I appreciate the suggestions on how to add PEI fw_cfg parsing support --
it should speed up the investigation/implementation.
The focus of this series is a more-or-less lateral update from the PCDs
to the new interface, and even then this transitional series
has grown quite long and still has zero reviewed-bys 3 months in. There
are many more functional and test updates to come which
can be done in parallel once this series is complete. The currently
planned work can be found on the Tianocore Memory Protections project
(https://github.com/orgs/tianocore/projects/3). I'll add an item there
to add fw_cfg parsing support for PEI ArmVirt and assign myself.
Any more task suggestions are welcome :)
In this series, I'll add a FixedAtBuild PCD to ArmVirtPkg which will
dictate the protection profile used for the boot. The default will be
the release profile. I'll also make the other updates mentioned in this
thread.
-Taylor
On 10/5/2023 5:57 AM, Laszlo Ersek wrote:
On 10/5/23 12:23, Gerd Hoffmann wrote:
Hi,
An Arm compatible PEIM instance of QemuFwCfgLib will need to be created.
I'm happy to look into it, but I don't want to hang up this patch series on
that addition. Instead, I'll set the protection policy for ArmVirtPkg to
the equivalent of the new GrubCompat profile in this series.
Can you base the default policy (i.e., the one that takes effect in the
absence of fw_cfg) on a PCD?
That would be nice indeed.
While being at it: Does it make sense to have *two* defaults, one for
secureboot=on (strict) and one for secureboot=off (compat) ?
I'm not sure, for now we can't enforce truly secure secure boot anyway.
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109403): https://edk2.groups.io/g/devel/message/109403
Mute This Topic: https://groups.io/mt/101469960/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
