[edk2-devel] [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy
Laszlo Ersek
lersek at redhat.com
Fri Jan 31 17:12:01 UTC 2020
On 01/31/20 18:00, Laszlo Ersek wrote:
> On 01/31/20 17:31, Kinney, Michael D wrote:
>> Laszlo,
>>
>> I think a new BZ is a good idea. I am sure there is more
>> history here and more discussion required on this invalid
>> policy PCD setting case.
>>
>> I would also like to see a DEBUG() message or even better
>> a REPORT_STATUS_CODE() for an invalid policy PCD setting
>> and I would like platform policy to decide if the platform
>> should deadloop or continue with EFI_ACCESS_DENIED. By
>> putting the deadloop in this function, it takes away the
>> option for the platform to make that decision.
>>
>> I also find ASSERT(FALSE) harder to triage. I prefer the
>> debug log to provide some indication of the cause of the
>> assert. Then I can go look up the file/line number for
>> more context.
>
> OK. I'll abandon the patch, and only open a BZ with this information.
> It's best if the SecurityPkg reviewers evaluate it carefully.
Here's the ticket:
https://bugzilla.tianocore.org/show_bug.cgi?id=2497
Thanks,
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#53613): https://edk2.groups.io/g/devel/message/53613
Mute This Topic: https://groups.io/mt/69752218/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list