From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61]) by mx.groups.io with SMTP id smtpd.web12.564.1580490734753533837 for ; Fri, 31 Jan 2020 09:12:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KbPP7NsX; spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580490733; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XuuVWZwAi5ey80rhAjxO8K7meFtC2lc+kCHfGvHUHxQ=; b=KbPP7NsX7x6vDP4vrE8LUYoRBiTW8rVO6E73mtrRcubBjyLKxmjjeMlfxWFEEgm6KECFsv 0Diat94M5c/QLadF4EMKYujXDy/3p6aoFQy6c8EM/Jfkj8CnXNU5/D6TwKDUdBympDjVbu VVsBwGrEapzqCCpMJIiIVltMDiSUL0s= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-182-ycfZ8JUFOwmJCk_Mqpu8AQ-1; Fri, 31 Jan 2020 12:12:04 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8D62A100551A; Fri, 31 Jan 2020 17:12:03 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-99.ams2.redhat.com [10.36.116.99]) by smtp.corp.redhat.com (Postfix) with ESMTP id 59F835DAAC; Fri, 31 Jan 2020 17:12:02 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy From: "Laszlo Ersek" To: "Kinney, Michael D" , "devel@edk2.groups.io" Cc: "Zhang, Chao B" , "Wang, Jian J" , "Yao, Jiewen" References: <20200116190705.18816-1-lersek@redhat.com> <45017d12-10e1-8a9b-2997-c8fa42fc1049@redhat.com> <75ea6a41-96e3-4526-1158-6e3cd83c2767@redhat.com> Message-ID: Date: Fri, 31 Jan 2020 18:12:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <75ea6a41-96e3-4526-1158-6e3cd83c2767@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: ycfZ8JUFOwmJCk_Mqpu8AQ-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 01/31/20 18:00, Laszlo Ersek wrote: > On 01/31/20 17:31, Kinney, Michael D wrote: >> Laszlo, >> >> I think a new BZ is a good idea. I am sure there is more >> history here and more discussion required on this invalid >> policy PCD setting case. >> >> I would also like to see a DEBUG() message or even better >> a REPORT_STATUS_CODE() for an invalid policy PCD setting >> and I would like platform policy to decide if the platform >> should deadloop or continue with EFI_ACCESS_DENIED. By >> putting the deadloop in this function, it takes away the >> option for the platform to make that decision. >> >> I also find ASSERT(FALSE) harder to triage. I prefer the >> debug log to provide some indication of the cause of the >> assert. Then I can go look up the file/line number for >> more context. > > OK. I'll abandon the patch, and only open a BZ with this information. > It's best if the SecurityPkg reviewers evaluate it carefully. Here's the ticket: https://bugzilla.tianocore.org/show_bug.cgi?id=2497 Thanks, Laszlo