From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.72]) by mx.groups.io with SMTP id smtpd.web12.4095.1632401686406023516 for ; Thu, 23 Sep 2021 05:54:46 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=v+yokjl0; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.72, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D1UXX+DFVyWy+E/eX+IKjf3lgXmZpAJlwE5UWvfWrITGlCEEwKiJX5Hiw8tuA52hnWfTXUjvKyH41r1jsZv7L4us+/aRnTmgq51m7mH9f9uGV1jVjvvBWjTUiWMlaJZkDOPkyQ2I4XJywkORtZ+4HCCaJYYc6rE+R++KYNYTRwigPukM1xKzWOAYUi+mbyc6Kit0V5gc0tgfIXEOvdYpCsjQWxx49UQEE9cimubmTFqK+35tlV8FtdFfHL8RxObogaMKK7xzMx/yI6AqSYtMxnTKx2ucwjlAtcDkuQMpCVWiny3CilMHbzX8wQNanadleK7Z8lyM6DbABifjTLDC6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fO2InEr96uj7C2fo0yM/lVOY/rf3Qw27uPSYdYR0y9A=; b=kAE/2q0hNRUT5yPxAq3FMFnJv4HZOdtTPqa869nsIJEhMW5rUqkh3c0JSoYgoXmgOlFNii7j/23HQbTAdTfVokIj1YBRP8P8LD7A440rKm5yd77+5rOW2wvWKdMaHLnvPRuBo7Lq8H+IYaG04KTDmAJwi2oICO5EN/MjD1IHjj80/gOrVbWyKQO1546YS6HjARkAMlFapa0McVOtob05ye2sJhRpJN0ACgicL5Ra/kRSPGeNK08VjXwaVlKA0vveFejIiI2uVq4idfVLL4hQaAbRVtJc09+2nPD73ySgwxm9iry+bpwCK3OgtiF/P8NP/ysSC2cOWwEHtiAhPGjOvg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fO2InEr96uj7C2fo0yM/lVOY/rf3Qw27uPSYdYR0y9A=; b=v+yokjl0CDGViyXpS3H+U1G2GF0MopCs2kOJYAKyeI+zAcTfLA/F3fUcFolszKKFsbHc1zDPP/O1l0nuGyU+E+u5d87BGfelZkdiv5BZzGNlkSZC0+nIdHJlRwO5e0cDoG7XHPOIrwhavBa0lZIsQjobmVWaPvhMSUIc0yM1mrQ= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4431.namprd12.prod.outlook.com (2603:10b6:806:95::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.14; Thu, 23 Sep 2021 12:54:44 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.022; Thu, 23 Sep 2021 12:54:44 +0000 Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector To: "Yao, Jiewen" , Gerd Hoffmann , "Xu, Min M" CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Justen, Jordan L" , Erdem Aktas , James Bottomley , Tom Lendacky References: <12721dade1f2f9905cc34271d9abec24650442ff.1632214561.git.min.m.xu@intel.com> <20210922074929.e5iwf24t6wyndgbu@sirius.home.kraxel.org> <20210923084821.yxizus3loa2p6hms@sirius.home.kraxel.org> From: "Brijesh Singh" Message-ID: <7c9aeb95-5c33-bd8d-4f0c-40133f4c7c3d@amd.com> Date: Thu, 23 Sep 2021 07:54:42 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: X-ClientProxiedBy: SA0PR11CA0089.namprd11.prod.outlook.com (2603:10b6:806:d2::34) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SA0PR11CA0089.namprd11.prod.outlook.com (2603:10b6:806:d2::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Thu, 23 Sep 2021 12:54:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a02c9b49-5e85-44e2-26fb-08d97e91511b X-MS-TrafficTypeDiagnostic: SA0PR12MB4431: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: K4p6jZQ8GYo5w5W1gMWwxQHPeLYo82Y0ES3Rvr64a9dsRtEgZXgbXEi3AInDNr93jpvOtNZAlvSMWGpXAweLDF0lK7sZGwqSBqySmKP7oLqNIz3g14BJXE2QYi6BFr9oilKUgMdeXDQal2u/UANuIIY+mYybuTaixlyeB+QsKvu4aGDcQXV9XldwUkU3LpfyiCmRD2eNI6xUMqWOQe5dzV3k+Hqeox9iqhaV52+VgmBul7vaVV6L/jwfnRDGoDrfa45CGxo02f/dB59JF4CSoiqGC0CRn4jAc443Y6Hk39j7h5zKroTS2tBsSUiWJslyrdLR8P04wSk1dpBO0phZO9b/xkZ7yYUDRMWvXhZ65wFoHRZn6vh9MqZrTGOjJcEjRr1iszDmjAkvx2VkbnGG7wGPsXBYTCAY7wirialZz3odEEuVnSSS53TxS/9yrMBEbalqgH5MVmqJfx9hK9lgiDMZNgGmsGwE9wNUkmxzClUH7ly6WbWZbCb7LGBMxdGpXtbfPN4hJRaYReSg+pkcTAaa2dLokEHwnvH3/nlZlvBVyVciso7pfDK7hPFM45sHT1foP0NHwhMxxJMfRhPztn2Il4omgQGLN6wHINE0LdrwbbVosup8re60/AIeYF1rAUsLVqsAuwzDZk00h8cG6ltJaVagw3cE6gBMyhHLJPkXS3ICsZ5ObJNTdGEtY1XfV2GGNlMyAlMQlT+Hp