From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.83]) by mx.groups.io with SMTP id smtpd.web09.9358.1631790718644369505 for ; Thu, 16 Sep 2021 04:11:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=i/GJxC9x; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.95.83, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aC4JjB5AclBrS5shFiWxV2zhcIdmijT1OR+XZxOgBslnAHNmZ8g5We6MkpGxEz5TNtoxB7JDkPmCbkKQY5tUtznZlhFlYxexdtPxtnpW3N16fiGVsN+yhC8Vlm9WJjQdd9tjqb6/WFgVeYh7ECCmQF7gN0sS9mKJjvQd3AwWo+7dbNHnT552e/6tUd5muvj0Fy/wXH6a8qLSYJiTCdzlOsjfvwFtdR+XJ8ccxU5W8I78euKvlsW/3QDrYWJgMXcQtS9Xws0IehFZ8rc32CYRspcarFZd+hrETKgWzCcSL/GDpmJOl9qNj9x8lv1VSt6TFxlQLsjlt6s9fmYTXryoxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qGwSIEy+fnsp8aV5sS/THF3t6YVCfdnGjaTFLkYIf6s=; b=Z77Nv4opxc2cnKxbwSmzJ3Q+jqcPyWRBxnPai4QDUVk6ZcxBuTGLttVr9qW5Z7ZtUWRbFvQNXZVKKsM6IUObDCCssqTi98fSW97c7ODPKMy73JduGPavoAU3pi43s8BM1NwYty6kK8D225M/VYxcueIrY95U6FwO3iVAiSJZdHXpRvmrIph3P9pdpoOP9sLbxt8v+8emEly26hTbj895dfb6EUUo6bkYgrs9cjQvxc2maJCfHyPwqCa+etLlgEsfabkSjBpt/icUA+ydktdy/q88iwG4yopnCnbmdkYj50p/QXKJI1ZkwJFcXHoGMcDmilKOP9VvJgPTmNM+E9YLuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qGwSIEy+fnsp8aV5sS/THF3t6YVCfdnGjaTFLkYIf6s=; b=i/GJxC9xZsZJnWPTPXLESy2b9gvoAQqY+cu7GqDMWHlf1pXpzwpJ1uLjMCu9w+lIx0sLiTZsTF7Nptge2onRSXLgVQnJV8nGnkpjsVAa/ywj4zT/5nuZlXuvWG1FmudlMZ/LOgJWEfOnCXGIFyqhuJ70sQJs1hd8tC1uObBmShY= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Thu, 16 Sep 2021 11:11:56 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.020; Thu, 16 Sep 2021 11:11:56 +0000 Subject: Re: [PATCH v7 17/31] OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv To: Gerd Hoffmann Cc: devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth References: <20210913181941.23405-1-brijesh.singh@amd.com> <20210913181941.23405-18-brijesh.singh@amd.com> <20210916085848.f6k4prprtw5jrrwy@sirius.home.kraxel.org> From: "Brijesh Singh" Message-ID: <90b9cb6d-2425-9c25-801c-f6fbab428f78@amd.com> Date: Thu, 16 Sep 2021 06:11:54 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <20210916085848.f6k4prprtw5jrrwy@sirius.home.kraxel.org> X-ClientProxiedBy: SA9PR13CA0057.namprd13.prod.outlook.com (2603:10b6:806:22::32) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (165.204.77.11) by SA9PR13CA0057.namprd13.prod.outlook.com (2603:10b6:806:22::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.6 