On Sat, Nov 9, 2013 at 5:59 PM, Laszlo Ersek <[email protected]> wrote: > On 11/07/13 19:07, Laszlo Ersek wrote: >> I also wanted to test secure boot (see if the enrolled keys survive a >> cold reboot), but I noticed that this series doesn't disable the "load >> variables from the NvVars file" functionality. >> >> I added the attached patch on top of this series, and this way the >> enrolled keys seem to persist. I could fully secure-boot Fedora 19 on my >> SVM host with it, even after a full VM shutdown. Do you think the patch >> has merit? > > Unfortunately, the patch that I attached earlier was buggy. I hadn't > realized that precisely one of > - QemuFlashFvbServicesRuntimeDxe and > - EmuVariableFvbRuntimeDxe > *will* set PcdFlashNvStorageVariableBase64. The former takes priority if > we have working flash, but even if we don't, the PCD gets set by the > second driver. Consequently, my patch broke NvVars loading even for > hosts that needed it. > > I updated the patch by introducing yet another dynamic PCD (attached). > It's not elegant, just a proof of concept, and it works as expected. (I > tested it in all scenarios I could imagine.)
It seems reasonable to me. If you separate the BDS part out into a second patch, then I think I'll add your two patches to the series. -Jordan ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
