On 02/05/16 21:41, Laszlo Ersek wrote: > Before the merger of the authenticated and non-authenticated variable > drivers (commit fa0737a839d0), we had to match the varstore header GUID in > "OvmfPkg/VarStore.fdf.inc" to SECURE_BOOT_ENABLE, because the opposite > GUID would cause either driver to fail an assertion. The header structures > for individual variables residing in the varstore were different > (VARIABLE_HEADER vs. AUTHENTICATED_VARIABLE_HEADER), and each driver could > only handle its own, so this GUID enforcement was necessary. > > Since the unification of the variable driver however, it treats (a) > variable store format, and (b) AuthVariableLib instance as independent > characteristics; it can always manipulate variable stores with both header > types. All variations boot now; the difference is whether authenticated > variables, and special variables computed from them (like SecureBoot) are > supported at runtime: > > variable store non-auth auth and SB > header GUID AuthVariableLib variables variables > -- --------------------- ------------------- -> --------- ----------- > 1 Variable SecurityPkg/... supported unsupported > 2 Variable AuthVariableLibNull supported unsupported > 3 AuthenticatedVariable SecurityPkg/... supported supported > 4 AuthenticatedVariable AuthVariableLibNull supported unsupported > > At the moment, SECURE_BOOT_ENABLE selects between cases #2 (FALSE) and #3 > (TRUE). That is, it controls both the varstore header GUID in > "OvmfPkg/VarStore.fdf.inc", and the AuthVariableLib resolution in the DSC > files. > > Exploiting the unified driver's flexibility, we can simplify > "OvmfPkg/VarStore.fdf.inc" by picking the AuthenticatedVariable GUID as a > constant, and letting SECURE_BOOT_ENABLE control only the AuthVariableLib > resolution. This amounts to SECURE_BOOT_ENABLE choosing between cases #3 > (TRUE) and #4 (FALSE), with identical results as before. > > Cc: Jordan Justen <[email protected]> > Cc: Star Zeng <[email protected]> > Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/7319/focus=7344 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek <[email protected]> > --- > OvmfPkg/VarStore.fdf.inc | 9 +-------- > 1 file changed, 1 insertion(+), 8 deletions(-) > > diff --git a/OvmfPkg/VarStore.fdf.inc b/OvmfPkg/VarStore.fdf.inc > index 8f91e39..ce901c0 100644 > --- a/OvmfPkg/VarStore.fdf.inc > +++ b/OvmfPkg/VarStore.fdf.inc > @@ -38,19 +38,12 @@ > # Blockmap[1]: End > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > ## This is the VARIABLE_STORE_HEADER > -!if $(SECURE_BOOT_ENABLE) == TRUE > + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well. > # Signature: gEfiAuthenticatedVariableGuid = > # { 0xaaf32c78, 0x947b, 0x439a, > # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} > 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > -!else > - # Signature: gEfiVariableGuid = > - # { 0xddcf3616, 0x3275, 0x4164, > - # { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }} > - 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, > - 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, > -!endif > # Size: 0xe000 > (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - > # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xdfb8 > # This can speed up the Variable Dispatch a bit. >
Commit d92eaabefbe0667bdd15c28c8e1fcd92a12fa97c. Thanks! Laszlo _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
