I'm confused about something and hope I can help some help understanding this.
If we have a signed FV that is extracted in PEI it doesn't look like the AuthenticationStatus gets propagated to DXE. The hob doesn't store authentication status and the core products FVB with AuthenticationStatus forced to zero, even though the FV was signed and verified. This seems to mess up policy code we want to have in DXE because it is not accurate. MdeModulePkg\Core\Dxe\FwVolBlock\FwVolBlock.c, FwVolBlockDriverInit: while ((FvHob.Raw = GetNextHob (EFI_HOB_TYPE_FV, FvHob.Raw)) != NULL) { // // Produce an FVB protocol for it // ProduceFVBProtocolOnBuffer (FvHob.FirmwareVolume->BaseAddress, FvHob.FirmwareVolume->Length, NULL, 0, NULL); FvHob.Raw = GET_NEXT_HOB (FvHob); } Is this expected? How would DXE policy code know if the FV was verified in PEI? Thanks, Eugene _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel