From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <bounce+27952+116170+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
by spool.mail.gandi.net (Postfix) with ESMTPS id C3E0E7803D8
for <rebecca@openfw.io>; Thu, 29 Feb 2024 14:36:55 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=ovok4f3JFNkJ/Z+1t1a9wFu9430Bk1TdcMlt/GGz0H4=;
c=relaxed/simple; d=groups.io;
h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Message-ID:Date:User-Agent:Subject:To:Cc:References:From:Autocrypt:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
s=20140610; t=1709217414; v=1;
b=Gm8Xuhwzv/NJJSoxZiZCzuWhX6I1hTddv7TPjSqUhC8HBs5IFTMK8q9McgOIEoWNMIEuRHT0
zzBjjj8wWKkW5MDsKvRpwZ1DqYVvYkD/a9NvYqIPFAzun/bKacXEgIIv+o1Tlx38OWnMGq/bYpR
pmU9RCJBdDOppDfrzhUolQls=
X-Received: by 127.0.0.2 with SMTP id Af1OYY7687511x4eOKI0QyEq; Thu, 29 Feb 2024 06:36:54 -0800
X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.75])
by mx.groups.io with SMTP id smtpd.web11.26310.1709217413585423223
for <devel@edk2.groups.io>;
Thu, 29 Feb 2024 06:36:53 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Tns6MLHmDivWMLzV3wXX3U4KtwtUlNB02qNzbBEhMLRS75KC7K1H34jnFAgyyrDytWqsB5KONewXJ8jScBhQS7glnXQE7H1iVuqS/8nLpo2hoHm1DEDEQl3PETsO4M3cE5Euo7sl4jh6VHm6fxuo8dfH5eMXqCC6SzFJwqEbjIq6ACwo3kb+XzPoMjMZeOmr1+pcczfARbin3X+Zoxt/71XBglQ5xH5XwZQ0MWYH0FvPckWWQubbYWVRNVmMHD7OCjDm7k9dHuiE2WTLmBys/8hb/TwXA2P5OLXitfm2TZ3hpqbgmIvvEs5alor98C5tFAc6JAKEWGncwpMDQjaWWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=fxi7YQqSNjlDAc/mHIAqBbM9DTIqubwUQ0RpzkWrMT4=;
b=LaGny7mIeDFWwfFlziN5N4K1oIYMD+PFybI2ScJ7cftPjK9MAQaKAldkR1dNXtCZJwCt2cLpGluuX2iMqed+SOjrswh/WlmXvT7sfwvmRcJt5ADdsTpcncXpKUBujb0qQyXPfwy+Qa+9xRMbhy3AuchJCkW70/KIXOneet4S/XB+SnXnWMSxPuEM+D0G2haFzluZiicjxAmuuARTke0thiMPxLp8nG6d30HUC6VKIE8e+kq+FFBY4B8VDtfaRBYRhBl1M7gwrP7fhxDqtyZrbwbSlwhNCiueT9loAixY7Er/w2q54FdyhsWN4EEq8tCDKonZT/NGZS2kO4v2gwL0hQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
header.d=amd.com; arc=none
X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17)
by DM4PR12MB7767.namprd12.prod.outlook.com (2603:10b6:8:100::16) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.39; Thu, 29 Feb
2024 14:36:50 +0000
X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com
([fe80::4c26:40af:e1fd:849e]) by BL1PR12MB5732.namprd12.prod.outlook.com
([fe80::4c26:40af:e1fd:849e%7]) with mapi id 15.20.7316.039; Thu, 29 Feb 2024
14:36:50 +0000
Message-ID: <68851185-e1ef-4ef9-91e9-b2678d64fa9b@amd.com>
Date: Thu, 29 Feb 2024 08:36:48 -0600
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Aktas, Erdem" <erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
Laszlo Ersek <lersek@redhat.com>, Liming Gao <gaoliming@byosoft.com.cn>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
"Xu, Min M" <min.m.xu@intel.com>, "Liu, Zhiguang" <zhiguang.liu@intel.com>,
"Kumar, Rahul R" <rahul.r.kumar@intel.com>, "Ni, Ray" <ray.ni@intel.com>,
Michael Roth <michael.roth@amd.com>
References: <cover.1708623001.git.thomas.lendacky@amd.com>
<MW4PR11MB5872D32CACF8BA6B0574A60C8C582@MW4PR11MB5872.namprd11.prod.outlook.com>
<30de7630-870b-41d4-9da3-5486c8fc44fe@amd.com>
<MW4PR11MB58729FA7A88818D5D934DE868C5F2@MW4PR11MB5872.namprd11.prod.outlook.com>
From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
Autocrypt: addr=thomas.lendacky@amd.com; keydata=
xsFNBFaNZYkBEADxg5OW/ajpUG7zgnUQPsMqWPjeAxtu4YH3lCUjWWcbUgc2qDGAijsLTFv1
kEbaJdblwYs28z3chM7QkfCGMSM29JWR1fSwPH18WyAA84YtxfPD8bfb1Exwo0CRw1RLRScn
6aJhsZJFLKyVeaPO1eequEsFQurRhLyAfgaH9iazmOVZZmxsGiNRJkQv4YnM2rZYi+4vWnxN
1ebHf4S1puN0xzQsULhG3rUyV2uIsqBFtlxZ8/r9MwOJ2mvyTXHzHdJBViOalZAUo7VFt3Fb
aNkR5OR65eTL0ViQiRgFfPDBgkFCSlaxZvc7qSOcrhol160bK87qn0SbYLfplwiXZY/b/+ez
0zBtIt+uhZJ38HnOLWdda/8kuLX3qhGL5aNz1AeqcE5TW4D8v9ndYeAXFhQI7kbOhr0ruUpA
udREH98EmVJsADuq0RBcIEkojnme4wVDoFt1EG93YOnqMuif76YGEl3iv9tYcESEeLNruDN6
LDbE8blkR3151tdg8IkgREJ+dK+q0p9UsGfdd+H7pni6Jjcxz8mjKCx6wAuzvArA0Ciq+Scg
hfIgoiYQegZjh2vF2lCUzWWatXJoy7IzeAB5LDl/E9vz72cVD8CwQZoEx4PCsHslVpW6A/6U
NRAz6ShU77jkoYoI4hoGC7qZcwy84mmJqRygFnb8dOjHI1KxqQARAQABzSZUb20gTGVuZGFj
a3kgPHRob21hcy5sZW5kYWNreUBhbWQuY29tPsLBmQQTAQoAQwIbIwcLCQgHAwIBBhUIAgkK
CwQWAgMBAh4BAheAAhkBFiEE3Vil58OMFCw3iBv13v+a5E8wTVMFAmWDAegFCRKq1F8ACgkQ
3v+a5E8wTVOG3xAAlLuT7f6oj+Wud8dbYCeZhEX6OLfyXpZgvFoxDu62OLGxwVGX3j5SMk0w
IXiJRjde3pW+Rf1QWi/rbHoaIjbjmSGXvwGw3Gikj/FWb02cqTIOxSdqf7fYJGVzl2dfsAuj
aW1Aqt61VhuKEoHzIj8hAanlwg2PW+MpB2iQ9F8Z6UShjx1PZ1rVsDAZ6JdJiG1G/UBJGHmV
kS1G70ZqrqhA/HZ+nHgDoUXNqtZEBc9cZA9OGNWGuP9ao9b+bkyBqnn5Nj+n4jizT0gNMwVQ
h5ZYwW/T6MjA9cchOEWXxYlcsaBstW7H7RZCjz4vlH4HgGRRIpmgz29Ezg78ffBj2q+eBe01
7AuNwla7igb0mk2GdwbygunAH1lGA6CTPBlvt4JMBrtretK1a4guruUL9EiFV2xt6ls7/YXP
