From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jordan.l.justen@intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 1CFAE21A18AA9
 for <edk2-devel@lists.01.org>; Mon, 29 May 2017 13:37:16 -0700 (PDT)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 29 May 2017 13:38:14 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.38,415,1491289200"; d="scan'208";a="1175808652"
Received: from hsu1-mobl.gar.corp.intel.com (HELO localhost) ([10.254.187.166])
 by fmsmga002.fm.intel.com with ESMTP; 29 May 2017 13:38:13 -0700
MIME-Version: 1.0
To: Brijesh Singh <brijesh.singh@amd.com>, Laszlo Ersek <lersek@redhat.com>,
 edk2-devel@lists.01.org
Message-ID: <149609029319.5770.13917390389219314003@jljusten-skl>
From: Jordan Justen <jordan.l.justen@intel.com>
In-Reply-To: <6ecd0138-454e-6a6e-d034-beaf63466120@redhat.com>
Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com, Jeff Fan <jeff.fan@intel.com>, 
 Liming Gao <liming.gao@intel.com>, Jiewen Yao <jiewen.yao@intel.com>
References: <1495809845-32472-1-git-send-email-brijesh.singh@amd.com>
 <149583274037.25973.13062338567511386932@jljusten-skl>
 <6ecd0138-454e-6a6e-d034-beaf63466120@redhat.com>
User-Agent: alot/0.5.1
Date: Mon, 29 May 2017 13:38:13 -0700
Subject: Re: [PATCH v6 00/17] x86: Secure Encrypted Virtualization (AMD)
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2017 20:37:16 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On 2017-05-29 04:16:15, Laszlo Ersek wrote:
> (looks like I was the one to comment as second reviewer after all :) )
> =

> On 05/26/17 23:05, Jordan Justen wrote:
> > On 2017-05-26 07:43:48, Brijesh Singh wrote:
> >> Changes since v4:
> >>  - decouple IoMmu protocol implementation from AmdSevDxe into a sepera=
te
> >>    IoMmuDxe driver. And introduce a placeholder protocol to provide the
> >>    dependency support for the dependent modules.
> > =

> > I think you split IoMmuDxe out from AmdSevDxe based on my feedback
> > regarding APRIORI, but I don't think this helped.
> > =

> > Ideally I would like to see one driver named IoMmuDxe that is *not* in
> > APRIORI.
> =

> There are two separate goals here:
> =

> (1) Make sure that any driver that adds MMIO ranges will automatically
> add those ranges with the C bit cleared in the PTEs, without actually
> knowing about SEV.

Ok, this sounds reasonable.

The APRIORI method looks like a hack. Why is this not being handled at
the time the page tables are being built, in DxeIpl? Couldn't we
define a platform Page Tables library to allow a platform to somehow
modify the page tables as they are built? Or, maybe just after? This
would also make sure it happens before DXE runs.

-Jordan