3suhRd/OFluTITqKKyv6RXmd68IUtfxE8hmCNe0ierV6HGcs51mHHlfZlOIHQKZSPiEJVcbfzgSIDzX8v4EVdYr/X0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(8676002)(4326008)(54906003)(44832011)(508600001)(31696002)(6512007)(5660300002)(956004)(2616005)(2906002)(52116002)(83380400001)(38350700002)(8936002)(31686004)(110136005)(66556008)(66476007)(36756003)(66946007)(38100700002)(186003)(316002)(53546011)(6506007)(86362001)(26005)(6486002)(21314003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?JjXXtLadj+JVVWdzvpzBqOW4AOcZaC8oyYPW+NFLvM6BuD0UdlA/hcXMfy/H?= =?us-ascii?Q?7VNJ4Wm6L0Eqq3JL+E62TP5Ilg0moNT+OMEp7Slp4pQai5zAprlnLfXvUZlw?= =?us-ascii?Q?IyO3vHVktrxLpM/ePIg7htnw9XUlR7U1RpkG7bYV2mrNQkdp1Ar8PUpiGvF0?= =?us-ascii?Q?/DbCpwn3vZRicYOf/FISYQ98h4gtht7+BY/ZADtGWGuB1MAhGc9qi2YyO6ZC?= =?us-ascii?Q?kg9h6qF/vWwWM9DaR32lbB8UClNi5cuETb0U8coH9yOaI+nGZOVsGF2kCVtX?= =?us-ascii?Q?PkXVYSNTeOzMFMzbnfU6NiuFIo/zsrdy1FjsQ30+s0JiFZMPGgSO56YZ8mni?= =?us-ascii?Q?svUC1vcOp41gMX3ToGDRuDiszV2GrSjdzcJYbtZq0JrDnn9te/7hc+32kwFs?= =?us-ascii?Q?8lIZ9l1YOt2H18zKnltL/y+SPvkqX0kzUmyGM26zkC0rIDACOJS+w55oCZAP?= =?us-ascii?Q?0NAb9rDlDChe0xUZlS5O0dL2KKlk3pkbEqUbyeRMXEN8wJeeNo56LFlKnz4j?= =?us-ascii?Q?8o7kd8FXxcTLUNDnzPTVqmm2/RHPIwaJYLKu0uwKGoKehylH97xj5x07xyVq?= =?us-ascii?Q?w5gpNJhEiYfeVbOYH4kufhmvEv/7LpYR3oJA1XMGYEfXgbXW6dLUkJaeULrI?= =?us-ascii?Q?w3hRPW0acL/cTmhSl3z2L8zAyFbJ6MBYmdCd2FYAOFBeINlKdPMU7AvS6iZs?= =?us-ascii?Q?sA9gTEKPz3C8NKFK2r6ZASAb8FmHgGTm2AcIv2uKM6r2V9If/a238XWh00XG?= =?us-ascii?Q?YlbkgN5qyD7Asue+RIfTT/iBmaDP6bAg4cyf83xhN4TNn2fGhRyDMFfO4I7d?= =?us-ascii?Q?lrrcCcZzQk1BNappi1OG4WPhOhA13g+Prxk6tKxmg0W+e1GAkLQZhYMbSVBf?= =?us-ascii?Q?OzgCN26pBRLisUzK2mKYb/obIVxFcz+AocQWNoB8I7qNaFvz3D9AaZ/HLKnd?= =?us-ascii?Q?/Kg7BkAg8dDiLUUZYUrrUauGlJaSDH7WLHut85WO8Yplrj9aUtQie4yHyuja?= =?us-ascii?Q?G3VgSUtmKRP0XnCgY+8mK8mJp3X4yrv1YukBez3nHu0PgatoqbtbI6nTpLQD?= =?us-ascii?Q?HCsqEo2t+PRyTvr7B52rq22VrkcDcCjmCip0hXOC7l78nZLuj/eb5/Jap0Gp?= =?us-ascii?Q?CjWc1IySfJJ6OLYlh0q4V+3P6+x/vgk3kcbvgG6/zZXzuBouK5/4APktocJw?= =?us-ascii?Q?txF0fGV2XJ6/gHxhHTs4kLlum2XKCWR6DjKfYc8OwtWQ0s+ZXQk/geSc5T1x?= =?us-ascii?Q?oGg8PCqTm/FkHBL7RpHImrMk8icdQ0ZgKcmThCF5lklWzfEfl/+2EgvLqG1o?= =?us-ascii?Q?fIjeks5tZXTKXtLJu1iHRSjT?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a02c9b49-5e85-44e2-26fb-08d97e91511b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2021 12:54:44.7576 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xgOV59VoR8FIadX+KQ2ljZOhsJcXD68+wrO9eD8CLY0EEHtXxNRhkZlMnsKxxgW4qDrNtdt9hbJdnabaH7H2Og== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4431 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Like Gerd I would prefer to have one metadata table in the reset GUID. The metadata table will contain multiple entries; lot of entries are common between SNP and TDX. Some entries will have specific meaning for the platform. Those special entries should be marked using the OVMF_SECTION_TYPE_{TDX,SNP}_XXXX. It is perfectly fine to have a more than one entry for the same region with different type, e.g GhcbBookkeepingSnp: =C2=A0 GHCB_BOOKKEPING_BASE_ADDRESS =C2=A0 GHCB_BOOKKEEPING_SIZE =C2=A0 OVMF_SECTION_TYPE_SNP_MEM TdxMailBoxExt: =C2=A0 GHCB_BOOKKEPING_BASE_ADDRESS =C2=A0 GHCB_BOOKKEEPING_SIZE =C2=A0 OVMF_SECTION_TYPE_TDX_MAILBOX If we want all the OVMF_SECTION_TYPE_SNP_xxx should be defined in a separate file then that is also doable. I put everything in one place because I was trying to keep entry order similar to what is present in MEMFD. thanks On 9/23/21 6:39 AM, Yao, Jiewen wrote: > I strongly recommend to separate SEV and TDX in all context, if it is som= ething SEV or TDX specific. > Then each file has clear ownership. > If it is something generic for both SEV and TDX, it can in one file.=20 > > For example, SecPeiTempRam/SecPageTable can be in common file. > But SevSnpSecrets/GhcbBookkeeping should be in SEV file. > > Thank you > Yao Jiewen > >> -----Original Message----- >> From: Gerd Hoffmann >> Sent: Thursday, September 23, 2021 4:48 PM >> To: Xu, Min M >> Cc: devel@edk2.groups.io; Ard Biesheuvel ; Ju= sten, >> Jordan L ; Brijesh Singh ; >> Erdem Aktas ; James Bottomley >> ; Yao, Jiewen ; Tom Lendacky >> >> Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector >> >> On Thu, Sep 23, 2021 at 12:38:24AM +0000, Xu, Min M wrote: >>> On September 22, 2021 3:49 PM, Gerd Hoffmann wrote: >>>> Hi, >>>> >>>>> +%ifdef ARCH_X64 >>>>> +; >>>>> +; TDX Metadata offset block >>>>> +; >>>>> +; TdxMetadata.asm is included in ARCH_X64 because Inte TDX is only ; >>>>> +available in ARCH_X64. Below block describes the offset of ; >>>>> +TdxMetadata block in Ovmf image ; ; GUID : >>>>> +e47a6535-984a-4798-865e-4685a7bf8ec2 >>>>> +; >>>>> +tdxMetadataOffsetStart: >>>>> + DD tdxMetadataOffsetStart - TdxMetadataGuid - 16 >>>>> + DW tdxMetadataOffsetEnd - tdxMetadataOffsetStart >>>>> + DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47 >>>>> + DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2 >>>>> +tdxMetadataOffsetEnd: >>>>> + >>>>> +%endif >>>> This should be switched to common ovmf metadata (see patches 4-7 of th= e >>>> SEV-SNP series). >>>> >>>> Min: please have a look at these patches. >>>> >>> Hi, Gerd >>> I checked the patches 4-7 of the SEV-SNP series. The common >>> OvmfMetadata is designed for both SEV and TDX, right? >> That is the idea, yes. >> >>> If so, then it means the SEV and TDX metadata will be mixed in this >>> OvmfMetadata. >> Yes. >> >>> I am thinking there will always be different fields for >>> SEV and TDX. For example, SEV has PcdOvmfSecGhcbPageTable but TDX >>> doesn't need that page. If the common OvmfMetadata is consumed by >>> TDX-QEMU, then PcdOvmfSecGhcbPageTableBase will be initialized too. >>> That doesn't make sense. >> We have different range types. OVMF_* are the common areas. SEV_* will >> be used by sev only, TDX_* will be used by tdx only. TDX and SEV >> entries are allowed to overlap, i.e. PcdOvmfSecGhcbPageTableBase should >> have some SEV_* type for sev (I think this needs fixing in the series), >> and tdx can use the page for something else by adding an TDX_* entry for >> the same range. >> >>> I am thinking that SEV and TDX can keep their own Metadata (in >>> separate files, SevMetadata.asm and TdxMetadata.asm) which are pointed >>> by the SEV or TDX offsets in the GUID-ed chain in ResetVector. >> I'd very much prefer to have a single table to avoid duplication for the >> common memory areas and keep the reset vector small. >> >> Having separate SevMetadata.asm + TdxMetadata.asm files (then have >> OvmfMetadata.asm include these two) is an option. I think this isn't >> needed, we can also just group the entries in OvmfMetadata.asm. >> >>> In this case, SEV and TDX can design their own metadata flexibly, for >>> example, the attribute, the item structure, add/remove/update the >>> items, etc. >> Why have two ways to do the same thing? >> >> take care, >> Gerd