From: "Wang, Jian J" <jian.j.wang@intel.com>
To: gaoliming <gaoliming@byosoft.com.cn>,
'Laszlo Ersek' <lersek@redhat.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Mistry, Nishant C" <nishant.c.mistry@intel.com>
Cc: "afish@apple.com" <afish@apple.com>,
'Leif Lindholm' <leif@nuviainc.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
Date: Mon, 23 Nov 2020 05:23:13 +0000 [thread overview]
Message-ID: <SN6PR11MB3312C222D5CEA363DE317A4DB6FC0@SN6PR11MB3312.namprd11.prod.outlook.com> (raw)
In-Reply-To: <01b601d6c134$163599c0$42a0cd40$@byosoft.com.cn>
Liming,
I'm ok to revert the patch. Thanks doing it.
Jiewen,
Currently the RpmcLib has no real users in edk2 master. I don't see reasons
to keep old interface. Besides, new interface can be used for one RPMC use
case (e.g. defining a default RPMC index), even if variable protection feature
just needs one eventually. From potential design change due to security
consideration, I prefer to just keep new interface to reduce the impact.
Regards,
Jian
> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Monday, November 23, 2020 9:01 AM
> To: 'Laszlo Ersek' <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Mistry, Nishant C
> <nishant.c.mistry@intel.com>
> Cc: afish@apple.com; 'Leif Lindholm' <leif@nuviainc.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> RpmcLib
>
> Thanks for your comments. If no other comments, I will sent the patch to revert
> this patch.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: Laszlo Ersek <lersek@redhat.com>
> > 发送时间: 2020年11月20日 19:02
> > 收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> > gaoliming@byosoft.com.cn; Wang, Jian J <jian.j.wang@intel.com>; Mistry,
> > Nishant C <nishant.c.mistry@intel.com>
> > 抄送: afish@apple.com; 'Leif Lindholm' <leif@nuviainc.com>; Kinney, Michael
> > D <michael.d.kinney@intel.com>
> > 主题: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
> >
> > On 11/20/20 08:11, Yao, Jiewen wrote:
> > > I agree with Liming.
> > >
> > > I recommend we follow the code-freeze process.
> > > "By the date of the soft feature freeze, developers must have sent their
> > patches to the mailing list and received positive maintainer reviews
> > (Reviewed-by or Acked-by tags)."
> > >
> > > The re-design could be compatible in some way. For example, we can keep
> > old API and define RequestMonotonicCounterEx(),
> > IncrementMonotonicCounterEx().
> > >
> > > I am also thinking that we should check in together with a lib consumer to
> > show the design to see what is really needed for the counter index.
> > >
> > > So I vote to revert the change.
> >
> > I agree. Without knowing many of the details:
> >
> > The patch references
> > <https://bugzilla.tianocore.org/show_bug.cgi?id=2594>, and that ticket
> > is a TianoCore Feature Request. Additionally, comment#0 on the BZ says:
> >
> > "Two more features are needed to be added to non-volatile variable
> > services [...] This BZ is for RPMC based solution only".
> >
> > I think the patch should not have been committed.
> >
> > Thanks
> > Laszlo
> >
> > >
> > >> -----Original Message-----
> > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > >> gaoliming
> > >> Sent: Friday, November 20, 2020 2:55 PM
> > >> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Mistry,
> > >> Nishant C <nishant.c.mistry@intel.com>
> > >> Cc: afish@apple.com; lersek@redhat.com; 'Leif Lindholm'
> > >> <leif@nuviainc.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> > >> Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >> RpmcLib
> > >>
> > >> Jian:
> > >> The commit message mentions that the re-design requires multiple
> > RPMC
> > >> counter usages.
> > >> The library API is also updated to support multiple RPMC. So, I think this
> > >> is new feature.
> > >>
> > >> But, this is just my idea. I would like to collect more feedback from the
> > >> mail list.
