On 05/12/20 13:52, Laszlo Ersek wrote: > On 05/12/20 08:46, Michael Kubacki wrote: >> From: Michael Kubacki <michael.kuba...@microsoft.com> >> >> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2522 >> >> The 12 patches in this series add the VariablePolicy feature to the core, >> deprecate Edk2VarLock (while adding a compatibility layer to reduce code >> churn), and integrate the VariablePolicy libraries and protocols into >> Variable Services. >> >> Since the integration requires multiple changes, including adding libraries, >> a protocol, an SMI communication handler, and VariableServices integration, >> the patches are broken up by individual library additions and then a final >> integration. Security-sensitive changes like bypassing Authenticated >> Variable enforcement are also broken out into individual patches so that >> attention can be called directly to them. >> >> Platform porting instructions are described in this wiki entry: >> https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#platform-porting > > (1) This wiki article is helpful, thanks. > > I have one remark: there's a heading saying "VarCheckPolicyLib NULL > Instance": > > https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables#varcheckpolicylib-null-instance > > I think what's meant is "NULL class", not "NULL instance". > > (2) The following platform DSC files in edk2 include the non-SMM > variable driver > ("MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf"), > but they are not modified by this patch series: > > ArmVirtPkg/ArmVirtQemu.dsc > ArmVirtPkg/ArmVirtQemuKernel.dsc > ArmVirtPkg/ArmVirtXen.dsc > OvmfPkg/OvmfXen.dsc > UefiPayloadPkg/UefiPayloadPkgIa32.dsc > UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc > > I'm asking that you please (a) include a patch for ArmVirtPkg, (b) > update the OvmfPkg patch to cover "OvmfXen.dsc" too. > > Not sure about the UefiPayloadPkg platforms; please ask their maintainers. > > (I've CC'd the OvmfXen and UefiPayloadPkg maintainers/reviewers.)
(3) Could the wiki article please say a few words about what modules are supposed to turn this mechanism into an actual policy? I.e., what modules / use cases would consume the new protocol? In this series, the only INF file that gets a reference to the new protocol but is not related to the implementation of the protocol is VariablePolicyFuncTestApp. Thanks, Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#59273): https://edk2.groups.io/g/devel/message/59273 Mute This Topic: https://groups.io/mt/74153769/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
