From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.9881.1617977517206860720 for ; Fri, 09 Apr 2021 07:11:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=LWJ1S5C3; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617977516; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3rnO219pD2IdYDW+B0XJirvIBLpkrauXmKkH6tFuj5k=; b=LWJ1S5C3ysnHQQo9J9GAhUixPLmrxMtj7MVxhpSizJRiMhXBegx0WFsUSKa9F80BDnrRPO 2oJMj6ofMAAlu4uxAWr/xEaNQe2IgzCipMZs8LiBe5i9N9paCpaU2+Je8LEFpLexUmwiSR eL8/qlBblqVW0zuxGrrrybhaVxsn//w= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-196-dAtlbaJxPlW3bvToNadqzA-1; Fri, 09 Apr 2021 10:11:50 -0400 X-MC-Unique: dAtlbaJxPlW3bvToNadqzA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AFD95107ACE4; Fri, 9 Apr 2021 14:11:48 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-137.ams2.redhat.com [10.36.115.137]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3A9FB19C66; Fri, 9 Apr 2021 14:11:42 +0000 (UTC) Subject: separate OVMF binary for TDX? [was: OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest] To: "Yao, Jiewen" , "Xu, Min M" Cc: "devel@edk2.groups.io" , "thomas.lendacky@amd.com" , "jejb@linux.ibm.com" , Brijesh Singh , "Justen, Jordan L" , Ard Biesheuvel , Paolo Bonzini , "Dr. David Alan Gilbert" , Nathaniel McCallum References: <20210324153215.17971-1-brijesh.singh@amd.com> <20210324153215.17971-2-brijesh.singh@amd.com> <719a63e555376ca65a7bbe0c7e23c20b6b631cd3.camel@linux.ibm.com> <9aa00ba0-def0-9a4e-1578-0b55b8047ebd@redhat.com> <2ff2c569-1032-3e5f-132a-159c47c9f067@amd.com> <18180548-016d-4e37-68fd-050dfc3b4e77@redhat.com> From: "Laszlo Ersek" Message-ID: <5183d5fd-9bba-6f0a-52e0-a3e27a6784de@redhat.com> Date: Fri, 9 Apr 2021 16:11:41 +0200 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 04/09/21 15:44, Yao, Jiewen wrote: > Hi Laszlo > Thanks. > > We did provide a separate binary in the beginning - see https://github.com/tianocore/edk2-staging/tree/TDVF, with same goal - easy to maintain and develop. A clean solution, definitely. > > However, we got requirement to deliver one binary solution together with 1) normal OVMF, 2) AMD-SEV, 3) Intel-TDX. > Now, we are struggling to merge them...... > > For DXE, we hope to isolate TDX driver whenever it is possible. > But we only have one reset vector here. Sigh... Can we please pry a little bit at that "one binary" requirement? Ultimately the "guest bundle" is going to be composed by much higher-level code, I expect (such as some userspace code, written in python or similar); selecting a firmware binary in such an environment is surely easier than handling this "polymorphism" in the most restrictive software environment imaginable (reset vector assembly code in the guest)? Thanks Laszlo