3/LJl9iPk8eP44RlNHudPS9sp7BiqdrzkrG1CCMBE67mf1QWaRFTUDPiIIhrazpmEtEjFLqP
r0P7OC7mH/yWQHvBc1S8n+WoiPjM/HPKRQ4qGX1T2IKW6VJ/f+cccDTzjsrIXTUdW5OSKvCG
6p1EFFxSHqxTuk3CQ8TSzs0ShaSZnqO1LBU7bMMB1blHy9msrzx7QCLTw6zBfP+TpPANmfVJ
mHJcT3FRPk+9MrnvCMYmlJ95/5EIuA1nlqezimrwCdc5Y5qGBbbOwU0EVo1liQEQAL7ybY01
hvEg6pOh2G1Q+/ZWmyii8xhQ0sPjvEXWb5MWvIh7RxD9V5Zv144EtbIABtR0Tws7xDObe7bb
r9nlSxZPur+JDsFmtywgkd778G0nDt3i7szqzcQPOcR03U7XPDTBJXDpNwVV+L8xvx5gsr2I
bhiBQd9iX8kap5k3I6wfBSZm1ZgWGQb2mbiuqODPzfzNdKr/MCtxWEsWOAf/ClFcyr+c/Eh2
+gXgC5Keh2ZIb/xO+1CrTC3Sg9l9Hs5DG3CplCbVKWmaL1y7mdCiSt2b/dXE0K1nJR9ZyRGO
lfwZw1aFPHT+Ay5p6rZGzadvu7ypBoTwp62R1o456js7CyIg81O61ojiDXLUGxZN/BEYNDC9
n9q1PyfMrD42LtvOP6ZRtBeSPEH5G/5pIt4FVit0Y4wTrpG7mjBM06kHd6V+pflB8GRxTq5M
7mzLFjILUl9/BJjzYBzesspbeoT/G7e5JqbiLWXFYOeg6XJ/iOCMLdd9RL46JXYJsBZnjZD8
Rn6KVO7pqs5J9K/nJDVyCdf8JnYD5Rq6OOmgP/zDnbSUSOZWrHQWQ8v3Ef665jpoXNq+Zyob
pfbeihuWfBhprWUk0P/m+cnR2qeE4yXYl4qCcWAkRyGRu2zgIwXAOXCHTqy9TW10LGq1+04+
LmJHwpAABSLtr7Jgh4erWXi9mFoRABEBAAHCwXwEGAEKACYCGwwWIQTdWKXnw4wULDeIG/Xe
/5rkTzBNUwUCZYMCBQUJEqrUfAAKCRDe/5rkTzBNU7pAD/9MUrEGaaiZkyPSs/5Ax6PNmolD
h0+Q8Sl4Hwve42Kjky2GYXTjxW8vP9pxtk+OAN5wrbktZb3HE61TyyniPQ5V37jto8mgdslC
zZsMMm2WIm9hvNEvTk/GW+hEvKmgUS5J6z+R5mXOeP/vX8IJNpiWsc7X1NlJghFq3A6Qas49
CT81ua7/EujW17odx5XPXyTfpPs+/dq/3eR3tJ06DNxnQfh7FdyveWWpxb/S2IhWRTI+eGVD
ah54YVJcD6lUdyYB/D4Byu4HVrDtvVGUS1diRUOtDP2dBJybc7sZWaIXotfkUkZDzIM2m95K
oczeBoBdOQtoHTJsFRqOfC9x4S+zd0hXklViBNQb97ZXoHtOyrGSiUCNXTHmG+4Rs7Oo0Dh1
UUlukWFxh5vFKSjr4uVuYk7mcx80rAheB9sz7zRWyBfTqCinTrgqG6HndNa0oTcqNI9mDjJr
NdQdtvYxECabwtPaShqnRIE7HhQPu8Xr9adirnDw1Wruafmyxnn5W3rhJy06etmP0pzL6frN
y46PmDPicLjX/srgemvLtHoeVRplL9ATAkmQ7yxXc6wBSwf1BYs9gAiwXbU1vMod0AXXRBym
0qhojoaSdRP5XTShfvOYdDozraaKx5Wx8X+oZvvjbbHhHGPL2seq97fp3nZ9h8TIQXRhO+aY
vFkWitqCJg==
In-Reply-To: <MW4PR11MB58729FA7A88818D5D934DE868C5F2@MW4PR11MB5872.namprd11.prod.outlook.com>
X-ClientProxiedBy: SN6PR01CA0033.prod.exchangelabs.com (2603:10b6:805:b6::46)
To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|DM4PR12MB7767:EE_
X-MS-Office365-Filtering-Correlation-Id: f8ca9594-cd0f-418c-a921-08dc3933dd8b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info:
6hBBtTRX3+ReLNNnRUhCgKch24k0mvHR3xfnYO5vBRMn78v3G1uQEH6wNfi5EG9UZXCJyagsml9ZJyE8kGHY8hE38+YV57ZI4Ith3ngylNGsH85yXpwZqhu6ksMlFbesQlXnJcb7m+LE6JnOWm/bKEylbZx4l2psxN40gU7G2OQm2eDgmWjDpu0TmPWyt8D4fQVKOAQum2mdnOoEAYwlmlh5CpSG5GZhp+/DXs0TKbAWxZtGA9j/6Dmxe8OzqAyAAJNpkfNp7i/S/f53r+OZSPWVqoX2RNxW+jVNqAaTjD1+Sx/iGGNZduhJuq2t8+/QjoWBwvm1iST24+lqBcslDWuniAIfhE/zNtG+/8fuQCBO6kD/+BxKFYJZN9hNrHvVXl8yHRj8TFMgjCojfsDHIqPCmUFicVz3glqAKNEFjJYzf9IonBbl2abtO9wMf8lbF4tN7Hld8Y0HBIJwxueZJpyMoSZPI8szMRuFWYC/z5AJdw5seqbQW9Opqhj+orY9PoLBs21jk7V3vE0W8flO+Lj2qbt8fvF0AeO8e4fTW5KsHr+TV7Of+g3MA050vcsQgynGUYKvHGMePFyoBeQO6A==
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
=?utf-8?B?ZXRiV2h1UzFNZllTaG9NbHB0eG5oZ09aa2VFMFVXaXFxZ1RVcTNwRlZCVk9a?=
=?utf-8?B?dzV0bUJ2YktqVEZaOTJ0SG9vTHJmbDNPNzRZamJkU3BHdDMrZEV3VnJrMXpL?=
=?utf-8?B?dVVvcThxWFFBeHY5SDRlRlRBZ1hrMTEwT0xLZHkrWlgzdXRGUFM0c0lUOHlr?=
=?utf-8?B?ZjluY01NWktnVVhQclRDdXA1bEpzMnRkTExodW0xYWpOZWt2YXN3cDFqT3Ux?=
=?utf-8?B?SnEyeUIrMGlmU2JNVDY1U2xqRWFwUDAyTTN2dWY3c1BjbHFSUk9OcnU4TlZu?=
=?utf-8?B?dWpISDFucGthc1hOZDBXd2pyVEJ5MncwcXNIbmh1UlBPMXVkSnBEM1NZeWUr?=
=?utf-8?B?Q3crUGxPb3o1NUlsWUF0dWtsQTBEOWpoVEJjL1E1dGJQSTNITHFmOVdTM3Y3?=
=?utf-8?B?bTJtVDllZFdNNTc0OU1yZVFUVXI1b1RGME1OUlI1Mi9haUFRZklRQmhCcjZD?=
=?utf-8?B?WXdNZ2xiZ0lKekFDSnBXK3ZqVkEvdCt4b1k2eENjNjJmaW1Ma0dlb1A0dDQz?=
=?utf-8?B?ZkdtcXdCZkpyQkQ0di9GU3lIMWZCNXhRQlUxVFpiSWVjOVFhMnJoNmlEM1lv?=
=?utf-8?B?NE1aZFlQbTQycy82N01Sa2VZQ25WUmZFUFVNelpRR25hMS9zdUQxQzVhTEJY?=
=?utf-8?B?aG11cXFESCtycEFFOWhDa3gyRkNqMnB3cDRJRjVKUDBYQ2tpUGovUXpaWksy?=
=?utf-8?B?dDhlSFZwZ041M2RDVnIyd2lBOUJyMm5UbzQzNHo5SElPb2VVZzNsZ2gxVWNr?=
=?utf-8?B?bXlpS0w1YzBoM0tFUnl3VEJ0cGd1a1RCWlJheTI5TDFPOXlhalFuNm52aDRN?=
=?utf-8?B?NkxEWnFLYW1pcU5TaDVDTnAyVUxkcXFXWitQY2szWjQvU1dNOHkrT2dmdzBv?=
=?utf-8?B?bExVOWZxM2Y5QjBBdHJqZzdhZXcwYW9tUy9YSGZveXBQVUNFdlJDZjkxY1d0?=
=?utf-8?B?S1dFQSs4Y2gxSHNVQ3llOVNQUDUvZUoxSmR1RzdkSTNkR0l3a0tqSzBENWJz?=
=?utf-8?B?Z0ozbkY0aHQ5dXptVStLMmFYRGxiekhjMjFXbndnZ2hvTXFEUzZhRmgrQVYy?=
=?utf-8?B?M0FqclNlWGNrT2dzQUYxb3A2bFRDMEE5UkhiUGFLNDRyWmlnZXl5MkVvNEhK?=
=?utf-8?B?TFVjdWVKZHRMQ1g2YXRud0hua2NxYitRRHFIS25DY2VES052ZW80T0Y3NnZR?=
=?utf-8?B?Yzd4VTBUREpqWk9oaUVEZk9oaUlHNW4wMDJzMGdHRHZBbDY3SzVWVHF4SHQ4?=
=?utf-8?B?aENFejVhbC85ais2S2ZrYml1M2dKQ0d3WWorM2N2OTRIZHQ2azEvSDRPNlVH?=
=?utf-8?B?V1NWMUFBUFM0cjhOUS9VMTVOR2JhNm9GODYydnBZS3JENVBhV1ladlBhRm5H?=
=?utf-8?B?b01HbmZJcGFKa1lwNFczMEFuRlJxdU5NdVB2UzdxWDlYRFhwRFFrZ0tNY1V6?=
=?utf-8?B?cHVwOGNhTy9kQ29KYTRYWUc2eEtDOW5YWHVSb2tGVWtwOG91LzRIb0VGa2RV?=
=?utf-8?B?U3d6bXBnOTNNMDAwOWZVMnMrOUtQZTFib3lyY2ViSnQrOXlXUVZaUVNCUDZy?=
=?utf-8?B?eGR1OS8xSUV4cUdtaFo5RDM3enBlVWthZTFOTC9JQ0xkQXIwazdUenhSWGNL?=
=?utf-8?B?djNpdVpTZko5OUc4dVM4VG5PdlRoN2hPYXB6S3ZMZXJxbEVVekh2RHhldEtY?=
=?utf-8?B?OUxOS1ZBeldpT1ROUnRwOFNxNjk0Ym5ONXByTlZoSGZDS2IwYXdtVWpNTVNZ?=
=?utf-8?B?a2o0dk1KU09uUXBxdTNPYlozZkxPOHRpcFpkY2pxeFNpN1VDbjhZWVhnWTVp?=
=?utf-8?B?RTBFZkEwMTZnU1R1SUxvYnQvK3c4ZVI5cHU1amRMSWE3dUFKcUsrdVY3OXBE?=
=?utf-8?B?aTVLb2RZbWRmaUxCZGJSNnZ6Y2pidktzaDMzb2EzVFVpdzdMdUZSRk5yY1Nn?=
=?utf-8?B?ODcyd2w4ZDBlTXJ1MG8rRkJZMzVBekR5N2VUOEZaZkJMeGVlOEVLa3ZYRTdH?=
=?utf-8?B?TnpJMndjRDN1VERYUk9iMThkaEpCZVUvL0JiY1lnUmwwTE1OanlsQlRoazlK?=
=?utf-8?B?OTB2VC9DTnUxeWU5SzJRaEJ5YXA3c2VtSDVjV0FFMmRFZW51aVdsWDhhaXlX?=
=?utf-8?Q?i5LkXfvbCiJqz0Bk/sPVZI9DP?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f8ca9594-cd0f-418c-a921-08dc3933dd8b
X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Feb 2024 14:36:50.4231
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: kOQdDTC8ITQzX6IQbCp1qkQCp8ZrmlAA1EHpOL65QBYgWNCSZLcr1JDjsPW37XCcl0aluBMI/mAxpc41giryKw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7767
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: MWmjXavfZi7OZQYknFILieuyx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
dkim=pass header.d=groups.io header.s=20140610 header.b=Gm8Xuhwz;
arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}");
dmarc=pass (policy=none) header.from=groups.io;
spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io
On 2/29/24 08:06, Yao, Jiewen wrote:
> Below:
>=20
>> -----Original Message-----
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>> Sent: Thursday, February 29, 2024 12:20 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Laszlo Ersek
>> <lersek@redhat.com>; Liming Gao <gaoliming@byosoft.com.cn>; Kinney, Mich=
ael
>> D <michael.d.kinney@intel.com>; Xu, Min M <min.m.xu@intel.com>; Liu,
>> Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.c=
om>;
>> Ni, Ray <ray.ni@intel.com>; Michael Roth <michael.roth@amd.com>
>> Subject: Re: [PATCH v2 00/23] Provide SEV-SNP support for running under =
an
>> SVSM
>>
>> On 2/28/24 00:14, Yao, Jiewen wrote:
>>> Some feedback:
>>>
>>> 1) 0002-MdePkg-GHCB-APIC-ID-retrieval-support-definitions
>>>
>>> MdePkg only contains the definition in the standard.
>>>
>>> Question: Is EFI_APIC_IDS_GUID definition in some AMD/SVSM specificatio=
n?
>>
>> The structure is documented in the GHCB specification, but the GUID is n=
ot.
>>
>> Is the request to move the GUID to someplace other than MdePkg?
>=20
> [Jiewen] Right. If the GUID is NOT in GHCB spec, then it should be in oth=
er place, such as OvmfPkg.
Sounds good. I'll move to the UefiCpuPkg since MpInitLib will be using it.
>=20
>=20
>>
>>>
>>> 2) 0012-UefiCpuPkg-CcSvsmLib-Create-the-CcSvsmLib-library-to-support-an=
-
>> SVSM
>>>
>>> I am not sure the position of SVSM.
>>> If the SVSM interface is AMD specific, the it should be AmdSvsmLib.
>>
>> I believe TDX is also looking at the SVSM for TDX partitioning, but I'm
>> not certain of that.
>>
>>> If the SVSM interface is generic, then we should define everything in a=
generic
>> way.
>>>
>>> It is very confusing to mix a generic CcSvsm lib with AMD specific
>> <Register/Amd/Ghcb.h>.
>>
>> I can certainly change the name to be AMD specific fow now. It can alway=
s
>> be changed to something else later if need be, much like VmgExitLib was
>> changed to CcExitLib.
>=20
> [Jiewen] Yes, Intel is planning for SVSM. But it is NOT ready yet.
> It is hard for me to discuss it now.
>=20
> Maybe, please help me understand:
> Is CcSvsmLib a generic library / common protocol between OVMF and Coconut=
-SVSM? - Option 1
> Or is CcSvsmLib an implementation specific library, and the current API c=
annot be shared with Intel TDX in future? - Option 2
>=20
> I notice that some API is for option 1 - CcSvsmIsSvsmPresent().
> But some API is for option 2 - CcSvsmSnpGetVmpl(), CcSvsmSnpGetCaa(), CcS=
vsmSnpPvalidate(), CcSvsmSnpVmsaRmpAdjust().
>=20
> How do you plan if TDX need to support SVSM later?
> How do you plan if we need to add some generic interaction between OVMF a=
nd coconut-SVSM, such as vTPM?
There are definitely some things that will be common,=20
CcSvsmIsSvsmPresent() and CcSvsmSnpGetCaa(), and some things that will be=
=20
SNP or TDX specific. For example, the concept of turning a page into a=20
VMSA page or how the SVSM will be invoked will be different.
For now, I'll create an AMD specific library and then when TDX is ready to=
=20
support an SVSM we can look to see how or what needs to be changed. It=20
could be that they need to remain separate if there is not enough in common=
.
Thanks,
Tom
>=20
>=20
>=20
>>
>> Thanks,
>> Tom
>>
>>>
>>>
>>> Thank you
>>> Yao, Jiewen
>>>
>>>> -----Original Message-----
>>>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>>> Sent: Friday, February 23, 2024 1:30 AM
>>>> To: devel@edk2.groups.io
>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Aktas, Erdem
>>>> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; Yao,
>> Jiewen
>>>> <jiewen.yao@intel.com>; Laszlo Ersek <lersek@redhat.com>; Liming Gao
>>>> <gaoliming@byosoft.com.cn>; Kinney, Michael D
>> <michael.d.kinney@intel.com>;
>>>> Xu, Min M <min.m.xu@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>=
;
>>>> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>;
>> Michael
>>>> Roth <michael.roth@amd.com>
>>>> Subject: [PATCH v2 00/23] Provide SEV-SNP support for running under an=
SVSM
>>>>
>>>>
>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654
>>>>
>>>> This series adds SEV-SNP support for running OVMF under an Secure VM
>>>> Service Module (SVSM) at a less privileged VM Privilege Level (VMPL).
>>>> By running at a less priviledged VMPL, the SVSM can be used to provide
>>>> services, e.g. a virtual TPM, for the guest OS within the SEV-SNP
>>>> confidential VM (CVM) rather than trust such services from the hypervi=
sor.
>>>>
>>>> Currently, OVMF expects to run at the highest VMPL, VMPL0, and there a=
re
>>>> certain SNP related operations that require that VMPL level. Specifica=
lly,
>>>> the PVALIDATE instruction and the RMPADJUST instruction when setting t=
he
>>>> the VMSA attribute of a page (used when starting APs).
>>>>
>>>> If OVMF is to run at a less privileged VMPL, e.g. VMPL2, then it must
>>>> use an SVSM (which is running at VMPL0) to perform the operations that
>>>> it is no longer able to perform.
>>>>
>>>> When running under an SVSM, OVMF must know the APIC IDs of the vCPUs
>> that
>>>> it will be starting. As a result, the GHCB APIC ID retrieval action mu=
st
>>>> be performed. Since this service can also work with SEV-SNP running at
>>>> VMPL0, the patches to make use of this feature are near the beginning =
of
>>>> the series.
>>>>
>>>> How OVMF interacts with and uses the SVSM is documented in the SVSM
>>>> specification [1] and the GHCB specification [2].
>>>>
>>>> This support creates a new CcSvsmLib library that is used by MpInitLib=
.
>>>> This requires an update to the edk2-platform DSC files to add the new
>>>> library. The edk2-platform change would be needed after patch 12, but
>>>> before patch 15.
>>>>
>>>> This series introduces support to run OVMF under an SVSM. It consists
>>>> of:
>>>> - Retrieving the list of vCPU APIC IDs and starting up all APs wit=
hout
>>>> performing a broadcast SIPI
>>>> - Reorganizing the page state change support to not directly use t=
he
>>>> GHCB buffer since an SVSM will use the calling area buffer, inst=
ead
>>>> - Detecting the presence of an SVSM
>>>> - When not running at VMPL0, invoking the SVSM for page validation=
and
>>>> VMSA page creation/deletion
>>>> - Detecting and allowing OVMF to run in a VMPL other than 0 when a=
n
>>>> SVSM is present
>>>>
>>>> The series is based off of commit:
>>>>
>>>> 2ca8d5597443 ("UefiCpuPkg/PiSmmCpuDxeSmm: Check BspIndex first
>> before
>>>> lock cmpxchg")
>>>>
>>>> [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>>>> docs/specifications/58019.pdf
>>>> [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-
>>>> docs/specifications/56421.pdf
>>>>
>>>> ---
>>>>
>>>> Changes in v2:
>>>> - Move the APIC IDs retrieval support to the beginning of the patch se=
ries
>>>> - Use a GUIDed HOB to hold the APIC ID list instead of a PCD
>>>> - Split up Page State Change reorganization into multiple patches
>>>> - Created CcSvsmLib library instead of extending CcExitLib
>>>> - This will require a corresponding update to edk2-platform DSC =
files
>>>> - Removed Ray Ni's Acked-by since it is not a minor change
>>>> - Variable name changes and other misc changes
>>>>
>>>> Tom Lendacky (23):
>>>> OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust()
>>>> MdePkg: GHCB APIC ID retrieval support definitions
>>>> OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
>>>> UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is =
set
>>>> OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors
>>>> OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State
>>>> Change
>>>> MdePkg: Avoid hardcoded value for number of Page State Change entr=
ies
>>>> OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change suppor=
t
>>>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficienc=
y
>>>> MdePkg/Register/Amd: Define the SVSM related information
>>>> MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
>>>> UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an S=
VSM
>>>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib librar=
y
>>>> Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related service=
s
>>>> UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VM=
SA
>>>> OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate
>>>> pages
>>>> OvmfPkg: Create a calling area used to communicate with the SVSM
>>>> OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
>>>> OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficienc=
y
>>>> OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU cal=
ls
>>>> UefiCpuPkg/MpInitLib: AP creation support under an SVSM
>>>> Ovmfpkg/CcExitLib: Provide SVSM discovery support
>>>> OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not =
at
>>>> VMPL0
>>>>
>>>> MdePkg/MdePkg.dec =
| 5 +-
>>>> OvmfPkg/OvmfPkg.dec =
| 4 +
>>>> UefiCpuPkg/UefiCpuPkg.dec =
| 5 +-
>>>> OvmfPkg/AmdSev/AmdSevX64.dsc =
| 1 +
>>>> OvmfPkg/Bhyve/BhyveX64.dsc =
| 1 +
>>>> OvmfPkg/CloudHv/CloudHvX64.dsc =
| 1 +
>>>> OvmfPkg/IntelTdx/IntelTdxX64.dsc =
| 1 +
>>>> OvmfPkg/Microvm/MicrovmX64.dsc =
| 1 +
>>>> OvmfPkg/OvmfPkgIa32.dsc =
| 1 +
>>>> OvmfPkg/OvmfPkgIa32X64.dsc =
| 3 +-
>>>> OvmfPkg/OvmfPkgX64.dsc =
| 1 +
>>>> OvmfPkg/OvmfXen.dsc =
| 1 +
>>>> UefiCpuPkg/UefiCpuPkg.dsc =
| 4 +-
>>>> UefiPayloadPkg/UefiPayloadPkg.dsc =
| 1 +
>>>> OvmfPkg/AmdSev/AmdSevX64.fdf =
| 9 +-
>>>> OvmfPkg/OvmfPkgX64.fdf =
| 3 +
>>>> MdePkg/Library/BaseLib/BaseLib.inf =
| 2 +
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf =
|
>> 3
>>>> +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf =
|
>> 3 +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf =
|
>> 3
>>>> +-
>>>> OvmfPkg/Library/CcExitLib/CcExitLib.inf =
| 3 +-
>>>> OvmfPkg/Library/CcExitLib/SecCcExitLib.inf =
| 3 +-
>>>> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf =
| 38 ++
>>>> OvmfPkg/PlatformPei/PlatformPei.inf =
| 3 +
>>>> OvmfPkg/ResetVector/ResetVector.inf =
| 2 +
>>>> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.inf =
| 27 ++
>>>> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf =
| 2 +
>>>> UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf =
| 2 +
>>>> MdePkg/Include/Library/BaseLib.h =
| 39 ++
>>>> MdePkg/Include/Register/Amd/Fam17Msr.h =
| 19 +-
>>>> MdePkg/Include/Register/Amd/Ghcb.h =
| 23 +-
>>>> MdePkg/Include/Register/Amd/Msr.h =
| 3 +-
>>>> MdePkg/Include/Register/Amd/Svsm.h =
| 101 ++++
>>>> MdePkg/Include/Register/Amd/SvsmMsr.h =
| 35 ++
>>>> OvmfPkg/Include/WorkArea.h =
| 9 +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h =
|
>> 6
>>>> +-
>>>> UefiCpuPkg/Include/Library/CcSvsmLib.h =
| 101 ++++
>>>> UefiCpuPkg/Library/MpInitLib/MpLib.h =
| 29 +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
>> |
>>>> 11 +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c =
|
>> 27
>>>> +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
>> |
>>>> 22 +-
>>>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
>> |
>>>> 31 +-
>>>>
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c |
>>>> 206 ++++----
>>>> OvmfPkg/Library/CcExitLib/CcExitVcHandler.c =
| 29 +-
>>>> OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c =
| 500
>>>> ++++++++++++++++++++
>>>> OvmfPkg/PlatformPei/AmdSev.c =
| 102 +++-
>>>> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c =
| 108 +++++
>>>> UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c =
| 21 +-
>>>> UefiCpuPkg/Library/MpInitLib/MpLib.c =
| 9 +-
>>>> UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c =
| 134 ++++--
>>>> MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm =
| 39 ++
>>>> MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm =
| 94 ++++
>>>> OvmfPkg/ResetVector/ResetVector.nasmb =
| 6 +-
>>>> OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm =
| 11 +-
>>>> UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.uni =
| 13 +
>>>> 55 files changed, 1628 insertions(+), 233 deletions(-)
>>>> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.inf
>>>> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.i=
nf
>>>> create mode 100644 MdePkg/Include/Register/Amd/Svsm.h
>>>> create mode 100644 MdePkg/Include/Register/Amd/SvsmMsr.h
>>>> create mode 100644 UefiCpuPkg/Include/Library/CcSvsmLib.h
>>>> create mode 100644 OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c
>>>> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.c
>>>> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
>>>> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
>>>> create mode 100644 UefiCpuPkg/Library/CcSvsmLibNull/CcSvsmLibNull.u=
ni
>>>>
>>>> --
>>>> 2.42.0
>>>
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116170): https://edk2.groups.io/g/devel/message/116170
Mute This Topic: https://groups.io/mt/104512925/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-