From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web09.81199.1629444181542896169 for ; Fri, 20 Aug 2021 00:23:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=byr+Nma3; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1629444180; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=sYY2iOXbtieR9hqjjM/NJ/KK7bimJHmud2sjf1jYoF0=; b=byr+Nma3AJMCKIAwVsOCF09cgw32+Efl7dQ9OIuhwYVGaDCmVMhe3tFNXrPLpbmdPgkR2D h0vduHvFzoLN4yD//wF03MPUuagPpAg+8EjTOQDQGdZ3rtiohnBL9L4v9kY8UKAm3V1rXF 22HRH8KMzavYEcIPDZ/+OpEd3fAVJWU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-86-9qpq9zYFOsW_wUYLe0qAtQ-1; Fri, 20 Aug 2021 03:22:56 -0400 X-MC-Unique: 9qpq9zYFOsW_wUYLe0qAtQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4F594100A624; Fri, 20 Aug 2021 07:22:55 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.216]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E80121A26A; Fri, 20 Aug 2021 07:22:54 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 4209818000A9; Fri, 20 Aug 2021 09:22:53 +0200 (CEST) Date: Fri, 20 Aug 2021 09:22:53 +0200 From: "Gerd Hoffmann" To: devel@edk2.groups.io, min.m.xu@intel.com Cc: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c Message-ID: <20210820072253.plne3mudm3dj6777@sirius.home.kraxel.org> References: <95f116893a4a17c7e0966e240a650f871c9f9392.1628767741.git.min.m.xu@intel.com> <20210819064937.o646vxjebwzgfgoz@sirius.home.kraxel.org> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Aug 19, 2021 at 02:27:16PM +0000, Min Xu wrote: > On August 19, 2021 2:50 PM, Gerd Hoffmann wrote: > > > +/** > > > + In Tdx guest, some information need to be passed from host VMM to > > guest > > > + firmware. For example, the memory resource, etc. These information are > > > + prepared by host VMM and put in HobList which is described in > > TdxMetadata. > > > > What kind of information is passed to the guest here? > Please see https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf > Section 4.2 TD Hand-Off Block (HOB) So basically the physical memory map. qemu has etc/e820 for that. > > qemu has fw_cfg to pass information from the VMM to the guest firmware. > > What are the reasons to not use fw_cfg? > Not all the VMM support fw_cfg. Cloud-Hypervisor is the example. I can't see any support for Cloud-Hypervisor in OVMF. Also FreeBSD's bhyve doesn't support fw_cfg either and has its own ways to detect memory. Cloud-Hypervisor can surely do that too. So, why does this matter? > https://github.com/cloud-hypervisor/cloud-hypervisor > TD Hob list gives Cloud-Hypervisor a chance to pass information to guest firmware. > For example, ACPI can be downloaded from QEMU via fw_cfg to firmware. But > Cloud-Hypervisor cannot pass ACPI via fw_cfg. In this situation, TD Hob can resolve > this problem. Sure, but again, why does this matter? For qemu? I don't like the idea to have TDX take a completely different code paths. That increases the code complexity and makes testing harder for no good reason. take care, Gerd