via Frontend Transport; Thu, 16 Sep 2021 11:11:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 05e20460-a231-4637-819c-08d97902cbd6 X-MS-TrafficTypeDiagnostic: SN6PR12MB2718: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 873g+NCnEmBuv+FIYlJ2b5+aqLcv9SSGYXFsy7+Ldh9MsIs38SoV41jYo2tgmRhZkwCR4rjzS80l0tLGioAWbhItxa9ekMLhokDlrAmAeTgIoD/7xf8fN4LFwTGyUNitmOuiZGzC/MjB+6ei1COY2Ycl57dl15LTa41mjw5XpWD4O3OzhntPfbAuOUW310nyq1M80s+lOrUt5F/rxJH6SYVsGAk70LoWQFCJOexM9RfZ+RdF439ljHKSceyWHXlCfE8vyUChTMZ7nkIrrBCh5hpVKwpD6LhiBQGhfazlOTLV1dLYkYP42weK3BxmjHlJ0GbS94vEERusN2oHlVhhFPa1nfIxMyWGg7QiL8ABoKUZSWs4EdWcIJEbqZNOyhYLf5jk4LHIVg3bQBW+djvFB5ADVJi9mHlAtMOKpgOfCB2RrPVX6FhyOMcVqSYmJrU9l/6GZCrbYkwACdJ5zO/GBHB2aJ/oCY3q8ybjYUp5gawWSQwFvIOdlaaUob2FeZjaGnyKV6PewrSq8lBR063qijDyonPIE9iWvXuEdbZR7RrsTjUhtq8AkaXPgPxAP6L0e2gvMWECju5GxS+iEekpVLjRJ7i0uQ4ZWNvfQ1j86Vxa/N9i0ms0u18gmq/8SH8asmPyaV3S9s4Kvt0k5mb2pfyYZkwKpAm63OX5LkP+O5XiE2TysKF+hNf4K+j6TVxSsBn8XiU/Foxjf+LC0Nl2vFmqwjidnB+iZCTV3+S6JD6kU0W1wu4qa/NiZmcl/6I/n0MvFzG6Hjg6L/7PNHC3dQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(39860400002)(376002)(136003)(346002)(366004)(26005)(186003)(6506007)(4326008)(15650500001)(2616005)(4744005)(5660300002)(53546011)(31696002)(36756003)(956004)(83380400001)(38100700002)(8936002)(66556008)(66476007)(66946007)(478600001)(31686004)(316002)(6486002)(2906002)(52116002)(6916009)(54906003)(44832011)(38350700002)(6512007)(8676002)(86362001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MVhqUzJjSHZJRzc5M1BZekVWWWhRclpqaWVzYVdFVTZYWFNIaXZqZE05TUxW?= =?utf-8?B?ai9GblBlRFM4WTdtNTNSc3R1L3lqQ0ZkMkdNVkxPYVQ3RVpWVzVpNWhPaEVN?= =?utf-8?B?eE1oMzJGN3g5YWRXWTlteVpzaHMrQVpQUEVCYWlPWThocHd5V2RlL3ozSmNw?= =?utf-8?B?NXNBbUtNdUhYeWRrZDhPcFpjaVppZUJNRFpGVzBDaHZJbDFJeHNqOXI3NmpN?= =?utf-8?B?cklNQW96ZFdqamNVUGVtM2RUMU9aaXFTWExWMnEybjYydEdRTWRqRXlkMWRU?= =?utf-8?B?R0lvWWxEK2RlUml4NXZ1ZkZMT0pURFUreU8rN2JxeEVEMGlUU0JNcEpZU1Bj?= =?utf-8?B?cFFoR2ExeE5EU3l2ZFBXcUhCaTVMMVk5NUZ2bzJkNUM5SDEwTlZYS0pkSHJG?= =?utf-8?B?dVZsd0dUVXZRbjNZczJvaVRSRFdycUZyMDBDWlpPelRRQWtmSGUraHgxTnoy?= =?utf-8?B?Z3RtVnUybkhEL3VObVc3cjhNMTBKVTNDd3dhNHlmQnRBWmFIR0VrbjdlaE43?= =?utf-8?B?TmRxTXZJeURyaVdZcTRtbE5keHBYbyt1b09CU1hSbk84U1k3bVg3SnBVM09I?= =?utf-8?B?bWNiRk5rd0k2MzVLcHBpMDZYMXh0MzVycWwvaGNuM0tDQWVJR0N0OTVPL2tr?= =?utf-8?B?VmdsS29YWkc2SjFUZHVpV1RvY1FFdVp4YjVod1pjWHlaVU91OThja2ZQMVIv?= =?utf-8?B?cE1HNXYzMldtc3NJWGZUZmU0NERwaUxlbmlvWVowdEgvV24yaTJ0dzlpWDYw?= =?utf-8?B?TGJEMWhJQ1U4YlNodnRBR1ZMdWw0ZFFNczFFdnJ2WVEwZDNrVnUzekJjRncz?= =?utf-8?B?ZDE2QnFscUF3THpHWE9XMFlpTk5oTy9lc3VMemJKTjJocWZLOXJQNmlGWFI3?= =?utf-8?B?QW82K3pORU53RGZNQXhWaEJ2Wk4yZk10SnVwSTN4emtQQWh3T1JTYm00T0dZ?= =?utf-8?B?UTF2L0NTNFExdjliaCtjenFWN09qMmw5TEpBbnk1SW5zRU1XYjdpSENSamdj?= =?utf-8?B?UjdrNHJZaVFOelVqaGpxeVZlazRhYVRFUThseHU0SVp2QnRBckgxTkluNjQv?= =?utf-8?B?UGFkSnFtYThlbzB1cmdJRGhpTkwxai9QZmxTVUNLQzY1eFl2NmlBdHA0bHZJ?= =?utf-8?B?amJ3Qi9ZRXhIMzhvbjc2MDdmNEpOd1lRK0tmK3dmRzNXZ1FnbzBXNy9XSmQ1?= =?utf-8?B?SlZEUkJ6TE5YSm1UYWRIbVM1WGpaSnJEL2hYUWQrTmszdnZqbitWaEk3dXlt?= =?utf-8?B?ZDRtZFdpQlFMM3pPazVHa29YclI3T0l0bnVGWjFrYnZWN3V2dGxFWjVxcVFr?= =?utf-8?B?T1FoeS9NbmplTDJwZ0NMd0RKclJmU3M3aE5YZjZZSDdOVStSZTB1dnBhYmx1?= =?utf-8?B?aDFCQkVBYlkyRzlaWDBQWURJNUFrTnN1WkRYSFV1MXFZTlFDd2txa1IwOUd1?= =?utf-8?B?bXQyc1AxQldIRUxvcVRkSVlmRWdpRU8zT2pEQ2ozV3BMaXlvNGFZSUNzbk5N?= =?utf-8?B?TUhuMFVoT2NvZCtCY3VSd0F2RVo3YVQySWx2TU5uT2pSekJ4SGFnbVl1R1ht?= =?utf-8?B?QmpraW91bURyaEVNUmtxaVNKWnJ2THIrbytpUnpIL3JKKy9Hb1drTEo0UkNI?= =?utf-8?B?MTh5QlVUMUo1UG1rQVdaRDNjTDhPRVNnMlgvUzJzWGxpb0RvMHlKUVkzR1VI?= =?utf-8?B?RFhHMVBKT1h1eXFadkpzbFIrTEtVSy9maG1zTDVNNVg2MjNQZW5aNk9Jbmcw?= =?utf-8?Q?IK92QA3tingYJGOyvF+PqtaPfssYBVL/O10ECne?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 05e20460-a231-4637-819c-08d97902cbd6 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2021 11:11:56.7263 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cVLQSDFT4AlYqknZ0WFaQElxJmN+76XgZcUsfU5Zor5pRUjPyVKXVs89yPVsGeeeUrhFCBUYq4zAw/XZeFl4PA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 9/16/21 3:58 AM, Gerd Hoffmann wrote: > Hi, > >> + ## The range of memory that need to be pre-validated in the SEC phase >> + # when SEV-SNP is active in the guest VM. >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart|0|UINT32|0x56 >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd|0|UINT32|0x57 > I guess TDX needs to do that too? > Should we pick more generic names for the PCDs then? I was not sure how TDX is approaching the validation in the SEC phase; i.e, will it go with validating the entire guest RAM at once or validate the selective portion then push everything to PEI or DXE phase. Min or Jiewen, can you comment on it ? But I agree with you that picking generic name to start with is a good idea. I will drop SNP name from it. thanks