From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web12.14.1635859805207665974 for ; Tue, 02 Nov 2021 06:30:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=TNSUJpYV; spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1635859803; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0zL9btk4W172TilteSl8+9umJloVq87NWsNCiYDWM+w=; b=TNSUJpYV73FqBvCyEWonaJ9PWKjbjnTmCr+5rs4fEj6qz5NdS+XD/8Cgm8bRFq8EOpNBBN 6KXiIEbw57dPxYxrjr8AyGHckAjnqiSQ+VsGKgE2/X/mI3p3GaUp0jpxHuAf+Qm7sW4v9G OBVaoQMMPz1FQNzWUo64KkPMY9oA69A= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-45-8ulrDKaCPemQpCFFqFSAJw-1; Tue, 02 Nov 2021 09:30:02 -0400 X-MC-Unique: 8ulrDKaCPemQpCFFqFSAJw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3187419611C5; Tue, 2 Nov 2021 13:30:00 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.194.99]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BDBA719723; Tue, 2 Nov 2021 13:29:59 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 7AA36180092D; Tue, 2 Nov 2021 14:29:54 +0100 (CET) Date: Tue, 2 Nov 2021 14:29:54 +0100 From: "Gerd Hoffmann" To: Dov Murik Cc: devel@edk2.groups.io, Brijesh Singh , Ard Biesheuvel , Jordan Justen , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Tom Lendacky Subject: Re: [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD Message-ID: <20211102132954.5q2dxrbrz77fcdao@sirius.home.kraxel.org> References: <20211102073422.340858-1-dovmurik@linux.ibm.com> <20211102073422.340858-2-dovmurik@linux.ibm.com> <20211102100347.ulf4mt4fwjrsbaud@sirius.home.kraxel.org> <07819666-8465-6e46-7e07-a99b1b793073@linux.ibm.com> MIME-Version: 1.0 In-Reply-To: <07819666-8465-6e46-7e07-a99b1b793073@linux.ibm.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, > > I'm wondering whenever you actually tried to boot a sev guest > > in microvm? > > No I haven't tried. Do you want Microvm to be able to boot SEV guests, > or do you intentionally want to keep functionality out so it stays small? Need to look at it on a case by case base. It is clearly not a priority, but if it makes sense we can discuss adding it. microvm has no support for SMM mode, and that is unlikely to change, so anything requiring SMM mode is not going to work, thats why I dropped SMM + secure boot + TPM bits for the initial patch series. Having support for tpm makes sense even without secure boot, so we might bring that back, but it'll also require some (small) changes on the host side so qemu allows creating a tpm, generates acpi tables for the tpm etc. Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc doesn't give a clear answer, on one hand there is a LibraryClasses.common.SMM_CORE section, but on the other hand it uses the non-SMM variable driver stack. take care, Gerd