From: James Bottomley <jejb@linux.ibm.com>
To: Laszlo Ersek <lersek@redhat.com>, devel@edk2.groups.io
Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com,
ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com,
david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com,
frankeh@us.ibm.com,
"Dr . David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [edk2-devel] [PATCH 3/4] OvmfPkg: create a SEV secret area in the AmdSev memfd
Date: Wed, 18 Nov 2020 12:23:34 -0800 [thread overview]
Message-ID: <111856145fea09b5ed88a1dfa7b7d7ff6eece639.camel@linux.ibm.com> (raw)
In-Reply-To: <6db69ccd-340f-2df2-718b-5f7db09da0b8@redhat.com>
On Mon, 2020-11-16 at 23:46 +0100, Laszlo Ersek wrote:
> On 11/12/20 01:13, James Bottomley wrote:
[... I made all the changes above this]
> > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> > b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> > index 980e0138e7..7d3214e55d 100644
> > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> > +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> > @@ -35,6 +35,8 @@ ALIGN 16
> > ; the build time RIP value. The GUID must always be 48 bytes
> > from the
> > ; end of the firmware.
> > ;
> > +; 0xffffffc2 (-0x3e) - Base Location of the SEV Launch Secret
> > +; 0xffffffc6 (-0x3a) - Size of SEV Launch Secret
> > ; 0xffffffca (-0x36) - IP value
> > ; 0xffffffcc (-0x34) - CS segment base [31:16]
> > ; 0xffffffce (-0x32) - Size of the SEV-ES reset block
> > @@ -51,6 +53,8 @@ ALIGN 16
> > TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0
> >
> > sevEsResetBlockStart:
> > + DD SEV_LAUNCH_SECRET_BASE
> > + DD SEV_LAUNCH_SECRET_SIZE
> > DD SEV_ES_AP_RESET_IP
> > DW sevEsResetBlockEnd - sevEsResetBlockStart
> > DB 0xDE, 0x71, 0xF7, 0x00, 0x7E, 0x1A, 0xCB, 0x4F
>
> (5) I'd prefer if we could introduce a new GUID-ed structure for
> these new fields. The logic in QEMU should be extended to start
> scanning at 4GB-48 for GUIDS. If the GUID is not recognized, then
> terminate scanning. Otherwise, act upon the GUID-ed structure found
> there as necessary, and then determine the next GUID *candidate*
> location by subtracting the last recognized GUID-ed structure's
> "size" field.
So for this one, we can do it either way. However, the current design
of the sevEsRestBlock is (according to AMD) to allow the addition of
SEV specific information. Each piece of information is a specific
offset from the GUID and the length of the structure can only grow, so
the ordering is fixed once the info is added and you can tell if the
section contains what you're looking for is present if the length
covers it.
We can certainly move this to a fully GUID based system, which would
allow us to have an unordered list rather than the strict definition
the never decreasing length scheme allows, but if we do that, the
length word above becomes redundant.
I don't have a huge preference for either mechanism ... they seem to
work equally well, but everyone should agree before I replace the
length based scheme.
James
next prev parent reply other threads:[~2020-11-18 20:23 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 0:13 [PATCH 0/4] SEV Encrypted Boot for Ovmf James Bottomley
2020-11-12 0:13 ` [PATCH 1/4] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF James Bottomley
2020-11-16 19:11 ` [edk2-devel] " Laszlo Ersek
2020-11-16 20:00 ` James Bottomley
2020-11-12 0:13 ` [PATCH 2/4] OvmfPkg/AmdSev: add Grub Firmware Volume Package James Bottomley
2020-11-16 20:42 ` [edk2-devel] " Laszlo Ersek
2020-11-17 0:05 ` Laszlo Ersek
2020-11-18 23:00 ` James Bottomley
2020-11-19 7:59 ` Laszlo Ersek
2020-11-12 0:13 ` [PATCH 3/4] OvmfPkg: create a SEV secret area in the AmdSev memfd James Bottomley
2020-11-16 22:46 ` [edk2-devel] " Laszlo Ersek
2020-11-18 20:23 ` James Bottomley [this message]
2020-11-19 7:50 ` Laszlo Ersek
2020-11-19 19:41 ` Brijesh Singh
2020-11-20 6:29 ` jejb
2020-11-20 10:59 ` Laszlo Ersek
2020-11-18 20:39 ` Lendacky, Thomas
2020-11-19 7:51 ` Laszlo Ersek
2020-11-12 0:13 ` [PATCH 4/4] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table James Bottomley
2020-11-17 0:12 ` [edk2-devel] " Laszlo Ersek
2020-11-12 16:21 ` [PATCH 0/4] SEV Encrypted Boot for Ovmf Ashish Kalra
2020-11-12 16:34 ` Dr. David Alan Gilbert
2020-11-12 17:07 ` James Bottomley
2020-11-12 17:22 ` Ashish Kalra
2020-11-12 17:32 ` Brijesh Singh
2020-11-12 19:38 ` Dr. David Alan Gilbert
2020-11-12 21:56 ` Brijesh Singh
2020-11-12 22:50 ` James Bottomley
2020-11-15 14:08 ` Brijesh Singh
2020-11-12 19:44 ` James Bottomley
2020-11-13 2:04 ` [edk2-devel] " James Bottomley
2020-11-13 22:41 ` Laszlo Ersek
2020-11-16 18:50 ` Laszlo Ersek
2020-11-16 18:56 ` Laszlo Ersek
2020-11-16 19:55 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=111856145fea09b5ed88a1dfa7b7d7ff6eece639.camel@linux.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox