That is good start. The SMRAM lock and Flash lock seem good to me. Comment: 1) Do we really need to add "Q35" for the policy? #define VIRT_HSTI_BYTE0_Q35_SMM_SMRAM_LOCK BIT0 #define VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH BIT1
I feel we had better remove it, since SMM_SMRAM_LOCK and SMM_SECURE_VARS_FLASH are common features for almost all X86 platforms. 2) Would you please let me know what "READONLY_CODE_FLASH" really means? #define VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH BIT1 #define VIRT_HSTI_BYTE0_READONLY_CODE_FLASH BIT2 Does READONLY_CODE_FLASH mean NO write to flash even in SMM mode? Or does it just mean NO write in normal operation mode, but still writable in SMM mode? Thank you Yao, Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd > Hoffmann > Sent: Wednesday, April 17, 2024 4:18 PM > To: devel@edk2.groups.io; Ard Biesheuvel <a...@kernel.org>; > jie...@dobby.home.kraxel.org > Cc: Oliver Steffen <ostef...@redhat.com> > Subject: Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver > > On Fri, Mar 22, 2024 at 03:27:31PM +0100, Gerd Hoffmann wrote: > > > > > > Gerd Hoffmann (2): > > OvmfPkg/VirtHstiDxe: add varstore flash check > > OvmfPkg/VirtHstiDxe: add code flash check > > > > Konstantin Kostiuk (2): > > OvmfPkg: Add VirtHstiDxe driver > > OvmfPkg: Add VirtHstiDxe to OVMF firmware build > > Ping. Any comments on this series? > > take care, > Gerd > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117919): https://edk2.groups.io/g/devel/message/117919 Mute This Topic: https://groups.io/mt/105086174/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
