OVMF and MEMFD_BASE_ADDRESS values.

OVMF and MEMFD_BASE_ADDRESS values.

[Andrew Fish]

I'm trying to understand the constraints around the value used with MEMFD_BASE_ADDRESS?

The reason I'm asking is I've been asked to remove firmware from using lower memory addresses in the low 0x800000 range as it is taking up too many ASLR bits in low memory VMs or some such. 

At least on my OVMF config that seems to be PcdOvmfLockBoxStorageBase and PcdOvmfPeiMemFvBase. It is easy enough to move MEMFD_BASE_ADDRESS to a much higher address, but I'm not sure if there are any restrictions to the addresses I can use?

Thanks,

Andrew Fish

Re: [edk2-devel] OVMF and MEMFD_BASE_ADDRESS values.

[Laszlo Ersek]

Hi Andrew,

On 02/14/20 04:11, Andrew Fish via Groups.Io wrote:
> I'm trying to understand the constraints around the value used with MEMFD_BASE_ADDRESS?
> 
> The reason I'm asking is I've been asked to remove firmware from using lower memory addresses in the low 0x800000 range as it is taking up too many ASLR bits in low memory VMs or some such. 
> 
> At least on my OVMF config that seems to be PcdOvmfLockBoxStorageBase and PcdOvmfPeiMemFvBase. It is easy enough to move MEMFD_BASE_ADDRESS to a much higher address, but I'm not sure if there are any restrictions to the addresses I can use?

TBH I've never researched moving around MEMFD_BASE_ADDRESS. As I stated
earlier, the exact value shouldn't really matter; what matters (i.e.
what various parts of OVMF platform code rely on) is the relative order
of "magic" areas (PCDs etc). We tend to use ASSERT()s to catch problems
in this area, but the coverage may not be complete. So best I can
suggest is, please experiment and see what breaks. (Test S3
suspend/resume too.)

BTW Tom Lendacky's in-progress series

[edk2-devel] [PATCH v4 00/40] SEV-ES guest support
https://edk2.groups.io/g/devel/message/53747
http://mid.mail-archive.com/cover.1580857303.git.thomas.lendacky@amd.com

carves out some more PCDs in the FDF file.

Thanks!
Laszlo