On 19 September 2018 at 02:29, Yao, Jiewen <jiewen....@intel.com> wrote: > Thank you Ard. Good to know. > > Did you also try some security test, such as input a bad image to see if the > code can return failure gracefully? > > Or enable secure boot to see if the image verification process still works > well ? > > One more, did you enable tpm to see if tpm measurement still works well ? > > Also did defer image solution still takes effect with this change? > > Sorry to ask many questions, I want to make sure the current security design > still work with this new capability. >
Hello Jiewen, As far as I can tell, all the security checks are done *before* CoreLoadPeImage() is called, and the code flow has not changed at all before that point. _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
