From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 20BCED8003E for ; Mon, 4 Dec 2023 11:40:55 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=rNsDuykLK/lwKqT3aSsL7ZeYfoHitiUIxAxHHt6SFBk=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition:Content-Transfer-Encoding; s=20140610; t=1701690054; v=1; b=mltVftLl5enaEjjvUcEP9kjazzWKdcqqdeLNjavXXdTecZaFPQG6jjwRiThWv8/EJLkuJ8o4 WgBeHX3Pevzkjf/Xa1szf7qJpfs1RQYA+K69g/rPrLxSh/6byLC+HHB8ffp3HF0sxqpy2XpwbaH UN7EKC/YPzCB3naA2Q4c4Kk8= X-Received: by 127.0.0.2 with SMTP id B2A3YY7687511xZQnLkiTmQy; Mon, 04 Dec 2023 03:40:54 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.67361.1701690054112765400 for ; Mon, 04 Dec 2023 03:40:54 -0800 X-Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-627-I2nK7wkgMx-v89wHYqUNTg-1; Mon, 04 Dec 2023 06:40:51 -0500 X-MC-Unique: I2nK7wkgMx-v89wHYqUNTg-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 163F73C00202; Mon, 4 Dec 2023 11:40:51 +0000 (UTC) X-Received: from dobby.home.kraxel.org (unknown [10.39.194.201]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CC679492BE0; Mon, 4 Dec 2023 11:40:50 +0000 (UTC) X-Received: by dobby.home.kraxel.org (Postfix, from userid 1000) id 4B38C76046; Mon, 4 Dec 2023 12:40:49 +0100 (CET) Date: Mon, 4 Dec 2023 12:40:49 +0100 From: "Gerd Hoffmann" To: Ard Biesheuvel Cc: devel@edk2.groups.io, Ard Biesheuvel , =?utf-8?B?TO+/vXN6bO+/vSDvv71yc2Vr?= , Oliver Steffen , Alexander Graf Subject: Re: [edk2-devel] [PATCH] ArmVirtPkg: Allow EFI memory attributes protocol to be disabled Message-ID: References: <20231204095215.1053032-1-ardb@google.com> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: OEZ9ckZepyTaYLVAlb7P41aUx7686176AA= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=mltVftLl; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) On Mon, Dec 04, 2023 at 11:57:43AM +0100, Ard Biesheuvel wrote: > On Mon, Dec 4, 2023 at 11:53 AM Gerd Hoffmann wrote: > > > > > So let's introduce a QEMU command line option to indicate that the > > > protocol should not be exposed at all. > > > > > > -fw_cfg opt/org.tianocore/DisableMemAttrProtocol,string=y > > > > Can we name this 'MemAttrProtocol={y,n}' so it works both ways (enabling > > and disabling) without double negative? > > > > Sure, but with the same behavior, right? > > =y means it will get installed > =n means it will get installed and uninstalled again > > > The fedora distro builds have the protocol disabled, and I'll keep it > > that way until we finally have fixed shim.efi builds. Having the option > > to enable this would be nice though. > > > > So how did you disable the protocol? That part is not upstream afaik. Yes, right now it's a fedora-specific patch. Which I'd drop in favor of this patch, or a slightly modified version of it. > We can disable the protocol via this method but how would you set it > to =n by default? if (Status != EFI_SUCCESS) // opt/org.tiabocode/MemAttrProtocol not present on the qemu cmdline MemAttrProtocol = ThisBuildsDefault } take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112036): https://edk2.groups.io/g/devel/message/112036 Mute This Topic: https://groups.io/mt/102967690/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-