I vote the latter. - Bret Sent: Monday, April 26, 2021 2:29 PM To: Sami Mujawar<mailto:Sami.Mujawar@...>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Samer

Hi Sami, I've been looking through the design document again, and was wondering if the work I previously did will just slot in? Were you thinking the "RngLib|RNDR" would go into ArmPkg (since it's

I agree with Laszlo on this. Duplicating functionality violates DRY and also could introduce major inconsistencies between how the tool functions and how the firmware does the same. The only way

Thanks. Yes, I'll work on implementing the RngLib|RNDR part. I'll be using Qemu's sbsa-ref platform for testing. I'll also look into using the FVP_Base_AEMv8A-AEMv8A too. -- Rebecca Cran

Hi Min Xu, Yeah, the standalone tool is good and can bring the benefits you mentioned, but I'm still not clear on the standalone tool. Could you give us more information about the standalone tool? Do

Yes, a standalone tool I mean is the one that directly add/modify default secure boot keys in the pre-build Var Store FV. I also want to hear other people's opinions on this RFC. Yes, VarEnroll.py is

In discussions where I've been present over the last several years, such a tool has been brought up several times. I always resist the idea. Here's why: - Such a host-side program needs to duplicate

Thanks! Laszlo

Hi Laszlo, Based on the responses from Andrei and Bret (thanks!), MD5 should stay as a supported option in IScsiDxe. I do understand that having a table with hash algorithms in IscsiDxe is a

Hello Liming, Just a friendly reminder in case you miss this email. It seems to me that if we do not create the interface to disable HII hotkey, we still need some improvement to HII in order to

Agree that it is a good idea to provide a mechanism to enroll the Secure boot keys. But why not add a standalone tool in BaseTools? For example a Python scripts to enroll the Secure Boot keys. I

Hi Rebecca, I have been working on the following modules (See slide 11 in “EDKII - Proposed update to RNG

Hi Sami, I was wondering if you're still collecting feedback on the design, or if you have a plan and schedule for the implementation? -- Rebecca Cran

Hi Laszlo, Thanks a lot for your review. I will wait some time for more comments and I will send an updated design. thanks, greg pt., 16 kwi 2021 o 14:16 Laszlo Ersek <lersek@...>

Adding SecurityPkg and Arm maintainers

You could perhaps introduce DSC and FDF snippets (include files) too, under SecurityPkg, so that any platform utilizing this feature do so through identical macro names. Thanks Laszlo

- A new platform DXE driver (which need not even stay resident), for locating some FFS files and their sections, and for copying their contents into PKDefault and friends, seems like a good / useful

Hello, I would like to ask you to review the proposal for new application for enrolling Secure Boot keys. The application uses content of PKDefault, KEKDefault, dbDefault, dbtDefault and dbxDefault

Hi Liming, Thanks for your comments. I got a chance to talk to option card vendor and they share two cases that HII driver is not able to support hotkey. 1) Driver cannot support hotkey to load

Agreed. The feedback I got from the MS team that owns iSCSI is: “MSFT iSCSI initiator only supports CHAP MD5” - Bret Sent: Tuesday, April 13, 2021 2:21 PM To: Samer