From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201])
 by mx.groups.io with SMTP id smtpd.web10.9451.1664379224216609740
 for <devel@edk2.groups.io>;
 Wed, 28 Sep 2022 08:33:44 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@google.com header.s=20210112 header.b=GGnaFnGm;
 spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.214.201, mailfrom: 3v2k0ywskbrw5agff28d2r68gg8d6.4ge56n6d65cu.8jgmhk.ag@flex--dionnaglaze.bounces.google.com)
Received: by mail-pl1-f201.google.com with SMTP id h11-20020a170902f54b00b001780f0f7ea7so8413984plf.9
        for <devel@edk2.groups.io>; Wed, 28 Sep 2022 08:33:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=abemjZlN8190O3XMDoPOpCl3SiLlhTA2G6VGCUoskEY=;
        b=GGnaFnGmZFAtJCLkpGBSOFpYbC/ywg792tUZbHMs7Qk5kJVy2/CH99HG4NCXAWZqUo
         3L8mxf2b7oMYtzIV3TeDByrC6U1DksqeOx7dPNAUmYUf0fGM3bZ4seavatUYs9IhzECc
         hMNHe5/Fk1ScCo0LkWNyvHi4vdil1y1jaZkU2+AhKQePhF9ECm//8o58qfOsBz7fHuZm
         66CX+vjeWyeBr92mnNdEPwlDmqQl63AIAznZB7N910hoo8EkiMQxKh19A3KmJfUyGmUF
         /9qzptUBPbVkBMQo+FWvYIV7pZtMkbZqe9nVdxkai/IAKM1NudjAAjyToT5Q1KtldJ8M
         kkcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=abemjZlN8190O3XMDoPOpCl3SiLlhTA2G6VGCUoskEY=;
        b=cuCV63hrnxBUpFGXK0cwt+7dhkXuYK4SMFzieI9v7ccTU7UnXXymywR4Gdh4zjCGql
         3sFTHglEk5uyrH6afwMceRlZiBZNrkcDMlo4AnTsbUbhPV+UYw5JaCgaGuV3zltmSvc4
         VUe8ALODRsdoKklxl6mztcPXJ7af8wYWnuaJLyBtxQqVeOZHuRD9k/noHunUqj7Qx6L9
         GohXBJs3tFl4Cn3Elgv1fm5zfTcKEg16ob6EatFd0iQbJsi1BpXWC8LFovfQYN+ARq08
         PUWOKI6eTbKBx2MLDzuyRgCCSJC18tRyn8li/1RbjAESJuiFHL1SOnZSH0qVYyF+O6Ks
         wdZw==
X-Gm-Message-State: ACrzQf27ZPykuvucYK8voL1cOLB3TR59M7W+pT8ONdlJG2cyKDNwtO4b
	nJxex6sbeRW4bc1Ku5Y+i/VD/tnJqGpoZZcwrQll541HyYatum/VmpBQDecmYzRm3voplea/fqB
	Fg7odA6NSRfDcihbPDbQrKIfDlh88c2KYPpbSaF2sgmSR8u7e0+SDK6qjO93jZ+k7MKhp1Cjd
X-Google-Smtp-Source: AMsMyM5w7IoXdd2fGi0QNd45DIFRHBcHwFGB5Mtlo5ilWtf14zYW2ugNtNEyjcKK9mlVQLWmPruTHPawAyg+XsCCkg==
X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6])
 (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:b8d:b0:543:6731:8b6c with
 SMTP id g13-20020a056a000b8d00b0054367318b6cmr35177258pfj.80.1664379223704;
 Wed, 28 Sep 2022 08:33:43 -0700 (PDT)
Date: Wed, 28 Sep 2022 15:33:20 +0000
In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com>
Mime-Version: 1.0
References: <20220928153323.2583389-1-dionnaglaze@google.com>
X-Mailer: git-send-email 2.37.3.998.g577e59143f-goog
Message-ID: <20220928153323.2583389-4-dionnaglaze@google.com>
Subject: [PATCH v4 3/6] OvmfPkg: set PcdEnableUnacceptedMemory to FALSE
From: "Dionna Glaze" <dionnaglaze@google.com>
To: devel@edk2.groups.io
Cc: Dionna Glaze <dionnaglaze@google.com>, Gerd Hoffmann <kraxel@redhat.com>, 
	James Bottomley <jejb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Ard Biesheuvel <ardb@kernel.org>
Content-Type: text/plain; charset="UTF-8"

The default value of PcdEnableUnacceptedMemory should be FALSE in order
for default safe behavior. If the next started image does not yet
understand UEFI v2.9's new memory type, then it's stuck with most of its
memory inaccessible.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc     | 1 +
 OvmfPkg/Bhyve/BhyveX64.dsc       | 2 ++
 OvmfPkg/CloudHv/CloudHvX64.dsc   | 2 ++
 OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 ++
 OvmfPkg/OvmfPkgIa32X64.dsc       | 2 ++
 OvmfPkg/OvmfPkgX64.dsc           | 2 ++
 OvmfPkg/OvmfXen.dsc              | 2 ++
 7 files changed, 13 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 90e8a213ef..23086748c5 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -526,6 +526,7 @@
 
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
 
 !include OvmfPkg/OvmfTpmPcds.dsc.inc
 
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 475b88b21a..004be8b019 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -559,6 +559,8 @@
   # Set Tdx shared bit mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
 
   # MdeModulePkg resolution sets up the system display resolution
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 10b16104ac..41f43a2631 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -618,6 +618,8 @@
   # Set Tdx shared bit mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index c0c1a15b09..55b6a2a845 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -514,6 +514,8 @@
   # Set Tdx shared bit mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index af566b953f..aebe1c3192 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -655,6 +655,8 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f39d9cd117..6e4418388e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -679,6 +679,8 @@
   # Set Tdx shared bit mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
   # Set SEV-ES defaults
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 58a7c97cdd..0f57e22a2b 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -505,6 +505,8 @@
   # Set Tdx shared bit mask
   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
 
+  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
 
 ################################################################################
-- 
2.37.3.998.g577e59143f-goog