From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.11265.1608137632647854078 for ; Wed, 16 Dec 2020 08:53:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=oV1HR5NX; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: jejb@linux.ibm.com) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0BGGWTdw039584; Wed, 16 Dec 2020 11:53:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=7VTKmRcyjs86DOagSM7oW/2PqdfaTaG/JquUIVVU3yg=; b=oV1HR5NXfeueOs+YjUC/lDTUg8MSY/VV8dHnfDaYgdrXscG0RTZ4YMQYRaag2jCm4Xox vTkHjt/r0gd1nqE8+T0Dv9rTWUPfglN2kUScs8uN/Myr5CoSIlkXDdqAKosssgowAJvW Be4lpycq9A7omg4dVtI7+ASj32Yr0ZsRhkf/ERmbySWeM1tr1O91Qt8vWHSHWByElFvF +ZAsJGEcDHdN0fvdkWGCWMWn9dHPffZEUjrxBonOG92HtM+qoefRIdS3DLTUzIXqMWcy LFKGuS/l0amwX2fexeTLD+qRoCorFgzROe5LhUvNbfRmcPvWsHpIs25kuih48IK3FG16 uA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 35fn6ssfcq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Dec 2020 11:53:48 -0500 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0BGGWfEE041093; Wed, 16 Dec 2020 11:53:48 -0500 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 35fn6ssfcd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Dec 2020 11:53:48 -0500 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0BGGquDX011056; Wed, 16 Dec 2020 16:53:47 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02dal.us.ibm.com with ESMTP id 35d5263kcf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Dec 2020 16:53:47 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0BGGri9a24183282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Dec 2020 16:53:44 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F422578060; Wed, 16 Dec 2020 16:53:43 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 785437805E; Wed, 16 Dec 2020 16:53:40 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.80.214.106]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 16 Dec 2020 16:53:40 +0000 (GMT) Message-ID: <65c842c5baf1ee0310ebe7f9cb72f7f47580b726.camel@linux.ibm.com> Subject: Re: [PATCH 2/2] OvmfPkg/AmdSev/SecretDxe: make secret location naming generic From: "James Bottomley" Reply-To: jejb@linux.ibm.com To: Dov Murik Cc: devel@edk2.groups.io, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek , Jordan Justen , Ard Biesheuvel , "Yao, Jiewen" Date: Wed, 16 Dec 2020 08:53:38 -0800 In-Reply-To: <20201216082713.GA181797@amdrome1> References: <20201216014146.2229-1-jejb@linux.ibm.com> <20201216014146.2229-3-jejb@linux.ibm.com> <20201216082713.GA181797@amdrome1> User-Agent: Evolution 3.34.4 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343,18.0.737 definitions=2020-12-16_06:2020-12-15,2020-12-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 priorityscore=1501 impostorscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012160107 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Wed, 2020-12-16 at 03:27 -0500, Dov Murik wrote: > On Tue, Dec 15, 2020 at 05:41:46PM -0800, James Bottomley wrote: > > It is anticipated that this part of the code will work for both > > Intel TDX and AMD SEV, so remove the SEV specific naming and change > > to ConfidentialComputing as a more architecture neutral prefix. > > Apart from the symbol rename, there are no code changes. > > > > Signed-off-by: James Bottomley < > > James.Bottomley@HansenPartnership.com> > > --- > > OvmfPkg/OvmfPkg.dec | 2 +- > > OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 2 +- > > ...SevLaunchSecret.h => ConfidentialComputingSecret.h} | 10 +++++- > > ---- > > OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 6 +++--- > > 4 files changed, 10 insertions(+), 10 deletions(-) > > rename OvmfPkg/Include/Guid/{SevLaunchSecret.h => > > ConfidentialComputingSecret.h} (69%) > > > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > > index 8a294116efaa..50d7b27d941c 100644 > > --- a/OvmfPkg/OvmfPkg.dec > > +++ b/OvmfPkg/OvmfPkg.dec > > @@ -117,7 +117,7 @@ [Guids] > > gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, > > 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}} > > gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, > > 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} > > gGrubFileGuid = {0xb5ae312c, 0xbc8a, > > 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} > > - gSevLaunchSecretGuid = {0xadf956ad, 0xe98c, > > 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > > + gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, > > 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} > > > > [Ppis] > > # PPI whose presence in the PPI database signals that the TPM > > base address > > diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf > > b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf > > index 62ab00a3d382..40bda7ff846c 100644 > > --- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf > > +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf > > @@ -27,7 +27,7 @@ [LibraryClasses] > > UefiDriverEntryPoint > > > > [Guids] > > - gSevLaunchSecretGuid > > + gConfidentialComputingSecretGuid > > > > [FixedPcd] > > gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase > > diff --git a/OvmfPkg/Include/Guid/SevLaunchSecret.h > > b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h > > similarity index 69% > > rename from OvmfPkg/Include/Guid/SevLaunchSecret.h > > rename to OvmfPkg/Include/Guid/ConfidentialComputingSecret.h > > index dfd89646651b..7026fc5b089f 100644 > > --- a/OvmfPkg/Include/Guid/SevLaunchSecret.h > > +++ b/OvmfPkg/Include/Guid/ConfidentialComputingSecret.h > > @@ -6,12 +6,12 @@ > > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > > The comment at the top of this file (not visible in this diff) also > mentions "SEV Launch Secret" which should be renamed to "Confidential > Computing Secret". Yes, I can update that. The other thing I didn't change is the tree location ... it's still OvmfPkg/AmdSev/SecretDxe. That's because I wasn't sure what the TDX implementation would look like. It's possible they might have their own SecretDxe simply using the header for the structure and GUID (which means everything is correct) or whether both SEV and TDX should use the same .c file. I think this raises the broader question of how much collaboration should there be between the two systems. I did a small amount of .dsc file stripping in the previous patch, but it sounds like Intel has done a whole lot more for TDVF ... removing the entire PEI phase was what I heard in the webinar yesterday ... so I think we could get a lot of cross fertilization doing combinations at that level. We might need to think about what features are general to a OVMF supporting a confidential VM, like stripping, and what are technology specific, like the exact mechanism of secret injection. James