* [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB
@ 2023-01-05 7:21 Min Xu
2023-01-05 11:31 ` Gerd Hoffmann
0 siblings, 1 reply; 6+ messages in thread
From: Min Xu @ 2023-01-05 7:21 UTC (permalink / raw)
To: devel
Cc: Min M Xu, Anthony Perard, Ard Biesheuvel, Brijesh Singh,
Erdem Aktas, Gerd Hoffmann, James Bottomley, Jiewen Yao,
Jordan Justen, Julien Grall, Laszlo Ersek, Peter Grehan,
Rebecca Cran, Sebastien Boeuf, Tom Lendacky
From: Min M Xu <min.m.xu@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4236
Similarly to the "cadence" mentioned in commit d272449 ("OvmfPkg:
raise DXEFV size to 11 MB", 2018-05-29), it's been ~1.75 years since
commit 5e75c4d ("OvmfPkg: raise DXEFV size to 12 MB", 2020-03-11),
and we've outgrown DXEFV again (with NOOPT builds). Increase the DXEFV
size of IntelTdxX64 to 13MB now.
Tested on:
- X64, Intel's TDX platform, RHEL-8.6 guest
Test steps:
- Configure 4 vCPUs and 4G memory
- boot and bring up the RHEL 8.6 guest
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien@xen.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index e79ad3e10217..0bb70ee2b7c3 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -62,10 +62,10 @@ FV = SECFV
[FD.MEMFD]
BaseAddress = $(MEMFD_BASE_ADDRESS)
-Size = 0xD00000
+Size = 0xE00000
ErasePolarity = 1
BlockSize = 0x10000
-NumBlocks = 0xD0
+NumBlocks = 0xE0
0x000000|0x006000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
@@ -97,7 +97,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCp
0x010000|0x010000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
-0x100000|0xC00000
+0x100000|0xD00000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
FV = DXEFV
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB 2023-01-05 7:21 [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB Min Xu @ 2023-01-05 11:31 ` Gerd Hoffmann 2023-01-05 16:28 ` Laszlo Ersek 2023-01-06 0:49 ` Min Xu 0 siblings, 2 replies; 6+ messages in thread From: Gerd Hoffmann @ 2023-01-05 11:31 UTC (permalink / raw) To: Min Xu Cc: devel, Anthony Perard, Ard Biesheuvel, Brijesh Singh, Erdem Aktas, James Bottomley, Jiewen Yao, Jordan Justen, Julien Grall, Laszlo Ersek, Peter Grehan, Rebecca Cran, Sebastien Boeuf, Tom Lendacky On Thu, Jan 05, 2023 at 03:21:05PM +0800, Min Xu wrote: > From: Min M Xu <min.m.xu@intel.com> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4236 > > Similarly to the "cadence" mentioned in commit d272449 ("OvmfPkg: > raise DXEFV size to 11 MB", 2018-05-29), it's been ~1.75 years since > commit 5e75c4d ("OvmfPkg: raise DXEFV size to 12 MB", 2020-03-11), > and we've outgrown DXEFV again (with NOOPT builds). Increase the DXEFV > size of IntelTdxX64 to 13MB now. Not sure this makes sense given that you want split DXEFV into two smaller volumes for IntelTdx (patch series sent in december IIRC). Also we maybe should move the MEMFD section to a Include/Fdf snippet to reduce code duplication and make it easier to keep things in sync? take care, Gerd ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB 2023-01-05 11:31 ` Gerd Hoffmann @ 2023-01-05 16:28 ` Laszlo Ersek 2023-01-06 6:40 ` Gerd Hoffmann 2023-01-06 0:49 ` Min Xu 1 sibling, 1 reply; 6+ messages in thread From: Laszlo Ersek @ 2023-01-05 16:28 UTC (permalink / raw) To: Gerd Hoffmann, Min Xu Cc: devel, Anthony Perard, Ard Biesheuvel, Brijesh Singh, Erdem Aktas, James Bottomley, Jiewen Yao, Jordan Justen, Julien Grall, Peter Grehan, Rebecca Cran, Sebastien Boeuf, Tom Lendacky On 1/5/23 12:31, Gerd Hoffmann wrote: > On Thu, Jan 05, 2023 at 03:21:05PM +0800, Min Xu wrote: >> From: Min M Xu <min.m.xu@intel.com> >> >> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4236 >> >> Similarly to the "cadence" mentioned in commit d272449 ("OvmfPkg: >> raise DXEFV size to 11 MB", 2018-05-29), it's been ~1.75 years since >> commit 5e75c4d ("OvmfPkg: raise DXEFV size to 12 MB", 2020-03-11), >> and we've outgrown DXEFV again (with NOOPT builds). Increase the DXEFV >> size of IntelTdxX64 to 13MB now. > > Not sure this makes sense given that you want split DXEFV into two > smaller volumes for IntelTdx (patch series sent in december IIRC). > > Also we maybe should move the MEMFD section to a Include/Fdf snippet > to reduce code duplication and make it easier to keep things in sync? sigh, I followed up on this, but mistakenly, I only sent it to Gerd. Reposting to the list as well: ... the only comment I have here is for this lasst paragraph. The problem with centralized code is the same as the advantage of centralized code. You modify it once and it affects everything. But for example I cannot *test* everything. Code duplication in edk2 has helped in the past with separating responsibilities. One example has been Xen. Originally, in OvmfPkg, Xen support was integrated into a bunch of other modules, and there was no dedicated Xen platform. When Xen got introduced to ArmVirtPkg, it got its own dedicated platform, and it showed us how much easier maintenance would be that way. Xen-based developers and QEMU/KVM-based developers virtually never cross-tested (nobody has the "other" setup, or the time to test it). So Xen-oriented patches in OvmfPkg kept breaking QEMU/KVM functionality, and of course vice versa; whereas in ArmVirtPkg, no such cross-interference was seen. After a while we separated Xen to a new platform under OvmfPkg too (TianoCore#1689, TianoCore#2122), and there was much consequent rejoicing. Jordan slightly disagreed with the split, and I agreed with him from a purity sense, but from a practical maintenance POV, the joint Xen<->QEMU/KVM codebase had been a nightmare. This was one of my main driving principles during the initial discussions about TDX. I think extracting further commonalities between the TDX platform(s) and the traditional platforms works against that. It creates an area where modifications must be tested at the same (for the same patches) by multiple disparate teams. I know I couldn't do that. Cloning BZs and posting ported patches helps. At the same time: if regular maintainers *can* and *are willing* to test such central changes in *all* affected platforms, then yes, centralization is absolutely vital, because then it *saves* work. So I guess it must reflect the community's structure. Laszlo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB 2023-01-05 16:28 ` Laszlo Ersek @ 2023-01-06 6:40 ` Gerd Hoffmann 0 siblings, 0 replies; 6+ messages in thread From: Gerd Hoffmann @ 2023-01-06 6:40 UTC (permalink / raw) To: Laszlo Ersek Cc: Min Xu, devel, Anthony Perard, Ard Biesheuvel, Brijesh Singh, Erdem Aktas, James Bottomley, Jiewen Yao, Jordan Justen, Julien Grall, Peter Grehan, Rebecca Cran, Sebastien Boeuf, Tom Lendacky > > Also we maybe should move the MEMFD section to a Include/Fdf snippet > > to reduce code duplication and make it easier to keep things in sync? > > The problem with centralized code is the same as the advantage of > centralized code. You modify it once and it affects everything. But for > example I cannot *test* everything. Code duplication in edk2 has helped > in the past with separating responsibilities. Sure, we have to check where sharing makes sense and where not on a case-by-case base. Some truely generic bits (like the list of usb drivers, or crypto/network support) might make sense to share across all platforms. Platform-specific bits are a different story. They would probably be restricted to the three kvm variants we have (i.e. OvmfPkgIa32, OvmfPkgIa32X64, OvmfPkgX64). Possibly AmdSev and IntelTdx too (again depending on the kind if change). > This was one of my main driving principles during the initial > discussions about TDX. I think extracting further commonalities between > the TDX platform(s) and the traditional platforms works against that. > It creates an area where modifications must be tested at the same (for the > same patches) by multiple disparate teams. I know I couldn't do that. > Cloning BZs and posting ported patches helps. > > At the same time: if regular maintainers *can* and *are willing* to test > such central changes in *all* affected platforms, then yes, > centralization is absolutely vital, because then it *saves* work. So I > guess it must reflect the community's structure. I think with PlatformInitLib is a nice solution for that. It allows to share code instead of cut+pasting stuff. But the different platforms still have their own setup code. They can use all, some or none of the helper functions from the library and we also don't have a single code path which must detect and handle all possible cases at runtime. take care, Gerd ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB 2023-01-05 11:31 ` Gerd Hoffmann 2023-01-05 16:28 ` Laszlo Ersek @ 2023-01-06 0:49 ` Min Xu 2023-01-06 6:48 ` Gerd Hoffmann 1 sibling, 1 reply; 6+ messages in thread From: Min Xu @ 2023-01-06 0:49 UTC (permalink / raw) To: Gerd Hoffmann Cc: devel@edk2.groups.io, Anthony Perard, Ard Biesheuvel, Brijesh Singh, Aktas, Erdem, James Bottomley, Yao, Jiewen, Justen, Jordan L, Julien Grall, Laszlo Ersek, Peter Grehan, Rebecca Cran, Boeuf, Sebastien, Tom Lendacky On January 5, 2023 7:32 PM, Gerd Hoffmann wrote: > > On Thu, Jan 05, 2023 at 03:21:05PM +0800, Min Xu wrote: > > From: Min M Xu <min.m.xu@intel.com> > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4236 > > > > Similarly to the "cadence" mentioned in commit d272449 ("OvmfPkg: > > raise DXEFV size to 11 MB", 2018-05-29), it's been ~1.75 years since > > commit 5e75c4d ("OvmfPkg: raise DXEFV size to 12 MB", 2020-03-11), and > > we've outgrown DXEFV again (with NOOPT builds). Increase the DXEFV > > size of IntelTdxX64 to 13MB now. > > Not sure this makes sense given that you want split DXEFV into two smaller > volumes for IntelTdx (patch series sent in december IIRC). > Thanks Gerd for the comments. I think raising DXEFV size and split DXEFV into 2 FVs are for different purpose and they're not conflicted. The purpose of raising DXEFV size is to enlarge the FV so that more drivers can be hosted. The purpose of splitting DXEFV are: 1) Reduce the attack surface in CC guest. 2) Improve boot perf in CC guest. I think IntelTdxX64 needs both 2 changes. Thanks Min ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB 2023-01-06 0:49 ` Min Xu @ 2023-01-06 6:48 ` Gerd Hoffmann 0 siblings, 0 replies; 6+ messages in thread From: Gerd Hoffmann @ 2023-01-06 6:48 UTC (permalink / raw) To: Xu, Min M Cc: devel@edk2.groups.io, Anthony Perard, Ard Biesheuvel, Brijesh Singh, Aktas, Erdem, James Bottomley, Yao, Jiewen, Justen, Jordan L, Julien Grall, Laszlo Ersek, Peter Grehan, Rebecca Cran, Boeuf, Sebastien, Tom Lendacky On Fri, Jan 06, 2023 at 12:49:21AM +0000, Xu, Min M wrote: > On January 5, 2023 7:32 PM, Gerd Hoffmann wrote: > > > > On Thu, Jan 05, 2023 at 03:21:05PM +0800, Min Xu wrote: > > > From: Min M Xu <min.m.xu@intel.com> > > > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4236 > > > > > > Similarly to the "cadence" mentioned in commit d272449 ("OvmfPkg: > > > raise DXEFV size to 11 MB", 2018-05-29), it's been ~1.75 years since > > > commit 5e75c4d ("OvmfPkg: raise DXEFV size to 12 MB", 2020-03-11), and > > > we've outgrown DXEFV again (with NOOPT builds). Increase the DXEFV > > > size of IntelTdxX64 to 13MB now. > > > > Not sure this makes sense given that you want split DXEFV into two smaller > > volumes for IntelTdx (patch series sent in december IIRC). > > > Thanks Gerd for the comments. > I think raising DXEFV size and split DXEFV into 2 FVs are for different purpose and they're not conflicted. > > The purpose of raising DXEFV size is to enlarge the FV so that more drivers can be hosted. > > The purpose of splitting DXEFV are: > 1) Reduce the attack surface in CC guest. > 2) Improve boot perf in CC guest. This also makes DXEFV smaller to make room for the new Firmware Volume. So you change DXEFV size twice in a row. I would avoid that and just pick reasonable sizes for both volumes in the split patch series instead. take care, Gerd ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-01-06 6:48 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-01-05 7:21 [PATCH V1 1/1] OvmfPkg/IntelTdxX64: Raise DXEFV size to 13MB Min Xu 2023-01-05 11:31 ` Gerd Hoffmann 2023-01-05 16:28 ` Laszlo Ersek 2023-01-06 6:40 ` Gerd Hoffmann 2023-01-06 0:49 ` Min Xu 2023-01-06 6:48 ` Gerd Hoffmann
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox