Sathya,
As long as your HII configuration utilities are UEFI conformant PE/COFF images
and the UEFI Boot Services functions LoadImage()/StartImage() are used to load
and start these utilities, you will maximize your platform compatibility. This
allows the platform specific implementation of LoadImage() and StartImage() to
apply platform policy to the UEFI images prior to execution.
Thanks,
Mike
From: Prakash, Sathya [mailto:[email protected]]
Sent: Thursday, March 07, 2013 11:30 AM
To: [email protected]
Subject: [edk2] Loading different HII images from OptionROM
Folks,
I would like to get your expert opinion on whether the below mentioned model is
acceptable in UEFI.
We want to have one thin boot service driver in our OptionROM image (exposed in
PCI enumeration) and the driver will dynamically load one of many HII
configuration utilities based on the controller type. Is this design
acceptable?
I am concerned about the below section in the driver developer's guide
4.2.13 Do not use hidden PCI Option ROM Regions
Some option ROMs may use paging or other techniques to load and execute code
that
was not visible to the system firmware when measuring the visible portion of the
option ROM. This technique is discouraged because it is the PCI bus driver's
responsibility to extract the option ROM contents when a PCI bus enumerates. If
code
were required to access hidden portions of an option ROM, then the PCI bus
driver
would not have the ability to extract the additional PCI Option ROM contents.
This inability means that the UEFI drivers in a PCI Option ROM must be visible
without
accessing a hidden portion of a PCI Option ROM. However, if there is a safe
mechanism
to access the hidden portions of the PCI option ROM after the UEFI drivers have
been
loaded and executed, then the UEFI driver may choose to access those contents.
For
example, non-volatile configuration information, utilities, or diagnostics can
be stored
in the hidden PCI Option ROM regions.
Caution: The hidden option ROM regions are also not measurable via UEFI 2.3 and
beyond
signing and verification interfaces. This makes them, and the system, less
secure.
Thanks
Sathya
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-devel
