From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ming.huang@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4864:20::543; helo=mail-pg1-x543.google.com;
 envelope-from=ming.huang@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-pg1-x543.google.com (mail-pg1-x543.google.com
 [IPv6:2607:f8b0:4864:20::543])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 6BC9921190716
 for <edk2-devel@lists.01.org>; Tue, 20 Nov 2018 04:40:40 -0800 (PST)
Received: by mail-pg1-x543.google.com with SMTP id v28so849503pgk.10
 for <edk2-devel@lists.01.org>; Tue, 20 Nov 2018 04:40:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=3ZEQM/9UO7TIUTlgLGMsJ1kKDcFp8s4/uy/ESh51KN8=;
 b=NAHNKdsqAV6VbAr6/AkSsFUZN3FfuIECTy9E1tbjtVn347da1SMfGroegbgNGq/Bop
 KlWKBGhyn1LuFt6435zVFH9yfIxLvn91vcHBKXpCsxYYjVZD9+urvuWscgdTl/6FKjTH
 KXoK3h9lu9mr8p7sDDVFVw79Jqy0AcHQSjySI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=3ZEQM/9UO7TIUTlgLGMsJ1kKDcFp8s4/uy/ESh51KN8=;
 b=hAm7tosjHlZZXsiPoh+l/w+2q3srceWg1BdmKZZ5PB6yArAuFyyzYeP3HBIBGoNZHh
 wMKpP476yR7Zk+ZpHQ1W81VxquuNQSWSBkmq5xvpKgbwbrHSutPQ0r1G2rPeQY5D/mkK
 aQN0V+XUAofJxo6G8Ho5uVDAFEBSHxDObCqdYPtXTGPhYbn68dgc7l1vtSeRCQ0aXdKL
 0it0XP1sCK23V+ccba6whqu0kAAwcpm+2FxFvjY4mMmgOnfKazDzHRfSju9qexjtdjVs
 SsM5YaNGmT3VhJkyenArm3vjgrqATAVzgAxtIkHG8OirFpL1wrlGs92EAyufTmhKInQy
 Cltw==
X-Gm-Message-State: AGRZ1gJ1inmkraH9h3SIRbewA5IqymtPIF0GDHEhgG2btgh5/L6s4Jq/
 FjJriMNa/qCNhi5pR/u8rmqkTA==
X-Google-Smtp-Source: AFSGD/WtGjH5jQLH1fC5rXQPhqAnrgZzgr5cBuR9g/5Zu0RjTikflZaTL2gPYrF+xq5ejxbXxf/ZSQ==
X-Received: by 2002:a63:960a:: with SMTP id c10mr1747441pge.106.1542717639599; 
 Tue, 20 Nov 2018 04:40:39 -0800 (PST)
Received: from [10.139.0.118] ([64.64.108.162])
 by smtp.gmail.com with ESMTPSA id v124-v6sm8625475pfb.182.2018.11.20.04.40.31
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 20 Nov 2018 04:40:38 -0800 (PST)
To: Leif Lindholm <leif.lindholm@linaro.org>
Cc: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org,
 graeme.gregory@linaro.org, ard.biesheuvel@linaro.org,
 michael.d.kinney@intel.com, lersek@redhat.com, wanghuiqiang@huawei.com,
 huangming23@huawei.com, zhangjinsong2@huawei.com, huangdaode@hisilicon.com,
 john.garry@huawei.com, xinliang.liu@linaro.org, zhangfeng56@huawei.com
References: <20181120090150.1102-1-ming.huang@linaro.org>
 <20181120090150.1102-2-ming.huang@linaro.org>
 <20181120121309.mwsoxljgjwy4yv7i@bivouac.eciton.net>
From: Ming Huang <ming.huang@linaro.org>
Message-ID: <db2a93a5-47ed-5ce3-d1c5-e13327bcdf13@linaro.org>
Date: Tue, 20 Nov 2018 20:40:28 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <20181120121309.mwsoxljgjwy4yv7i@bivouac.eciton.net>
Subject: Re: [PATCH edk2-platforms v3 1/5] Hisilicon/D0x: Fix secure boot bug in FlashFvbDxe
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 12:40:40 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit



On 11/20/2018 8:13 PM, Leif Lindholm wrote:
> On Tue, Nov 20, 2018 at 05:01:46PM +0800, Ming Huang wrote:
>> Now that the generic Variable Runtime DXE code no longer
>> distinguishes between gEfiVariableGuid and
>> gEfiAuthenticatedVariableGuid in the varstore FV header.
>> We can relax the check in the flashFvb driver to accept
>> either GUID regardless of whether we are running a secure
>> boot capable build or not.
> 
> We are still in a situation where D06 is not buildable with Secure
> Boot enabled though.
> 
> If you build with -D SECURE_BOOT_ENABLE=TRUE, you still end up with
> /work/git/edk2-platforms/Platform/Hisilicon/D06/D06.dsc(...): error
> 4000: Instance of library class [PlatformSecureLib] is not found
>       in [/work/git/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf] [AARCH64]
>       consumed by module [/work/git/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf]
> 
> And all Hisilicon platforms still use
> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
> regardless of Secure Boot setting.
> 
> So what problem does this patch solve? A runtime one?

This patch solve bug in FlashFvbDxe. Should I add a patch before this patch
to solve build error with -D SECURE_BOOT_ENABLE=TRUE in v4?

Thanks.

> 
> /
>     Leif
> 
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Ming Huang <ming.huang@linaro.org>
>> ---
>>  Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf | 1 +
>>  Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c   | 5 +++--
>>  2 files changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf
>> index f8be4741ef7c..a0226e0d87c0 100644
>> --- a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf
>> +++ b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf
>> @@ -44,6 +44,7 @@ [LibraryClasses]
>>    UefiRuntimeLib
>>  
>>  [Guids]
>> +  gEfiAuthenticatedVariableGuid
>>    gEfiSystemNvDataFvGuid
>>    gEfiVariableGuid
>>  
>> diff --git a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c
>> index e18cc9e06ec2..12baed41cd4e 100644
>> --- a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c
>> +++ b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c
>> @@ -189,7 +189,7 @@ InitializeFvAndVariableStoreHeaders (
>>      // VARIABLE_STORE_HEADER
>>      //
>>      VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + (UINTN)FirmwareVolumeHeader->HeaderLength);
>> -    CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid);
>> +    CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid);
>>      VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength;
>>      VariableStoreHeader->Format            = VARIABLE_STORE_FORMATTED;
>>      VariableStoreHeader->State             = VARIABLE_STORE_HEALTHY;
>> @@ -258,7 +258,8 @@ ValidateFvHeader (
>>      VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + (UINTN)FwVolHeader->HeaderLength);
>>  
>>      // Check the Variable Store Guid
>> -    if ( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == FALSE )
>> +    if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) &&
>> +        !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid))
>>      {
>>          DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid non-compatible\n"));
>>          return EFI_NOT_FOUND;
>> -- 
>> 2.9.5
>>