From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web11.7941.1635853589008409507 for ; Tue, 02 Nov 2021 04:46:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QxgpbEUk; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1A2BN1a3006944; Tue, 2 Nov 2021 11:46:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=NSQIqr1uv7Vg30qhCyLQ0Lw25BVi1kvb0gGwPrQr10Y=; b=QxgpbEUkEzPwBtOJAw1ZtTH1Z5+IlpM0JLPf4kkDiO2tNoTpUiLMHxIOnFikcb1L4UVC f+YGqCFtELxaKAtHIFo0tS8kEtA/c0K2kQMt3G7R00fM/BIrxxs6QZjHgt97bcF5LOtk CDeXMY6Sz2nBRdZeVk88VEExVRsmir62RssqE3nYMQckz69/wKAOqzyJ4855+9lP2OUR AVj1ShbsQcqqY6gBYx+kERHF551o5oknJbQ1DT/IVWHL4IEvzBDCDdr+xukMMJtketY7 xqBJFqwvbPmMtFvjScE7CT211D4VcxJM1FQzvI3jwAXrhEY9kluYp9d/IOW4slBBv7xR cw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3c34dbree3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 11:46:25 +0000 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1A2BhaL1010216; Tue, 2 Nov 2021 11:46:25 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 3c34dbredr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 11:46:25 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1A2BgsvT004977; Tue, 2 Nov 2021 11:46:24 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma02dal.us.ibm.com with ESMTP id 3c22trxp6s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 11:46:24 +0000 Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1A2BkNZY16122328 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Nov 2021 11:46:23 GMT Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F0B79124058; Tue, 2 Nov 2021 11:46:22 +0000 (GMT) Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F2638124064; Tue, 2 Nov 2021 11:46:20 +0000 (GMT) Received: from [9.65.202.213] (unknown [9.65.202.213]) by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 2 Nov 2021 11:46:20 +0000 (GMT) Message-ID: <07819666-8465-6e46-7e07-a99b1b793073@linux.ibm.com> Date: Tue, 2 Nov 2021 13:46:19 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Subject: Re: [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD To: Gerd Hoffmann Cc: devel@edk2.groups.io, Brijesh Singh , Ard Biesheuvel , Jordan Justen , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Tom Lendacky , Dov Murik References: <20211102073422.340858-1-dovmurik@linux.ibm.com> <20211102073422.340858-2-dovmurik@linux.ibm.com> <20211102100347.ulf4mt4fwjrsbaud@sirius.home.kraxel.org> From: "Dov Murik" In-Reply-To: <20211102100347.ulf4mt4fwjrsbaud@sirius.home.kraxel.org> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: qseBR2KmngSCnoAoMhyr7Cu-7l_M4yRZ X-Proofpoint-ORIG-GUID: vY0mO6_7kId4AzU53sYbGwxVZ2cQEQt1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-02_06,2021-11-02_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 bulkscore=0 clxscore=1015 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 priorityscore=1501 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111020068 Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi Gerd, (I assume your comments are for patch 2/2) On 02/11/2021 12:03, Gerd Hoffmann wrote: > On Tue, Nov 02, 2021 at 07:34:21AM +0000, Dov Murik wrote: >> The SEV launch secret area and the QEMU hashes table area were specified >> in the OvmfPkg/AmdSev/AmdSevX64 MEMFD but not in OvmfPkg/OvmfPkgX64. >> >> Add them in OvmfPkgX64.fdf. >> >> After this change the two MEMFD descriptions are identical: >> >> $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/OvmfPkgX64.fdf | sha1sum >> 6ff89173952413fbdb7ffbbf42f8bc389c928500 - >> $ sed -n -e '/FD.MEMFD/,/FV.SECFV/p' OvmfPkg/AmdSev/AmdSevX64.fdf | sha1sum >> 6ff89173952413fbdb7ffbbf42f8bc389c928500 - > > I'm wondering whenever you actually tried to boot a sev guest > in microvm? > No I haven't tried. Do you want Microvm to be able to boot SEV guests, or do you intentionally want to keep functionality out so it stays small? > I suspect it'll need more changes to actually work. > I saw MicrovmX64.fdf already has some SEV-related entries (like PcdOvmfSecGhcbBackupBase), so I just added these so that its MEMFD will be identical to AmdSevX64 and OvmfPkgX64. -Dov