From: "Laszlo Ersek" <lersek@redhat.com>
To: James Bottomley <jejb@linux.ibm.com>, devel@edk2.groups.io
Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com,
ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com,
david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com,
frankeh@us.ibm.com,
"Dr . David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PATCH v2 1/6] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF
Date: Mon, 23 Nov 2020 19:01:52 +0100 [thread overview]
Message-ID: <608a264b-b284-2512-a786-cab14a6a1237@redhat.com> (raw)
In-Reply-To: <20201120184521.19437-2-jejb@linux.ibm.com>
On 11/20/20 19:45, James Bottomley wrote:
> This commit represents the file copied from OvmfPkgX64 with minor
> changes to change the build name.
>
> This package will form the basis for adding Sev specific features.
> Since everything must go into a single rom file for attestation, the
> separated build of code and variables is eliminated.
>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077
> Signed-off-by: James Bottomley <jejb@linux.ibm.com>
>
> ---
>
> v2: remove secure boot, smm and networking
> ---
> OvmfPkg/AmdSev/AmdSevX64.dsc | 867 +++++++++++++++++++++++++++++++++++
> OvmfPkg/AmdSev/AmdSevX64.fdf | 461 +++++++++++++++++++
> 2 files changed, 1328 insertions(+)
> create mode 100644 OvmfPkg/AmdSev/AmdSevX64.dsc
> create mode 100644 OvmfPkg/AmdSev/AmdSevX64.fdf
>
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> new file mode 100644
> index 000000000000..852be757bfbe
> --- /dev/null
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -0,0 +1,867 @@
[...]
> +[LibraryClasses]
[...]
> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
(1) The following two lib class resolutions are missing here:
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
They were added to the other OVMF DSC files in commit 435a05aff54d
("OvmfPkg: Add VariablePolicy engine to OvmfPkg platform", 2020-11-17).
This dependency didn't exist at the time of your v1 posting (Nov 12th,
in my time zone).
But now the new platform doesn't seem to build without them:
> OvmfPkg/AmdSev/AmdSevX64.dsc(...): error 4000: Instance of library class [VariablePolicyLib] is not found
> in [MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf] [X64]
> consumed by module [MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf]
They are required by
"MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf" too,
not just by "MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf"
(which is correctly removed by this patch).
... actually, for VariableRuntimeDxe:
On 11/20/20 19:45, James Bottomley wrote:
[...]
> +[LibraryClasses.common.DXE_RUNTIME_DRIVER]
[...]
> + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
(2) the following (DXE_RUNTIME_DRIVER-specific) lib class resolution is
missing here:
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
... So I think that, for (1)+(2) together, simply the "OvmfXen.dsc"
hunks from 435a05aff54d should be incorporated into this patch.
[...]
> +[PcdsFixedAtBuild]
> + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
> + gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
> + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> + # match PcdFlashNvStorageVariableSize purely for convenience
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
> +!endif
> +!if $(FD_SIZE_IN_KB) == 4096
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
> + # match PcdFlashNvStorageVariableSize purely for convenience
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000
> +!endif
> + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000
(3) The above two PCD settings are conditional on NETWORK_TLS_ENABLE
being TRUE, so please remove them together with the condition.
Right now, they override the settings in the just preceding blocks
(which depend on FD_SIZE_IN_KB being 1M / 2M / 4M).
[...]
> +[PcdsDynamicDefault]
> + # only set when
> + # ($(SMM_REQUIRE) == FALSE)
(4) please remove the comment (only the comment)
> + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
[...]
> +[Components]
[...]
> + OvmfPkg/VirtioNetDxe/VirtioNet.inf
(5) Please remove this driver from the DSC file too (you correctly
removed it from the FDF file). Right now, the driver is built, just not
included. We shouldn't build it.
The rest looks good to me.
Thanks!
Laszlo
next prev parent reply other threads:[~2020-11-23 18:02 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-20 18:45 [PATCH v2 0/6] SEV Encrypted Boot for Ovmf James Bottomley
2020-11-20 18:45 ` [PATCH v2 1/6] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF James Bottomley
2020-11-23 18:01 ` Laszlo Ersek [this message]
2020-11-23 23:25 ` James Bottomley
2020-11-23 23:43 ` Laszlo Ersek
2020-11-20 18:45 ` [PATCH v2 2/6] OvmfPkg/AmdSev: add Grub Firmware Volume Package James Bottomley
2020-11-23 21:08 ` Laszlo Ersek
2020-11-24 6:38 ` James Bottomley
2020-11-24 8:23 ` Laszlo Ersek
2020-11-24 14:54 ` Laszlo Ersek
2020-11-24 15:58 ` Laszlo Ersek
2020-11-24 16:22 ` [edk2-devel] " James Bottomley
2020-11-24 23:22 ` Laszlo Ersek
2020-11-24 23:42 ` James Bottomley
2020-11-25 1:27 ` James Bottomley
2020-11-25 14:01 ` Laszlo Ersek
2020-11-25 16:02 ` James Bottomley
2020-11-25 17:09 ` James Bottomley
2020-11-25 18:17 ` James Bottomley
2020-11-25 19:20 ` Laszlo Ersek
2020-11-25 20:11 ` James Bottomley
2020-11-25 18:35 ` Laszlo Ersek
2020-11-25 19:08 ` Laszlo Ersek
2020-11-25 19:14 ` Laszlo Ersek
2020-11-20 18:45 ` [PATCH v2 3/6] OvmfPkg: convert ES Reset Block structure to be guided James Bottomley
2020-11-23 22:16 ` Laszlo Ersek
2020-11-24 14:57 ` Lendacky, Thomas
2020-11-24 19:07 ` James Bottomley
2020-11-24 23:19 ` Laszlo Ersek
2020-11-24 19:05 ` James Bottomley
2020-11-24 23:15 ` Laszlo Ersek
2020-11-20 18:45 ` [PATCH v2 4/6] OvmfPkg: create a SEV secret area in the AmdSev memfd James Bottomley
2020-11-23 22:28 ` Laszlo Ersek
2020-11-20 18:45 ` [PATCH v2 5/6] OvmfPkg/AmdSev: assign and protect the Sev Secret area James Bottomley
2020-11-23 22:38 ` Laszlo Ersek
2020-11-20 18:45 ` [PATCH v2 6/6] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table James Bottomley
2020-11-23 22:56 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=608a264b-b284-2512-a786-cab14a6a1237@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox