS             The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>> @@ -21,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >>>>>>  EFI_STATUS
> > >>>>>>  EFIAPI
> > >>>>>>  RequestMonotonicCounter (
> > >>>>>> +  IN  UINT8   CounterIndex,
> > >>>>>>    OUT UINT32  *CounterValue
> > >>>>>>    )
> > >>>>>>  {
> > >>>>>> @@ -31,6 +33,8 @@ RequestMonotonicCounter (
> > >>>>>>  /**
> > >>>>>>    Increments the monotonic counter in the SPI flash device by 1.
> > >>>>>>
> > >>>>>> +  @param[in]    CounterIndex            The RPMC index
> > >>>>>> +
> > >>>>>>    @retval       EFI_SUCCESS             The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>>    @retval       EFI_DEVICE_ERROR        A device error
> > >>> occurred
> > >>>>> while attempting
> > >>>>>> to update the counter.
> > >>>>>>    @retval       EFI_UNSUPPORTED         The operation is
> > >>>>> un-supported.
> > >>>>>> @@ -38,7 +42,7 @@ RequestMonotonicCounter (
> > >>>>>>  EFI_STATUS
> > >>>>>>  EFIAPI
> > >>>>>>  IncrementMonotonicCounter (
> > >>>>>> -  VOID
> > >>>>>> +  IN  UINT8   CounterIndex
> > >>>>>>    )
> > >>>>>>  {
> > >>>>>>    ASSERT (FALSE);
> > >>>>>> --
> > >>>>>> 2.16.2.windows.1
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> 
> > >>
> > >
> 
> 


  reply	other threads:[~2020-11-23  5:23 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-11 18:49 [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib Nishant Mistry
2020-11-18  3:35 ` [edk2-devel] " Wang, Jian J
2020-11-20  6:26   ` 回复: " gaoliming
2020-11-20  6:32     ` Wang, Jian J
2020-11-20  6:54       ` 回复: " gaoliming
2020-11-20  7:11         ` Yao, Jiewen
2020-11-20 11:02           ` Laszlo Ersek
2020-11-23  1:00             ` 回复: " gaoliming
2020-11-23  5:23               ` Wang, Jian J [this message]
2020-11-23  6:58                 ` Yao, Jiewen
2020-11-20  7:38   ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=SN6PR11MB3312C222D5CEA363DE317A4DB6FC0@SN6PR11MB3312.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox