From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.86]) by mx.groups.io with SMTP id smtpd.web12.1418.1619637914253318064 for ; Wed, 28 Apr 2021 12:25:14 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=RvXoK9/N; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.86, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U231eoXKcEYavg06sexIjJjVvN7+ymRKP3y0obcQv5EHT1UDanqrNhWX/QnG3Ycdnw0uZoFPuh4Zs28lVLTQhhTB6k0Dp98cPVUjI44B2EPjK8GlCHCKU0dD86omJdKPlSTFsUrx55RUEA4l6mluo8OM9IW1DuntOay18ALugDcQwClPdlP3jLplZGnGQl0dpHJhjW9lKycSlrJkQmuqokkZ7JOltV8tZRbOvYrAx73lueR+uPbijlBsCXUVQs0btUJO3Vksp461KOyfXXFfGkcjJo2MlEVif5X+ZkdfKAwpfI6tz/zlxrcgH9NzeCDY8IW5j/ZDMShX3vow5ZVCYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FnH+9EQkqAi4FZukPBXkVh49IQmhhRY03uoQV5vbPc8=; b=jSuNa5zgz0qBseoUXWw+lizqQT92v1mzutpWOCZ+/wNxq6Cl2K4FxptXIhjUH4yEp+fH9QBEdAI33rUFopvp+Yfz2G75yIrJYB0OStRbGTqaq/Nqlg0vtARVFCZxSKD55mjv032ruwQ2WG9NEp12oltguLdidZU69fP9rqhayJHBjxjtPSCHpgIlqlNLZFUmOd+V4sRupHuNbDw9wVMRrrWe0SbgiXS2vd8w9a57exEjYX8QEHN2QDa9pGovgIir1PGMZz7sPtveAYyVsB3n3pbPP2B9syhxysXV//iCeHRB+cfrP91VDOG6+H600UIMiP5AoYqJRoMmZuM1POIyBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FnH+9EQkqAi4FZukPBXkVh49IQmhhRY03uoQV5vbPc8=; b=RvXoK9/Nu8AwQlsjatMc04TlCTCYcFBwzawAUmiEAppTb+D/EKIcefotpihUyHDHxa+FhB4bpWFVXZWYbVo4l1dJjWOry/FrDryfMLV6j2nS3F6wJWZs6JAv1QDFgx4SJrbP7dyTJpsnUMnkWIVo4o+dHytGjEHzheR7JT41DiE= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Wed, 28 Apr 2021 19:25:11 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Wed, 28 Apr 2021 19:25:11 +0000 Subject: Re: [edk2-devel] [PATCH v2 3/4] OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability To: Laszlo Ersek , devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= , Stefan Berger References: <9624a78abe08398f03b4602cf93f9acaa440be11.1619540470.git.thomas.lendacky@amd.com> <75348819-8642-911b-5559-93508422ea86@redhat.com> From: "Lendacky, Thomas" Message-ID: <565b0ad3-726b-6a6c-9583-5f025cb08e42@amd.com> Date: Wed, 28 Apr 2021 14:25:09 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 In-Reply-To: <75348819-8642-911b-5559-93508422ea86@redhat.com> X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SN6PR01CA0023.prod.exchangelabs.com (2603:10b6:805:b6::36) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN6PR01CA0023.prod.exchangelabs.com (2603:10b6:805:b6::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.28 via Frontend Transport; Wed, 28 Apr 2021 19:25:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c153f0f8-ec58-4804-e24e-08d90a7b5758 X-MS-TrafficTypeDiagnostic: DM5PR12MB1355: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aRumPg2t4nBMl1QLwqsbUPMOs8d7FEiRFxKfo8jkqIwZdEWwek2SJm3S6OThY39jeJCJMxmXtwZOrKU5pqEirlncA5QTNLh30BPfppCRST7hapl9m/zU4EPz+f4ocTDKCkWvULiWl37u+j90my6HGCSiP522wR552XtnDBTqHFeSZtlFoCOsiMzArmfA+5EB28pjtGPBdW13D/mIjgpzjBxnchxZ+IWSNx2Dy2M3HBf2TPS5Sc5TtGlJNlV6rxNaD5Ot6IegA7WZV1a2/U71B77mRZQaIJldl/Fj5UPqvjpDnwQmMSG4jN45mzPQy1P6eClxcYL3U1KxXQojE+xmAJiwFLboOa7niLRh6/K2xe68T2qVoNK7AoFmmICeGbMV6klCe3JJwK/C3HLdFxanR7+OmXcB91PqStRUbDsbXQe10rZe0Y6SS9dEAtfhau+ilEte3aMGQerCykN3IZ9SJBlh5HLwikj9dsLQWqaCUjKNnFHQ2eNrkRj28hRt8a/TqHh2/WwX/U5gQSzuxBWxPQlq/HQumyNPwA4qwIBRoeVaqbIWOBLYyKU7dVErOjde0I/hcioW8VuRUni4/4B7vKmRbym/4SjDvyvkzS2jpS7Ejl7ZuwVk4Ej9TJMmfTv8xwQsZtDs0kqNKb/M/gPDSxX3cvmQfvo7y14mlPKRZV4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(376002)(366004)(39860400002)(136003)(346002)(2616005)(38100700002)(26005)(4326008)(5660300002)(8936002)(2906002)(186003)(16526019)(956004)(31686004)(7416002)(6512007)(6486002)(66476007)(86362001)(8676002)(31696002)(54906003)(66556008)(316002)(478600001)(36756003)(6506007)(53546011)(66946007)(83380400001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?FGBJUsU268+Ee0tOtB+66aNka2S+MghQIiTRirAAlC3uTRDwNsZ7LAFAnN1+?= =?us-ascii?Q?R+f2GoXudp8KZtaJqMl0TfH7DROqBKxIgUtnDatzb6/ck6biSZHQ736QOFnA?= =?us-ascii?Q?AbsFVQwoekATojuUr7fNVC/2+2AH5UaXLmRJvjyrOSFP0JkxOvjV4MGFDkJg?= =?us-ascii?Q?v56JWkE435TJzyLidrm49o7iQeXl0icPlzilSsNpZFUcIcfyOX20RXG3p2Sw?= =?us-ascii?Q?I7GO23EF7mMe+4Ubx35+j8DjDO29rWckpUhMUdX7/WhdXXq4eRl6hT2SnW78?= =?us-ascii?Q?ykykGpQn60YEk1uRPnAnu8kMsjVMT15ct9gV+WBrbGbM89b2ftOg9bkn32TK?= =?us-ascii?Q?8tH2ybnWc6MTAQiPwfPuaLYFlay+zOnZ7fPU5II4XxRmeVBoFmgjSHq2umkF?= =?us-ascii?Q?qt7xkhyi+zhsWgTmhFfysinPWLcp8WU7ZKhGPZAmD9swE9F6nLdqVgm7teJ1?= =?us-ascii?Q?ZbykXDPtQUFeONWnQooc828T0jJxX/Ea2KIGD9AVxsSGwkeS082n/nfpQxyu?= =?us-ascii?Q?l8WnTH7g4Uop3OkmHr/sLk+V/2vGcNQJtV/qkFbpoUYOX+nCozao8eK/jX4e?= =?us-ascii?Q?f9HArDgQKMJbhX2ZV8cryzNgDNb6Wy9xB6jeakTcsFHl1lqmMkXppF7P9yND?= =?us-ascii?Q?NCI2Jvwzw2ZbduPp1Ab7NN5YY7UsH/guNE8QRMSQVGrK2iS20FMsrJMj1vPi?= =?us-ascii?Q?WRavEdkCo/KQDAgvBig4KSHcuR0KhIGX4TBlTVN09/pCoU0KhPI2LYmIEOVo?= =?us-ascii?Q?FYcsABDxXBfLqxyVh4TxatPJaOdetuuV8BBh52JKuc2Lt2QiHFx/2UfOkCy9?= =?us-ascii?Q?rxX+pPcQuBq5ah4IOp5ADe6v5n1lLwQ28Suyyera3M4ldm6cRRRv1qc13IK/?= =?us-ascii?Q?HJCv1gn3EoTjPiYXZnvokojstvyShG1Sf9XflQlsvBpmX7ia41GZCQqH7Yrc?= =?us-ascii?Q?ehWMeaMENECMI1RLskBGEDr/aWA3sxRy8/YIPCKZYycBh9TlZLXeSswPHtd5?= =?us-ascii?Q?qtg+Y0WaOTkExavv27n8+oy4+4YAcTzk2w+4fVBjtnmdK6skwKMFsBxvCl7t?= =?us-ascii?Q?JUgJiR5bDb81lO4/WzvZUx7n5F0RNlIf/Y0OV+Ul06bDtfxpb8J9Kyufkpyb?= =?us-ascii?Q?PwaZokm1JlXL/rmsPkPXHw1iN61EX3UU1u707oI3RVe70Rw8J2LzhRfJd35q?= =?us-ascii?Q?ZqfoErBhKzvrbu0fgXBirb8d5nSYjYOTbLhVEIQNCE5EAUDEledy8al4IfZJ?= =?us-ascii?Q?ftODv5SuWYCD7lbfAcFV8Lb9IAbR9up/rgwY/4JgQg9pcRb4ZRBZgO1wCOuq?= =?us-ascii?Q?1Fe58cOWqVrrDxQKIbHDBiwZ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c153f0f8-ec58-4804-e24e-08d90a7b5758 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Apr 2021 19:25:11.3633 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fdTNn2HD+RIT+gDr41E3ZnrHJNkw4y2YWd1PJEmsZkQIGWWwp0S0Vdg4fTUuCE9iKhMNcsHJ5KBJxNRQQaP1fg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1355 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 4/28/21 12:15 PM, Laszlo Ersek wrote: > On 04/28/21 19:12, Laszlo Ersek wrote: >> On 04/27/21 18:21, Lendacky, Thomas wrote: >>> From: Tom Lendacky >>> >>> Define a new PPI GUID that is to be used as a signal of when it is safe >>> to access the TPM MMIO range. This is needed so that, when SEV is activ= e, >>> the MMIO range can be mapped unencrypted before it is accessed. >>> >>> Cc: Laszlo Ersek >>> Cc: Ard Biesheuvel >>> Cc: Jordan Justen >>> Cc: Brijesh Singh >>> Cc: Erdem Aktas >>> Cc: James Bottomley >>> Cc: Jiewen Yao >>> Cc: Min Xu >>> Cc: Marc-Andr?? Lureau >=20 > (1) Marc-Andr=C3=A9's name is garbled here, but I can fix it up. Sorry about that, looks like my email system didn't like the accent symbol. I'll look into that and see if I can't fix it (it could also be my .gitconfig). Thanks, Tom >=20 > Thanks > Laszlo >=20 >>> Cc: Stefan Berger >>> Signed-off-by: Tom Lendacky >>> --- >>> OvmfPkg/OvmfPkg.dec | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec >>> index 9629707020ba..6ae733f6e39f 100644 >>> --- a/OvmfPkg/OvmfPkg.dec >>> +++ b/OvmfPkg/OvmfPkg.dec >>> @@ -128,6 +128,10 @@ [Ppis] >>> # has been discovered and recorded >>> gOvmfTpmDiscoveredPpiGuid =3D {0xb9a61ad0, 0x2802, 0x41f= 3, {0xb5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}} >>> =20 >>> + # This PPI signals that accessing the MMIO range of the TPM is possi= ble in >>> + # the PEI phase, regardless of memory encryption >>> + gOvmfTpmMmioAccessiblePpiGuid =3D {0x35c84ff2, 0x7bfe, 0x453= d, {0x84, 0x5f, 0x68, 0x3a, 0x49, 0x2c, 0xf7, 0xb7}} >>> + >>> [Protocols] >>> gVirtioDeviceProtocolGuid =3D {0xfa920010, 0x6785, 0x494= 1, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}} >>> gXenBusProtocolGuid =3D {0x3d3ca290, 0xb9a5, 0x11e= 3, {0xb7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}} >>> >> >> Reviewed-by: Laszlo Ersek >> >=20