From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.3938.1635919639246888108 for ; Tue, 02 Nov 2021 23:07:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EM8UVVMv; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1635919638; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GOwJVVULJmyFMKD/9KnRENzIvB8i28eCkmzikCrQjAg=; b=EM8UVVMv9CSLK3syd4572h42vOqKmtT+j/375RpPRM3h/wm0Y+P6Y1qg1YnN4qx+UsCJnV nMkzvsxxEoaqZ7Ost19/jVC2FgN41q/n6NSqTfHosjdHtaqCMBe3/U8bS9N+MDQnScTGcn 11YriiGnZLqhPjtCTz3RiS1dac6oHnw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-510-zOwmSoQKODCJxGwEyzHXYQ-1; Wed, 03 Nov 2021 02:07:15 -0400 X-MC-Unique: zOwmSoQKODCJxGwEyzHXYQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BEDC910A8E0C; Wed, 3 Nov 2021 06:07:13 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.194.99]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2D9FE101E813; Wed, 3 Nov 2021 06:07:13 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 49B721800924; Wed, 3 Nov 2021 07:07:11 +0100 (CET) Date: Wed, 3 Nov 2021 07:07:11 +0100 From: "Gerd Hoffmann" To: Tom Lendacky Cc: Dov Murik , James Bottomley , devel@edk2.groups.io, Brijesh Singh , Ard Biesheuvel , Jordan Justen , Erdem Aktas , Jiewen Yao , Min Xu Subject: Re: [PATCH 1/2] OvmfPkg/OvmfPkgX64: Add SEV launch secret and hashes table areas to MEMFD Message-ID: <20211103060711.uaalevtxebwfnvgg@sirius.home.kraxel.org> References: <20211102073422.340858-1-dovmurik@linux.ibm.com> <20211102073422.340858-2-dovmurik@linux.ibm.com> <20211102100347.ulf4mt4fwjrsbaud@sirius.home.kraxel.org> <07819666-8465-6e46-7e07-a99b1b793073@linux.ibm.com> <20211102132954.5q2dxrbrz77fcdao@sirius.home.kraxel.org> <5f3cbabe-9a50-662a-16d9-09a1d04a3542@amd.com> MIME-Version: 1.0 In-Reply-To: <5f3cbabe-9a50-662a-16d9-09a1d04a3542@amd.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, > > > Does SEV need and/or use SMM mode? Looking through AmdSevX64.dsc > > > doesn't give a clear answer, on one hand there is a > > > LibraryClasses.common.SMM_CORE section, but on the other hand it uses > > > the non-SMM variable driver stack. > > > > I think SEV doesn't work with SMM. James - can you please give a more > > definitive answer here? > > SEV works with SMM, but SEV-ES (and likely SEV-SNP) doesn't work with SMM > because of the fact that the hypervisor wants to change the guest register > state to enter SMM, which isn't allowed and results in a VMRUN failure. Ok. So the same reason why TDX doesn't support SMM either. > It might be possible to get SMM to work by having separate VMSAs for the SMM > state, but it is not anything that really has been investigated too deeply. Should we just drop the SMM leftovers in AmdSevX64.{dsc,fdf} then? take care, Gerd