From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web09.1116.1625072931731931235 for ; Wed, 30 Jun 2021 10:08:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IFlA0NEY; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1625072930; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yupXtVTjeGXRqw8shQwiNm4Tmj/Js1wS+lGbY3rhxH8=; b=IFlA0NEYhaI621eF9tL9rlITsx+DmQP8lYn6UrwMxbzh5GOtDe/oRVOLSH6Pb5j1YeU+JR fWklVynmGNXWxOBggLUB3+wuH5C3L4o1axGQk7d1DqU7KvUFAKk+TLmVgRjDbY7b59osgo MU4U7JD0QWXPuMPctwtYS2dfwkNCJbw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-595-QfdTMeYQM-6YJptVdZ3ojQ-1; Wed, 30 Jun 2021 13:08:49 -0400 X-MC-Unique: QfdTMeYQM-6YJptVdZ3ojQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 07E1C1009446; Wed, 30 Jun 2021 17:08:43 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-100.ams2.redhat.com [10.36.112.100]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8FCF75D719; Wed, 30 Jun 2021 17:08:36 +0000 (UTC) Subject: Re: [PATCH v4 2/8] ArmVirtPkg: add SecureBootVariableLib class resolution To: Grzegorz Bernacki , devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie References: <20210630123412.996158-1-gjb@semihalf.com> <20210630123412.996158-3-gjb@semihalf.com> From: "Laszlo Ersek" Message-ID: Date: Wed, 30 Jun 2021 19:08:35 +0200 MIME-Version: 1.0 In-Reply-To: <20210630123412.996158-3-gjb@semihalf.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 06/30/21 14:34, Grzegorz Bernacki wrote: > The edk2 patch > SecurityPkg: Create library for setting Secure Boot variables. > > removes generic functions from SecureBootConfigDxe and places > them into SecureBootVariableLib. This patch adds SecureBootVariableLib > mapping for ArmVirtPkg platform. > > Signed-off-by: Grzegorz Bernacki > --- > ArmVirtPkg/ArmVirt.dsc.inc | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index d9abadbe70..11c1f53537 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -168,6 +168,7 @@ > # > !if $(SECURE_BOOT_ENABLE) == TRUE > AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > > # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree > PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf > I know a new version is coming up, but one comment still: you should please make this series bisectable. That is, the series should build at every stage. That implies the following approach (each step below corresponds to a patch, or to a sequence of patches): - introduce the new library (class and instance(s)) first, in isolation; this will duplicate the internal functions of SecureBootConfigDxe - add lib class resolution(s) to all platforms in edk2 (and edk2-platforms, possibly) that include SecureBootConfigDxe - replace the internal functions of SecureBootConfigDxe with the new library dependency. Right now, ArmVirtPkg platforms will definitely not build against your patch set applied up to and including only patch#1, because at patch#1, SecureBootConfigDxe depends on SecureBootVariableLib, but ArmVirtPkg doesn't yet resolve that lib class to any instance. Also, I don't see any OvmfPkg patch in the series... hm, well, there are OvmfPkg modifications, but they have been squashed into patch#3, "Intel Platforms: add SecureBootVariableLib class resolution". Regardless of whether we call OvmfPkg an "Intel Platform" -- I wouldn't, BTW --, OvmfPkg DSC updates need to go in their own, isolated patch. Same for EmulatorPkg -- separate patch please. Thanks, Laszlo