TianoCore Community Design Meeting Minutes - Jul 12

Ni, Ray

[resend from mail client to make sure format is expected.]

1. OOB verification: a common solution providing chain of trust
Presenter: Jian Wang
Slides: https://edk2.groups.io/g/devel/files/Designs/2019/0712/OBB%20Verification%20Feature.pdf

* key advantage:
- verify whole FV in every boot path: s3, recovery, capsule
- avoid TOC/TOU
- report verification result through status code
- deadloop upon verification failure/error
* requirement: hw-based root of trust
* boot flow: refer to "Boot Flow (Boot Guard Version)" in slides.
- Comments: FvInfo[1] -> FvInfo[], for more readable code.
- Comments: Hash[64] -> Hash[], for support of future bigger hash size though unseen today.
* Example:
- Comments: What if platform code that reports FV directly is not removed completely? Is it a potential security hole?
Considering nested FV, *_REPORT_PEI_FV doesn't mean to report PEI FV.
Conclusion: comments to explain how the FV_INFO_PPI/FV_INFO_HOB are consumed.
- Comments: Support verification in smaller granularity other than FV.
Verification including FV header is necessary to avoid potential bugs.

2. Enhance CPU Feature Initialization to Handle Disabled Core#0
Presenter: Ray Ni
Slides: https://edk2.groups.io/g/devel/files/Designs/2019/0712/Enhance%20CPU%20Feature%20Initialization%20to%20Handle%20Disabled%20Core.pdf

* How CPU Features are initialized: refer to "How CPU Features are Initialized" in slides.
GetConfigData() is split from Support() because Support() is called by each CPU while GetConfigData() needs to allocate memory which cannot be called in AP.

* Problem: Core#0/Thread#0 is disabled resulting some features (e.g.: C1E) are not initialized.
* Proposal #1: Interpret Location as Logical
No-go: Some features rely on physical locations.
* Proposal #2: Add FirstX in CpuInfo. 6 bits each indicates whether the CPU is the first one in its parent scope.
e.g.: FirstX.Core = 1 for each CPU inside first Core inside each Module.
- Comments: Need to see whether a better name other than FirstX can be used.
Will discuss in email.