From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.54]) by mx.groups.io with SMTP id smtpd.web12.3529.1667946249924769266 for ; Tue, 08 Nov 2022 14:24:10 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=pztm0kQf; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.54, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jdYepRQZ7X1Xp8kcMAsseWie4kgr987q13UYPMVrpCdgbQUvmWKcR1d5vugCPLZZhuweIL5p7O0go9sLsbRPliIUnLgYdm6ev9Ll/+vxcRJma5tv4xuaQyRDwCN6yUbwLAZqgwVhlrcOeVDuYNIWmgWfU2eTVefdQHeGWVlu7c6uWqTJ3DDDeIkJpQ7cJfzCZC0UVqdo7z61mBwfd2/ZyV4spZTzZrPPSBaZnA3FAcTCzUD9hAiUvPrjaxtxGhPVXbvXHCI09bbyG8Zrrh9hKOB/lS4FSS5kWuJFCmhiO+TD1tAlOPyqOsBZfI4yhA/I5WDS87sg3anXPl7lO9Y4cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FbmFy4CvplzSdr/FVMIKjLEj1Cv/4qqgZKbKC+/04Jc=; b=Dj5tS1hB5vSOlxlVpFyBaGnpEnE1FLAugeplmefafnCPAizXqmEDykOfSdwblyPRPgcziYPpwhWh7tRZ3NqduKtKnGwg9fujsFU5cUPj5CCufqJwmrVOTu81dIjhnSOiE4y6ojSg1NCaYPUhnONGvH+cGNOnVf9URg19rO8AdEpXiy1u3UWIsnPVC94/Yc1vTrs7DMjihbeV7hF1nk6aMvWfvHOVZPJ1R6FhjHfq1IE54XLuKaOdkjsb7X+KdZKGXYeOBooQrsqdHW6sFtE9CLOgI6i089XB/ouyfG+Pxa43PqlnmcS2pAFWOdsdmZngOZQY6hHpmFZ9ZZN9h/e7uQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FbmFy4CvplzSdr/FVMIKjLEj1Cv/4qqgZKbKC+/04Jc=; b=pztm0kQfx3Fvd20ELwUR9mPQTR5a2fbn9bsZVDLswEejtKM8NKYTYcC132Ox6Gd48rqrbo6kb30m8vhdrAjZoeCnMuW5exSPWsl3sBz1YDBbFOsbkG3+zshZNZY4VDz9ppUPrjqnphVt7Cy3+9FjZgonPWcIu7YheIMnmZRpEsE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH8PR12MB7328.namprd12.prod.outlook.com (2603:10b6:510:214::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.26; Tue, 8 Nov 2022 22:24:08 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::4da8:e3eb:20eb:f00]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::4da8:e3eb:20eb:f00%2]) with mapi id 15.20.5791.027; Tue, 8 Nov 2022 22:24:07 +0000 Message-ID: <61517e7f-140d-351a-e7ac-cd1f2451a6ab@amd.com> Date: Tue, 8 Nov 2022 16:24:05 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Subject: Re: [edk2-devel] [PATCH v8 0/7] Add safe unaccepted memory behavior To: "Yao, Jiewen" , "devel@edk2.groups.io" , Dionna Glaze CC: Ard Biescheuvel , "Xu, Min M" , Gerd Hoffmann , James Bottomley , "Aktas, Erdem" , Andrew Fish , "Kinney, Michael D" References: <20221024204114.2772064-1-dionnaglaze@google.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: CH0P220CA0021.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:ef::11) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH8PR12MB7328:EE_ X-MS-Office365-Filtering-Correlation-Id: 12105cb2-8b4a-43d8-8dd7-08dac1d7f3be X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LdU+iuqi9R1iRTae02jbAalIuZscmKsg7N6UPNuS1o1+8qpYpMBcY38p3x9mQjCR0rt4Ao7mx1M/csa7p7HeMUCc02/dVL9R3n8IpBlAZ5kftad/vUeuBgHvrnc1f0QJ/x0KlYU1A68jUC/s17I+7gQFJGzXTLVFWI7Rhr53qsLfXdCQ+642a7z+nz/vVIJLGPuAMhS1Mt86YZltcyzm6Yo0M0OeqZnt5+nUfqONBcOK05qhm8fGa9BspqYuqCTwLQK/9HKCTZg4pUPOAVDxdvFLB/NJH7IF3q21HtbO6bT64SbDyL796vbP9QNDGrjkygd3BKKfb7cLJ/Rr7KwlQc1ziJogKK4h7r7k09kgvWf8mEDk0M1p0v/iwr2u5kX1fa5M4ANqj4KoFXo18hCuaBIxeLBvymFfrhGXMvuUwCGrhWn7wRlUzMy8mhdDXMs/TEhCCqfYKUfqMprKOerD9G0+96RQpOYBxu0fybBV9I/8QrsNJP9Xl5xHewQQxSbN8plTgoEjlAsBxdqsyL8NOfG3pKXc8POH2Go30Pce63X1NXSAQTO2CeiMZs0UBa6zxExfMQ1acYyywlde7UUvOP5/4Q2V3mVa4OXxfw4BswwIVpG60wWd/Yt0vO+3CEy9QpEiawr3UWF+SQpv+pcmdMXkXodB4EwSwpZJgeRE3knEVDIM0x2Ced1aay3gSkx4lel80tJzI7NQ8EgDL1aXcat8jeHsWnh46+YStitiuMMt4lRMKp/W0WKmlaEBGLpo6UZrA1w3FU6ZvfFQxo2sN3bWI/InTgfPAuj62vuW9y3U1dyaExM2JfPf15f2t5ef X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(396003)(376002)(39860400002)(346002)(366004)(136003)(451199015)(6486002)(110136005)(2616005)(5660300002)(83380400001)(54906003)(478600001)(66946007)(53546011)(66556008)(66899015)(966005)(8676002)(7416002)(4326008)(41300700001)(26005)(66476007)(2906002)(8936002)(186003)(6512007)(36756003)(6506007)(316002)(19627235002)(31686004)(86362001)(38100700002)(31696002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?ganPplyzKwC/qVShgcIm3j+wvQ2/e3364SFtuCpE5GwxpIFkjcvzxMbphV7i?= =?us-ascii?Q?Abmo+/7FEZPt9SB1aqoNiVkiu/zs3+CSFjYJ0jvwtav7Tl+BxixFr5vYcEOV?= =?us-ascii?Q?o7htsc0zE/UnMAzYbd3zGlDam5XGFsytWjPlBHye/d+iehjPfxH6bmR5H3FU?= =?us-ascii?Q?Za3kZ277ikgtGk05jeYF3sS5pZlq0+MDUo3cKb5oe/4golq4oFbj68HeaExk?= =?us-ascii?Q?4XEaw6WmzA45PoK1GJ2CZKZt2ihawTQkhI+nLJRXpTLcsox2zMX0RAuvSs+5?= =?us-ascii?Q?2bCG/xXAR97zZuqOSruZGGerLy81OYGr6ekIYWcENir8frWVnNKgvCjMYZ/Z?= =?us-ascii?Q?qgEQ+L9kUXSaxIsSu0h12AYawOQDtYj71P+R+ODU/+ZWRtS0FMP0jKQQfLMS?= =?us-ascii?Q?sti9QT8Hy/1SMSLBaRhgb7KD/YUf9rL5FpKKAq7LsQ+Sw2AqmPwboNvxhVzz?= =?us-ascii?Q?W4BHU70fqq7BLmZUUCC6xin+klfctOc8Un8EWlaFArF84uDFDyjx3L7GtS87?= =?us-ascii?Q?yBqIKtSBYXMOc6ywHu+KhBeSwAKTr/+/lnNaDZs8vN4+K6hsXF6qVLdcGCEL?= =?us-ascii?Q?/HeZSNYssZqbQqsZmSYZ8UNCGvOCecetoBgpy4WKN1XKkeUSMDGm6UYdto/c?= =?us-ascii?Q?RW4WdFCKX6LjJKmaICt34KuXoWNO3+g2aAYmDLZ77paCTJ5M8w+F9ycAoARY?= =?us-ascii?Q?FDdHKJ40TQCjpC6mV9MOTZsvTCoxKx+fU+Vv31vjbcd4G5dvKY7ph9uUi9Bn?= =?us-ascii?Q?OMofeoNaG77gYoEc9BhmI8UOW8jC0mLws6LvD2CpdCGPBA778vPsablwqIjH?= =?us-ascii?Q?4ysVkzycmqIb+eHGtCGAcaJ9znuUZNzMeXmml/N0XjHd4snGe1piAda/pWWt?= =?us-ascii?Q?g4NWCra3NsS1aDBSMky8Cms7lT6O/muGDZGLGFMNlyr/nltOB5tsacxxDyvs?= =?us-ascii?Q?I/290h4ulMt1NTd+gTAyLCtTF9h5FsB+Z4gQ9ECkAjXKla6oDMddWYYvjlbo?= =?us-ascii?Q?YNn37BLoxQ1Ik9TvipbveglHl22cI+bkZOhZCuaAlbxul5a6cpVvC6WvuqNk?= =?us-ascii?Q?Enikdtz0iU4F4xFrk3AfoKAfhZCuEAPfe8KU+c5PBryejf2ui/cbkeCvKCbQ?= =?us-ascii?Q?G4N2IOKdBflAfniPy20soxBuINGn43PLDEcIgkO+Dfwfcaa4qfZtuRp1MEmw?= =?us-ascii?Q?pq5AV1o7ZBszXzlmjF09nYqSYE4FFuzFo5r3v6tZ52cxBO2+ulV9OGhYtxgZ?= =?us-ascii?Q?LVAjPX2JlmWEx4vAquxLSWIbRBUEJ1uuUnUClu2bjfnThiC6GUQKKoQ9yQnw?= =?us-ascii?Q?n7zxiD0XzGW04NppnFdsJaw+GHjic/qpY12bjSrEw0hfgIX7DqI9wupCt/kU?= =?us-ascii?Q?u++U9FH4lrnzVRc2117hl7AnCxaEGkBjTkmwGnrCKP8YSGqVpWYpGtFBMow+?= =?us-ascii?Q?7qlOemjYRMxdABYV3dh3lveK2jhzxysiAbJRBpfjA9GY1MgYT8+nAbzhtGc1?= =?us-ascii?Q?4ulyGiy8Tr0muBC9xSe8nLq1W1YBALsBYkSu7m6qqF+qXMJu8NeVcXNr8//X?= =?us-ascii?Q?1KNkNj2vhhBtpokzzMU46ntooEMaAL6ZdCOypj5B?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 12105cb2-8b4a-43d8-8dd7-08dac1d7f3be X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2022 22:24:07.9077 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KEcj/YCeyQo3DlylpIZOI4z+SCXNKmoStia25UHP7ySbrl0JTs/WDlZ1BlMfc3rwEfklE2TYY8j5RivVmhmA5A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7328 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 11/8/22 10:09, Yao, Jiewen wrote: > Hi Tom/Dionna > I think this patch is addressing https://bugzilla.tianocore.org/show_bug.= cgi?id=3D3987. >=20 > For patch 1~3, I am OK for the API which we already agreed, such as EfiMe= moryAcceptProtocol and EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES. > I have given Acked by: Jiewen Yao >=20 > For patch 4, it changed the behavior to accept all. I don=E2=80=99t belie= ve it should be 4. It should be the latest one. (please correct me if I am = wrong.) >=20 > For patch 5~6, I cannot give R-B for BZ3987_MEMORY_ACCEPTANCE_PROTOCAL pr= oposed here because it does not address my concern. Please refer to the dis= cussion in the Bugzilla. >=20 >=20 > If you want to split the patch series and submit 1~3 as standalone one, t= hat will match SEV to TDX on lazy accept part. I believe we may merge them = after we get R-B from right person. Just FYI, without the last half of this series, I believe that TDX will=20 only be accepting 4GB of memory when using OvmfPkgX64.dsc (see=20 OvmfPkg/Library/PlatformInitLib/IntelTdx.c), while SNP will be accepting=20 all memory. This would seem to present a problem for TDX with=20 OvmfPkgX64.dsc if the OS does not have support for unaccepted memory. Thanks, Tom >=20 > Thank you > Yao, Jiewen >=20 >=20 >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of >> Lendacky, Thomas via groups.io >> Sent: Tuesday, November 8, 2022 10:38 PM >> To: Dionna Glaze ; devel@edk2.groups.io >> Cc: Ard Biescheuvel ; Xu, Min M ; >> Gerd Hoffmann ; James Bottomley >> ; Yao, Jiewen ; Aktas, Erdem >> ; Andrew Fish ; Kinney, >> Michael D >> Subject: Re: [edk2-devel] [PATCH v8 0/7] Add safe unaccepted memory >> behavior >> >> On 10/24/22 15:41, Dionna Glaze wrote: >>> These seven patches build on the lazy-accept patch series >>> >>> "Introduce Lazy-accept for Tdx guest" >> >> Since the above series was accepted into the EDK2 tree, can this series >> also be pulled in so that both TDX and SNP can support unaccepted >> memory >> in the same release? >> >> Thanks, >> Tom >> >>> >>> by adding SEV-SNP support for the MemoryAccept protocol, and >>> importantly making eager memory acceptance the default behavior. >>> >>> We implement a standardized event group from UEFI v2.9, >>> EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES, since it provides >> exactly >>> the right invocation point for eagerly accepting memory if eager >>> acceptance has not been disabled. >>> >>> To make use of this event group, we add a new driver that is meant to >>> carry behavior that is needed for all confidential compute technologies= , >>> not just specific platforms, CocoDxe. In CocoDxe we implement the >>> default safe behavior to accept all unaccepted memory and invalidate >>> the MemoryMap on ExitBootServices. >>> >>> To allow the OS loader to prevent the eager acceptance, we add a new >>> protocol, up for standardization, AcceptAllUnacceptedMemoryProtocol. >>> This protocol has one interface, Disable(). The OS loader can inform th= e >>> UEFI that it supports the unaccepted memory type and accepts the >>> responsibility to accept it. >>> >>> All images that support unaccepted memory must now locate and call >> this >>> new BZ3987_ACCEPT_ALL_UNACCEPTED_MEMORY_PROTOCOL and call >> the Disable >>> function. >>> >>> Changes since v7: >>> - Rebased onto lazy accept v4 patch series, so memory accept protoco= l >>> has the EDKII prefix, and the unaccepted memory type has the BZ393= 7 >>> prefix. >>> - Removed a bad #include to a header removed in v7. >>> - Renamed the protocol to BZ3987_MEMORY_ACCEPTANCE_PROTOCOL >> as per the >>> discussion on the buganizer issue. >>> - Uncrustify formatting >>> >>> Changes since v6: >>> - Added implementation of >> EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES. >>> - Changed callback protocol of v5 to instead use the standardized ev= ent >>> group for before_exit_boot_services. >>> >>> Changes since v5: >>> - Generic callback protocol moved to MdeModulePkg >>> - Removed use of EFI_WARN_STALE_DATA and added comment that the >> callback >>> should only return EFI_SUCCESS or EFI_INVALID_PARAMETER. >>> - Removed errant log statement and fixed formatting. >>> >>> Changes since v4: >>> - Commit message wording >>> - Replaced direct change to DxeMain with a more generic callback >>> protocol. >>> - Implemented the direct change as an instance of the callback proto= col >>> from a new CocoDxe driver. >>> - Replaced "enable" protocol with a "disable" protocol, since the na= me >>> was confusing. The AcceptAllUnacceptedMemory protocol directly >> names >>> the behavior that is disabling. >>> >>> Changes since v3: >>> - "DxeMain accepts all memory" patch split into 3 to make each patch >>> affect only one package at a time. >>> >>> Changes since v2: >>> - Removed the redundant memory accept interface and added the accept >>> behavior to the DXE implementation of >>> MemEncryptSevSnpPreValidateSystemRam. >>> - Fixed missing #include in >=3D4GB patch. >>> >>> Changes since v1: >>> - Added a patch to classify SEV-SNP memory above 4GB unaccepted. >>> - Fixed style problems in EfiMemoryAcceptProtocol implementation. >>> >>> Cc: Ard Biescheuvel >>> Cc: "Min M. Xu" >>> Cc: Gerd Hoffmann >>> Cc: James Bottomley >>> Cc: Tom Lendacky >>> Cc: Jiewen Yao >>> Cc: Erdem Aktas >>> Cc: Andrew Fish >>> Cc: "Michael D. Kinney" >>> >>> Signed-off-by: Dionna Glaze >>> >>> Dionna Glaze (7): >>> OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe >>> MdePkg: Add EFI_EVENT_BEFORE_EXIT_BOOT_SERVICES_GUID >>> MdeModulePkg: Notify BeforeExitBootServices in CoreExitBootServices >>> OvmfPkg: Introduce CocoDxe driver >>> MdePkg: Introduce the MemoryAcceptance protocol >>> OvmfPkg: Implement AcceptAllUnacceptedMemory in CocoDxe >>> OvmfPkg/PlatformPei: SEV-SNP make >=3D4GB unaccepted >>> >>> MdeModulePkg/Core/Dxe/DxeMain.inf |= 1 + >>> MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c |= 6 + >>> MdePkg/Include/Guid/EventGroup.h |= 5 + >>> MdePkg/Include/Protocol/MemoryAcceptance.h |= 40 >> +++++ >>> MdePkg/MdePkg.dec |= 8 +- >>> OvmfPkg/AmdSev/AmdSevX64.dsc |= 1 + >>> OvmfPkg/AmdSev/AmdSevX64.fdf |= 1 + >>> OvmfPkg/AmdSevDxe/AmdSevDxe.c |= 55 ++++++- >>> OvmfPkg/AmdSevDxe/AmdSevDxe.inf |= 3 + >>> OvmfPkg/CocoDxe/CocoDxe.c |= 174 >> ++++++++++++++++++++ >>> OvmfPkg/CocoDxe/CocoDxe.inf |= 46 ++++++ >>> OvmfPkg/IntelTdx/IntelTdxX64.dsc |= 1 + >>> OvmfPkg/IntelTdx/IntelTdxX64.fdf |= 1 + >>> >> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate. >> c | 24 ++- >>> OvmfPkg/OvmfPkgIa32X64.dsc |= 1 + >>> OvmfPkg/OvmfPkgIa32X64.fdf |= 1 + >>> OvmfPkg/OvmfPkgX64.dsc |= 1 + >>> OvmfPkg/OvmfPkgX64.fdf |= 1 + >>> OvmfPkg/PlatformPei/AmdSev.c |= 5 + >>> 19 files changed, 366 insertions(+), 9 deletions(-) >>> create mode 100644 MdePkg/Include/Protocol/MemoryAcceptance.h >>> create mode 100644 OvmfPkg/CocoDxe/CocoDxe.c >>> create mode 100644 OvmfPkg/CocoDxe/CocoDxe.inf >>> >> >> >>=20 >> >=20