> > >>
> > >> Thanks
> > >> Liming
> > >>> -----邮件原件-----
> > >>> 发件人: Wang, Jian J <jian.j.wang@intel.com>
> > >>> 发送时间: 2020年11月20日 14:33
> > >>> 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn; Mistry,
> > >> Nishant C
> > >>> <nishant.c.mistry@intel.com>
> > >>> 主题: RE: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >> RpmcLib
> > >>>
> > >>> Liming,
> > >>>
> > >>> Sorry, I didn't notice it. But the patch was just updating the existing
> > >> code. It'd
> > >>> be
> > >>> more like bug fix than feature, I think.
> > >>>
> > >>> Regards,
> > >>> Jian
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > >>> gaoliming
> > >>>> Sent: Friday, November 20, 2020 2:27 PM
> > >>>> To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>;
> > Mistry,
> > >>>> Nishant C <nishant.c.mistry@intel.com>
> > >>>> Cc: gaoliming@byosoft.com.cn
> > >>>> Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to
> > the
> > >>>> RpmcLib
> > >>>>
> > >>>> Jian:
> > >>>> This change is like a feature instead of bug fix. Now, we are in soft
> > >>>> feature freeze phase.
> > >>>> According to SFF definition
> > >>>>
> > https://github.com/tianocore/tianocore.github.io/wiki/SoftFeatureFreeze,
> > >>>> this feature should be deferred to next stable tag.
> > >>>>
> > >>>> So, I suggest to revert this change, and merge it after the stable tag
> > >>>> 202011.
> > >>>>
> > >>>> Thanks
> > >>>> Liming
> > >>>>> -----邮件原件-----
> > >>>>> 发件人: bounce+27952+67669+4905953+8761045@groups.io
> > >>>>> <bounce+27952+67669+4905953+8761045@groups.io> 代表 Wang,
> > >>> Jian J
> > >>>>> 发送时间: 2020年11月18日 11:35
> > >>>>> 收件人: devel@edk2.groups.io; Mistry, Nishant C
> > >>>>> <nishant.c.mistry@intel.com>
> > >>>>> 主题: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >>> RpmcLib
> > >>>>>
> > >>>>>
> > >>>>> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> > >>>>>
> > >>>>> Regards,
> > >>>>> Jian
> > >>>>>
> > >>>>>> -----Original Message-----
> > >>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > >>> Nishant
> > >>>>>> Mistry
> > >>>>>> Sent: Thursday, November 12, 2020 2:49 AM
> > >>>>>> To: devel@edk2.groups.io
> > >>>>>> Subject: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
> > >>> RpmcLib
> > >>>>>>
> > >>>>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
> > >>>>>>
> > >>>>>> The re-design requires multiple RPMC counter usages.
> > >>>>>> The consumer will be capable of selecting amongst multiple counters.
> > >>>>>>
> > >>>>>> Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
> > >>>>>> ---
> > >>>>>> SecurityPkg/Include/Library/RpmcLib.h | 6 +++++-
> > >>>>>> SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 6 +++++-
> > >>>>>> 2 files changed, 10 insertions(+), 2 deletions(-)
> > >>>>>>
> > >>>>>> diff --git a/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> b/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> index 5882bfae2f..3c15bce1ce 100644
> > >>>>>> --- a/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> +++ b/SecurityPkg/Include/Library/RpmcLib.h
> > >>>>>> @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >>>>>> /**
> > >>>>>> Requests the monotonic counter from the designated RPMC
> > >>> counter.
> > >>>>>>
> > >>>>>> + @param[in] CounterIndex The RPMC index
> > >>>>>> @param[out] CounterValue A pointer to a
> > buffer
> > >>> to
> > >>>>> store the RPMC
> > >>>>>> value.
> > >>>>>>
> > >>>>>> @retval EFI_SUCCESS The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>> @@ -23,12 +24,15 @@ SPDX-License-Identifier:
> > BSD-2-Clause-Patent
> > >>>>>> EFI_STATUS
> > >>>>>> EFIAPI
> > >>>>>> RequestMonotonicCounter (
> > >>>>>> + IN UINT8 CounterIndex,
> > >>>>>> OUT UINT32 *CounterValue
> > >>>>>> );
> > >>>>>>
> > >>>>>> /**
> > >>>>>> Increments the monotonic counter in the SPI flash device by 1.
> > >>>>>>
> > >>>>>> + @param[in] CounterIndex The RPMC index
> > >>>>>> +
> > >>>>>> @retval EFI_SUCCESS The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>> @retval EFI_DEVICE_ERROR A device error
> > >>> occurred
> > >>>>> while attempting
> > >>>>>> to update the counter.
> > >>>>>> @retval EFI_UNSUPPORTED The operation is
> > >>>>> un-supported.
> > >>>>>> @@ -36,7 +40,7 @@ RequestMonotonicCounter (
> > >>>>>> EFI_STATUS
> > >>>>>> EFIAPI
> > >>>>>> IncrementMonotonicCounter (
> > >>>>>> - VOID
> > >>>>>> + IN UINT8 CounterIndex
> > >>>>>> );
> > >>>>>>
> > >>>>>> #endif
> > >>>>>> diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> index e1dd09eb10..697e493a7c 100644
> > >>>>>> --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> +++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
> > >>>>>> @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >>>>>> /**
> > >>>>>> Requests the monotonic counter from the designated RPMC
> > >>> counter.
> > >>>>>>
> > >>>>>> + @param[in] CounterIndex The RPMC index
> > >>>>>> @param[out] CounterValue A pointer to a
> > buffer
> > >>> to
> > >>>>> store the RPMC
> > >>>>>> value.
> > >>>>>>
> > >>>>>> @retval EFI_SUCCESS The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>> @@ -21,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >>>>>> EFI_STATUS
> > >>>>>> EFIAPI
> > >>>>>> RequestMonotonicCounter (
> > >>>>>> + IN UINT8 CounterIndex,
> > >>>>>> OUT UINT32 *CounterValue
> > >>>>>> )
> > >>>>>> {
> > >>>>>> @@ -31,6 +33,8 @@ RequestMonotonicCounter (
> > >>>>>> /**
> > >>>>>> Increments the monotonic counter in the SPI flash device by 1.
> > >>>>>>
> > >>>>>> + @param[in] CounterIndex The RPMC index
> > >>>>>> +
> > >>>>>> @retval EFI_SUCCESS The operation
> > >>> completed
> > >>>>> successfully.
> > >>>>>> @retval EFI_DEVICE_ERROR A device error
> > >>> occurred
> > >>>>> while attempting
> > >>>>>> to update the counter.
> > >>>>>> @retval EFI_UNSUPPORTED The operation is
> > >>>>> un-supported.
> > >>>>>> @@ -38,7 +42,7 @@ RequestMonotonicCounter (
> > >>>>>> EFI_STATUS
> > >>>>>> EFIAPI
> > >>>>>> IncrementMonotonicCounter (
> > >>>>>> - VOID
> > >>>>>> + IN UINT8 CounterIndex
> > >>>>>> )
> > >>>>>> {
> > >>>>>> ASSERT (FALSE);
> > >>>>>> --
> > >>>>>> 2.16.2.windows.1
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
>
>
next prev parent reply other threads:[~2020-11-23 5:23 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-11 18:49 [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib Nishant Mistry
2020-11-18 3:35 ` [edk2-devel] " Wang, Jian J
2020-11-20 6:26 ` 回复: " gaoliming
2020-11-20 6:32 ` Wang, Jian J
2020-11-20 6:54 ` 回复: " gaoliming
2020-11-20 7:11 ` Yao, Jiewen
2020-11-20 11:02 ` Laszlo Ersek
2020-11-23 1:00 ` 回复: " gaoliming
2020-11-23 5:23 ` Wang, Jian J [this message]
2020-11-23 6:58 ` Yao, Jiewen
2020-11-20 7:38 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN6PR11MB3312C222D5CEA363DE317A4DB6FC0@SN6PR11MB3312.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox