From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (NAM04-MW2-obe.outbound.protection.outlook.com [40.107.101.88]) by mx.groups.io with SMTP id smtpd.web08.601.1626799530219096073 for ; Tue, 20 Jul 2021 09:45:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Qa4h10EV; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.101.88, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dnepFyEn5muc+pHl55pSNQE2rJfmUoC+VxZhV9bwR7X4ksoSs/F+QqCeaUT75mc/IgMu0HQXDqMWiGmaoyPTHipWIgCTw37RGcuNV7iOZiQ/5rSE/kFHl5ppZ03WNElq5sAEt2amB1obUG2xfyFQeXu/zjcYs7xSmIn6vN3b0KV+Fs/RnIz2h18aQlOMXzaIhvUQ5bfaNcu2gVKsW7dc8kc2NUK8rB1o2TX1KYh9c8kuT0f5pdaQo+3xH8xYfsdnrTHDPHTWcUDL+cDjEuRKMjbgwZpRelJyX8KRS4o0LgtiYFoYBiYAHvA6QwAGlQCc/3YtMgDuM8VXmUEpkeoQdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gIFohO52qG+OOQw3JtB+zxXn0dXjKygEiaZpB5SYlpk=; b=HrbTKfa/eldJI+995JsEJZrIidUEDdRS4j+Yvvqs3kmm3iJuLOC9Tw2Qiagi2sdQY5fgigMUsl+YgDNTY2DkoRiJmNq5692GHB2DexNiC2FxDjnabmlB4jY6AWRmtF/fUvo2dAoxr/Mbt5D/qhqdKWSCCFpY9TC/A1gGrcvoNfEJtN6QxfBfCCklCY2aoGNWdK+RnZif9mFXGJNUHVfF64SVZgg6qKLRbISjisU+m0f8gbdYphm8PU2acBy6XqH0IZzeDOm63K+SzLIVkEgyC2iAqQq78SBnUb7nxv6PGtKpUdrMibVm5jq1mWtLi9HUC5GkNkW1LUA2Kyi5Eq5neA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gIFohO52qG+OOQw3JtB+zxXn0dXjKygEiaZpB5SYlpk=; b=Qa4h10EV0gH1wvA89BUg09t+ZSSkgXTPtrnWJX5eaPJvJ/cp7F4X93yPzpA3rSSGnurOrhvunnJETk796xQfkvJ4rb05kOduQlcmVYs9EQRDCTSorfhHzFii3+YhFoezJKKrQRg/eftAUe8mFRYK24tzLIgYgXzXONHdDDP4PrM= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4446.namprd12.prod.outlook.com (2603:10b6:806:71::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23; Tue, 20 Jul 2021 16:45:28 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4331.034; Tue, 20 Jul 2021 16:45:28 +0000 Cc: brijesh.singh@amd.com, Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: Re: [PATCH v3 09/11] OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes To: Dov Murik , devel@edk2.groups.io References: <20210720080401.3662854-1-dovmurik@linux.ibm.com> <20210720080401.3662854-10-dovmurik@linux.ibm.com> From: "Brijesh Singh" Message-ID: <6b9315d5-aef0-21b5-ad66-79d704960035@amd.com> Date: Tue, 20 Jul 2021 11:45:27 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210720080401.3662854-10-dovmurik@linux.ibm.com> X-ClientProxiedBy: SN6PR05CA0028.namprd05.prod.outlook.com (2603:10b6:805:de::41) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.31.95] (165.204.77.1) by SN6PR05CA0028.namprd05.prod.outlook.com (2603:10b6:805:de::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.9 via Frontend Transport; Tue, 20 Jul 2021 16:45:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 66a75563-a648-44b5-98b1-08d94b9dc7ca X-MS-TrafficTypeDiagnostic: SA0PR12MB4446: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3276; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: olBuvaHVPmkACTBhaSQysw5I8dzsdFNU0DCA7VNfWsU33rDpwESP96JMIDS5mmmDWrTbuy4obud8KQnsj7FrYBdMZnFArTp7QDsPip6Zn8jct+Q9pQ+A+VOFW3xUxFV6SVsbQOnpj0QTMD/6jcWh11ewoOECGGC722hws1YluT8ed4wJA62ebM5k/O7MiBq7MTFg2vupAZIswvCm2jcAvUAYhsar7HWnTPiqt9pr3QvcQstL97gBKD14XfjBAkrZ8hsY7tgvlm7g53N8oU2nP3T/4dKs2eq7l2ZERjSzRdZC7Z7Z/eiA+JwLIt7UJZo+BGuCuS7WxUc2YwTADuP/RF/pvzcTOmQOBdx6xqLLBTj6MmHGQQzltIldRSkFvHcvGmmGXIDI5zeRbJP20az2QTumX4LT8A3Kx9aWXvggHI8pUHkYo+cVD92WE9dSmxHA4XpVixBlwNgEKLDEJKzfhO/EsCAxOFn1/BxV/jvjcGlPW4FvsmditYNjmZzqmiYFG0qipO5fBoZJYQYpsz1eP/9nPU+27L1IY6rHQI4tcas4+hbrnib7wv0TsQ5k06oGPHjMtAaXswPy6Wd4wJ4GHLg1d1SAdnpFnGs1XqclTNZpE8tZr/yVFMF9QBYGFLkQ4J5yc17YXVBAZ1QkdzUNVHM5iPJ1qr23ZWpTf+kpIy9EvSMrASc6uxdL7SftVvWtaasH21yJAAxdOgAy3QDtHMSKf2vGe6EHT28oOXXPp8MA8Mue3Kbi57uXCpxVWJ4eoTpMurMUDF7pYzoNObHhmYyQiYt1YCnLdyZ+kPgxmqrO5WbzsDggN8cPSs+EDsGCKSh97Mml2imx86qU6EyFQrG7Bg5vuwExQryGA4J3nHw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(39860400002)(346002)(376002)(366004)(36756003)(31696002)(83380400001)(44832011)(86362001)(966005)(38350700002)(31686004)(16576012)(66476007)(66946007)(956004)(2616005)(38100700002)(53546011)(66556008)(316002)(54906003)(186003)(2906002)(8676002)(6486002)(4326008)(5660300002)(52116002)(7416002)(8936002)(26005)(478600001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dDZyZXk0OGFMdElOVGQ4MnRuYUgycGRiZ3NhbE1zcjR6cmY5VCtTQ1ZYdHps?= =?utf-8?B?L3EvK0pZMndMcU9jRmxnbDdON0FvYmRzM3RyMmxqTkt2WXhuUHhTM08rK0F4?= =?utf-8?B?eGRFVlJZRktQSVd1Z3RjZ2xzbVh2SHlVR2pJTi9BMjI5Nzh3OXNuY2VoWFlT?= =?utf-8?B?WFdDT1c1Z2swMFRXQkZsakVFd0wxV0ZvWExiLzlOek8xMk1DNVlzejN4aE5N?= =?utf-8?B?SS9MTVFTR1ovNnA3U3orNitCYkprenVFL080VXhlL2VGSWJJazkwYys0VEov?= =?utf-8?B?a0h3UDRqdjZRaWpwZk1EWnV1QWlPL0U0UnJWc3Bsc3NpUzdjVXQrR09xajYx?= =?utf-8?B?Z2hGdzBsb0FBVG52dkpyM3R0dGJyNitpeDh6Kyt6cFZ1VWxsa3Y0bkJMRllk?= =?utf-8?B?WnEzMXhnY3FSSElTVWNHN1RIejdQbkl1cUlwdWM4S3l4VmxmbXliSmRCSm83?= =?utf-8?B?OGlGYnZ0bGUvcnBzRGNXV0xuc1BWOERaaUdsYVBaRy8reXMrRkhIaTdmRzUy?= =?utf-8?B?NlZmLzJtQXd5K24xUDdFREVVSEhJTzhjWUFscGx5WkRWQzZIcGx3aDhINHFo?= =?utf-8?B?VlpVRWxkeVl6UXVKVzlycUo4VHRHUHljYzFzRDhZK3BRWlRIdGNjbjkyWEM1?= =?utf-8?B?dG56anZMZEZhSWdUc1phT1RWNmExa2VPUWRtNWRvd3F5cjR6NG9ZR2UzdXdL?= =?utf-8?B?eThOWTUyN2pSRkp6RGtVYjRsZmNvSk9MYlJBM0dHcFdoR2R4WHJIRUtNVlBY?= =?utf-8?B?YTRjbjJYWHZ0VGFjU0x5Mmp4cWxhbVdRVXF0YS9Vc2dQZE1hNzdKU0g2WHpj?= =?utf-8?B?aXhGcXpwVENkMHN2UzVYN21ENmQ0WXM0UnJtR3RoL3Z5NlQ4aXUzWURMZmxS?= =?utf-8?B?WWdmNDBQSzJSYWxjOGJ2SHFuaEQ0NUVXanBWWXQ0REp0U3BCS2pEYlEzbldS?= =?utf-8?B?SmN3OXlZRmhxVStsUFpLa3M1R1NPK0U5YUhBcE03OVJwdTdQOElmblFOcUI4?= =?utf-8?B?dmhaNGVnRzZTa3puVTBhNEhQd3pSS0FIZU1DRUYrcENETDgvd3BZME9HelBN?= =?utf-8?B?RVZWeFVRWkhuTENYSC9yWXpDcnpIUjJIaThkTEJ5T2QzUEQyK2g0bGk5Rnd0?= =?utf-8?B?QlBZemFSbm1lU0d6WHhHQ2dLVjRmb2F3OG9ncGRFZGliU0JRVExzTmVLcjla?= =?utf-8?B?YVFhTmFRN2ozemdtYlZWSVoyamlSVmc5MmU2bFZ6TlhQMEZ5dDNXM3RkWUZ3?= =?utf-8?B?Q2xOZElRV0IxZm92WDRmM2FYWjRMekFIYmNHd0dZQXFlM1pHdWZybWxKeVpw?= =?utf-8?B?N0c2TE5rdHJFVVVTQnBjQ2VYYnE1QVhDdWZkRVQrTWkyREFaeDJ3OXR1Nklu?= =?utf-8?B?TnhXam5QN1A4Q0FQWkdiWUNXTGFsaStFZHI5ek43anRpVmhRaGpzVGE0enY1?= =?utf-8?B?OWNld1VxeW5RSnZLVXZoSFhyQ09KL3JZZW15S295RDErelV2MFNjS1p4V2lq?= =?utf-8?B?RHpFVnRoN2hWNTdFVGZYaHNHdEFIOXVmUzlFOTJNSGlIUlBaV3hUNFVlb1hJ?= =?utf-8?B?aFJ6TjUvNGl3ZnpQc3Q5NGpYdWJDUXIvUXVqZnRncHdaY1hkQ1hzM3NPWDN2?= =?utf-8?B?SldGN3RYVlR0RGsrdXBGZU13ejhIemJ0eE5HTkdKSFFraGRIRTVINmNxY2Yw?= =?utf-8?B?SkcxeEF1MjFVSjlkRVFDQUw4OTQwdDJqOEpHcnc1OFoyL1ZsN2lEeVg1RTl0?= =?utf-8?Q?9kiywTNu3KMqWx6FL+w4NFF3pFQIqfp4KHatAMH?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 66a75563-a648-44b5-98b1-08d94b9dc7ca X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2021 16:45:28.5206 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wM6YHwgfcc5bBB6oZaCsqqIhM7yJeI3WqdU/bNerD0HJ6JxhUWAvLU7IIahHh4tkFpQ0lPRhikNKiHd3Y0hOmQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4446 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/20/21 3:03 AM, Dov Murik wrote: > From: James Bottomley > > Split the existing 4KB page reserved for SEV launch secrets into two > parts: first 3KB for SEV launch secrets and last 1KB for firmware > config hashes. > > The area of the firmware config hashes will be attested (measured) by > the PSP and thus the untrusted VMM can't pass in different files from > what the guest owner allows. > > Declare this in the Reset Vector table using GUID > 7255371f-3a3b-4b04-927b-1da6efa8d454 and a uint32_t table of a base > and size value (similar to the structure used to declare the launch > secret block). > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Co-developed-by: Dov Murik > Signed-off-by: Dov Murik > Signed-off-by: James Bottomley > Reviewed-by: Tom Lendacky Reviewed-by: Brijesh Singh thanks