[edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib
Laszlo Ersek
lersek at redhat.com
Thu Oct 5 12:57:36 UTC 2023
On 10/5/23 12:23, Gerd Hoffmann wrote:
> Hi,
>
>>>> An Arm compatible PEIM instance of QemuFwCfgLib will need to be created.
>>>> I'm happy to look into it, but I don't want to hang up this patch series on
>>>> that addition. Instead, I'll set the protection policy for ArmVirtPkg to
>>>> the equivalent of the new GrubCompat profile in this series.
>>>
>>> Can you base the default policy (i.e., the one that takes effect in the
>>> absence of fw_cfg) on a PCD?
>>
>> That would be nice indeed.
>
> While being at it: Does it make sense to have *two* defaults, one for
> secureboot=on (strict) and one for secureboot=off (compat) ?
I'm not sure, for now we can't enforce truly secure secure boot anyway.
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109354): https://edk2.groups.io/g/devel/message/109354
Mute This Topic: https://groups.io/mt/101469960/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3943202/1813853/130120423/xyzzy [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list