On Fri, 15 Mar 2019 at 13:47, Thomas Abraham <thomas.abra...@arm.com> wrote: > > On Fri, Mar 15, 2019 at 6:12 PM Ard Biesheuvel > <ard.biesheu...@linaro.org> wrote: > > > > On Fri, 15 Mar 2019 at 13:30, Thomas Abraham <thomas.abra...@arm.com> wrote: > > > > > > On Fri, Mar 15, 2019 at 5:51 PM Ard Biesheuvel > > > <ard.biesheu...@linaro.org> wrote: > > > > > > > > On Tue, 12 Mar 2019 at 17:06, Jagadeesh Ujja <jagadeesh.u...@arm.com> > > > > wrote: > > > > > > > > > > This implements support for UEFI secure boot on SGI platforms using > > > > > the standalone MM framework. This moves all of the software handling > > > > > of the UEFI authenticated variable store into the standalone MM > > > > > context residing in a secure partition. > > > > > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > Signed-off-by: Jagadeesh Ujja <jagadeesh.u...@arm.com> > > > > > --- > > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 34 > > > > > +++++++++++++++++++- > > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++ > > > > > Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 ++++++++++- > > > > > Platform/ARM/SgiPkg/SgiPlatform.fdf | 7 +++- > > > > > 4 files changed, 61 insertions(+), 3 deletions(-) > > > > > > > > > > diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > index 49fc919..b6aa90b 100644 > > > > > --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > > > > @@ -26,6 +26,7 @@ > > > > > SKUID_IDENTIFIER = DEFAULT > > > > > FLASH_DEFINITION = > > > > > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf > > > > > DEFINE DEBUG_MESSAGE = TRUE > > > > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > > > > > > > > > > > > Maybe I wasn't clear before, but I don't see the point of building the > > > > MM component without secure boot enabled. So can we drop this from > > > > this side? > > > > > > Hi Ard, > > > > > > On the SGI platforms, the MM component is used for platform RAS error > > > handling as well and secure boot is not mandatory in such a build. So > > > the build of MM component is being kept independent of secure boot. > > > > > > > Hi Thomas, > > > > When building the MM side of the platform without secure boot, the > > only MM modules that are included are > > > > > > > INF StandaloneMmPkg/Core/StandaloneMmCore.inf > > > > > INF > > > > > StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf > > > > neither of which implement RAS handling. So are you saying this is > > functionality that runs in MM context, but it has not been upstreamed > > yet? > > Hi Ard, > > Yes, this functionality is yet to be upstreamed and there is work > happening in that direction. So the MM build is being kept independent > of secure boot feature. >
OK, fair enough. I will look in more detail once the NorFlashDxe changes are reviewed and merged. _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
