On 02/15/16 03:24, Zeng, Star wrote:
> On 2016/2/6 4:41, Laszlo Ersek wrote:
>> Before the merger of the authenticated and non-authenticated variable
>> drivers (commit fa0737a839d0), we had to match the varstore header
>> GUID in
>> "OvmfPkg/VarStore.fdf.inc" to SECURE_BOOT_ENABLE, because the opposite
>> GUID would cause either driver to fail an assertion. The header
>> structures
>> for individual variables residing in the varstore were different
>> (VARIABLE_HEADER vs. AUTHENTICATED_VARIABLE_HEADER), and each driver
>> could
>> only handle its own, so this GUID enforcement was necessary.
>>
>> Since the unification of the variable driver however, it treats (a)
>> variable store format, and (b) AuthVariableLib instance as independent
>> characteristics; it can always manipulate variable stores with both
>> header
>> types. All variations boot now; the difference is whether authenticated
>> variables, and special variables computed from them (like SecureBoot) are
>> supported at runtime:
>>
>> variable store non-auth auth
>> and SB
>> header GUID AuthVariableLib variables variables
>> -- --------------------- ------------------- -> ---------
>> -----------
>> 1 Variable SecurityPkg/... supported
>> unsupported
>> 2 Variable AuthVariableLibNull supported
>> unsupported
>> 3 AuthenticatedVariable SecurityPkg/... supported supported
>> 4 AuthenticatedVariable AuthVariableLibNull supported
>> unsupported
>>
>> At the moment, SECURE_BOOT_ENABLE selects between cases #2 (FALSE) and #3
>> (TRUE). That is, it controls both the varstore header GUID in
>> "OvmfPkg/VarStore.fdf.inc", and the AuthVariableLib resolution in the DSC
>> files.
>>
>> Exploiting the unified driver's flexibility, we can simplify
>> "OvmfPkg/VarStore.fdf.inc" by picking the AuthenticatedVariable GUID as a
>> constant, and letting SECURE_BOOT_ENABLE control only the AuthVariableLib
>> resolution. This amounts to SECURE_BOOT_ENABLE choosing between cases #3
>> (TRUE) and #4 (FALSE), with identical results as before.
>>
>> Cc: Jordan Justen <[email protected]>
>> Cc: Star Zeng <[email protected]>
>> Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/7319/focus=7344
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Laszlo Ersek <[email protected]>
>> ---
>> OvmfPkg/VarStore.fdf.inc | 9 +--------
>> 1 file changed, 1 insertion(+), 8 deletions(-)
>
> Reviewed-by: Star Zeng <[email protected]>
Thank you, and Happy New Year. :)
Laszlo
>
>>
>> diff --git a/OvmfPkg/VarStore.fdf.inc b/OvmfPkg/VarStore.fdf.inc
>> index 8f91e39..ce901c0 100644
>> --- a/OvmfPkg/VarStore.fdf.inc
>> +++ b/OvmfPkg/VarStore.fdf.inc
>> @@ -38,19 +38,12 @@
>> # Blockmap[1]: End
>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
>> ## This is the VARIABLE_STORE_HEADER
>> -!if $(SECURE_BOOT_ENABLE) == TRUE
>> + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
>> # Signature: gEfiAuthenticatedVariableGuid =
>> # { 0xaaf32c78, 0x947b, 0x439a,
>> # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
>> 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
>> 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
>> -!else
>> - # Signature: gEfiVariableGuid =
>> - # { 0xddcf3616, 0x3275, 0x4164,
>> - # { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
>> - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
>> - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
>> -!endif
>> # Size: 0xe000
>> (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
>> # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xdfb8
>> # This can speed up the Variable Dispatch a bit.
>>
>
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
