From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.83])
 by mx.groups.io with SMTP id smtpd.web09.9358.1631790718644369505
 for <devel@edk2.groups.io>;
 Thu, 16 Sep 2021 04:11:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=i/GJxC9x;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.95.83, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=aC4JjB5AclBrS5shFiWxV2zhcIdmijT1OR+XZxOgBslnAHNmZ8g5We6MkpGxEz5TNtoxB7JDkPmCbkKQY5tUtznZlhFlYxexdtPxtnpW3N16fiGVsN+yhC8Vlm9WJjQdd9tjqb6/WFgVeYh7ECCmQF7gN0sS9mKJjvQd3AwWo+7dbNHnT552e/6tUd5muvj0Fy/wXH6a8qLSYJiTCdzlOsjfvwFtdR+XJ8ccxU5W8I78euKvlsW/3QDrYWJgMXcQtS9Xws0IehFZ8rc32CYRspcarFZd+hrETKgWzCcSL/GDpmJOl9qNj9x8lv1VSt6TFxlQLsjlt6s9fmYTXryoxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=qGwSIEy+fnsp8aV5sS/THF3t6YVCfdnGjaTFLkYIf6s=;
 b=Z77Nv4opxc2cnKxbwSmzJ3Q+jqcPyWRBxnPai4QDUVk6ZcxBuTGLttVr9qW5Z7ZtUWRbFvQNXZVKKsM6IUObDCCssqTi98fSW97c7ODPKMy73JduGPavoAU3pi43s8BM1NwYty6kK8D225M/VYxcueIrY95U6FwO3iVAiSJZdHXpRvmrIph3P9pdpoOP9sLbxt8v+8emEly26hTbj895dfb6EUUo6bkYgrs9cjQvxc2maJCfHyPwqCa+etLlgEsfabkSjBpt/icUA+ydktdy/q88iwG4yopnCnbmdkYj50p/QXKJI1ZkwJFcXHoGMcDmilKOP9VvJgPTmNM+E9YLuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=qGwSIEy+fnsp8aV5sS/THF3t6YVCfdnGjaTFLkYIf6s=;
 b=i/GJxC9xZsZJnWPTPXLESy2b9gvoAQqY+cu7GqDMWHlf1pXpzwpJ1uLjMCu9w+lIx0sLiTZsTF7Nptge2onRSXLgVQnJV8nGnkpjsVAa/ywj4zT/5nuZlXuvWG1FmudlMZ/LOgJWEfOnCXGIFyqhuJ70sQJs1hd8tC1uObBmShY=
Authentication-Results: amd.com; dkim=none (message not signed)
 header.d=none;amd.com; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Thu, 16 Sep
 2021 11:11:56 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.020; Thu, 16 Sep 2021
 11:11:56 +0000
Subject: Re: [PATCH v7 17/31] OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: devel@edk2.groups.io, James Bottomley <jejb@linux.ibm.com>,
 Min Xu <min.m.xu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Tom Lendacky <thomas.lendacky@amd.com>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Erdem Aktas <erdemaktas@google.com>, Michael Roth <Michael.Roth@amd.com>
References: <20210913181941.23405-1-brijesh.singh@amd.com>
 <20210913181941.23405-18-brijesh.singh@amd.com>
 <20210916085848.f6k4prprtw5jrrwy@sirius.home.kraxel.org>
From: "Brijesh Singh" <brijesh.singh@amd.com>
Message-ID: <90b9cb6d-2425-9c25-801c-f6fbab428f78@amd.com>
Date: Thu, 16 Sep 2021 06:11:54 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <20210916085848.f6k4prprtw5jrrwy@sirius.home.kraxel.org>
X-ClientProxiedBy: SA9PR13CA0057.namprd13.prod.outlook.com
 (2603:10b6:806:22::32) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
Received: from Brijeshs-MacBook-Pro.local (165.204.77.11) by SA9PR13CA0057.namprd13.prod.outlook.com (2603:10b6:806:22::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.6 via Frontend Transport; Thu, 16 Sep 2021 11:11:55 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 05e20460-a231-4637-819c-08d97902cbd6
X-MS-TrafficTypeDiagnostic: SN6PR12MB2718:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN6PR12MB27186E5EC8C11C3570AB3BE7E5DC9@SN6PR12MB2718.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	873g+NCnEmBuv+FIYlJ2b5+aqLcv9SSGYXFsy7+Ldh9MsIs38SoV41jYo2tgmRhZkwCR4rjzS80l0tLGioAWbhItxa9ekMLhokDlrAmAeTgIoD/7xf8fN4LFwTGyUNitmOuiZGzC/MjB+6ei1COY2Ycl57dl15LTa41mjw5XpWD4O3OzhntPfbAuOUW310nyq1M80s+lOrUt5F/rxJH6SYVsGAk70LoWQFCJOexM9RfZ+RdF439ljHKSceyWHXlCfE8vyUChTMZ7nkIrrBCh5hpVKwpD6LhiBQGhfazlOTLV1dLYkYP42weK3BxmjHlJ0GbS94vEERusN2oHlVhhFPa1nfIxMyWGg7QiL8ABoKUZSWs4EdWcIJEbqZNOyhYLf5jk4LHIVg3bQBW+djvFB5ADVJi9mHlAtMOKpgOfCB2RrPVX6FhyOMcVqSYmJrU9l/6GZCrbYkwACdJ5zO/GBHB2aJ/oCY3q8ybjYUp5gawWSQwFvIOdlaaUob2FeZjaGnyKV6PewrSq8lBR063qijDyonPIE9iWvXuEdbZR7RrsTjUhtq8AkaXPgPxAP6L0e2gvMWECju5GxS+iEekpVLjRJ7i0uQ4ZWNvfQ1j86Vxa/N9i0ms0u18gmq/8SH8asmPyaV3S9s4Kvt0k5mb2pfyYZkwKpAm63OX5LkP+O5XiE2TysKF+hNf4K+j6TVxSsBn8XiU/Foxjf+LC0Nl2vFmqwjidnB+iZCTV3+S6JD6kU0W1wu4qa/NiZmcl/6I/n0MvFzG6Hjg6L/7PNHC3dQ==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(39860400002)(376002)(136003)(346002)(366004)(26005)(186003)(6506007)(4326008)(15650500001)(2616005)(4744005)(5660300002)(53546011)(31696002)(36756003)(956004)(83380400001)(38100700002)(8936002)(66556008)(66476007)(66946007)(478600001)(31686004)(316002)(6486002)(2906002)(52116002)(6916009)(54906003)(44832011)(38350700002)(6512007)(8676002)(86362001)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?utf-8?B?MVhqUzJjSHZJRzc5M1BZekVWWWhRclpqaWVzYVdFVTZYWFNIaXZqZE05TUxW?=
 =?utf-8?B?ai9GblBlRFM4WTdtNTNSc3R1L3lqQ0ZkMkdNVkxPYVQ3RVpWVzVpNWhPaEVN?=
 =?utf-8?B?eE1oMzJGN3g5YWRXWTlteVpzaHMrQVpQUEVCYWlPWThocHd5V2RlL3ozSmNw?=
 =?utf-8?B?NXNBbUtNdUhYeWRrZDhPcFpjaVppZUJNRFpGVzBDaHZJbDFJeHNqOXI3NmpN?=
 =?utf-8?B?cklNQW96ZFdqamNVUGVtM2RUMU9aaXFTWExWMnEybjYydEdRTWRqRXlkMWRU?=
 =?utf-8?B?R0lvWWxEK2RlUml4NXZ1ZkZMT0pURFUreU8rN2JxeEVEMGlUU0JNcEpZU1Bj?=
 =?utf-8?B?cFFoR2ExeE5EU3l2ZFBXcUhCaTVMMVk5NUZ2bzJkNUM5SDEwTlZYS0pkSHJG?=
 =?utf-8?B?dVZsd0dUVXZRbjNZczJvaVRSRFdycUZyMDBDWlpPelRRQWtmSGUraHgxTnoy?=
 =?utf-8?B?Z3RtVnUybkhEL3VObVc3cjhNMTBKVTNDd3dhNHlmQnRBWmFIR0VrbjdlaE43?=
 =?utf-8?B?TmRxTXZJeURyaVdZcTRtbE5keHBYbyt1b09CU1hSbk84U1k3bVg3SnBVM09I?=
 =?utf-8?B?bWNiRk5rd0k2MzVLcHBpMDZYMXh0MzVycWwvaGNuM0tDQWVJR0N0OTVPL2tr?=
 =?utf-8?B?VmdsS29YWkc2SjFUZHVpV1RvY1FFdVp4YjVod1pjWHlaVU91OThja2ZQMVIv?=
 =?utf-8?B?cE1HNXYzMldtc3NJWGZUZmU0NERwaUxlbmlvWVowdEgvV24yaTJ0dzlpWDYw?=
 =?utf-8?B?TGJEMWhJQ1U4YlNodnRBR1ZMdWw0ZFFNczFFdnJ2WVEwZDNrVnUzekJjRncz?=
 =?utf-8?B?ZDE2QnFscUF3THpHWE9XMFlpTk5oTy9lc3VMemJKTjJocWZLOXJQNmlGWFI3?=
 =?utf-8?B?QW82K3pORU53RGZNQXhWaEJ2Wk4yZk10SnVwSTN4emtQQWh3T1JTYm00T0dZ?=
 =?utf-8?B?UTF2L0NTNFExdjliaCtjenFWN09qMmw5TEpBbnk1SW5zRU1XYjdpSENSamdj?=
 =?utf-8?B?UjdrNHJZaVFOelVqaGpxeVZlazRhYVRFUThseHU0SVp2QnRBckgxTkluNjQv?=
 =?utf-8?B?UGFkSnFtYThlbzB1cmdJRGhpTkwxai9QZmxTVUNLQzY1eFl2NmlBdHA0bHZJ?=
 =?utf-8?B?amJ3Qi9ZRXhIMzhvbjc2MDdmNEpOd1lRK0tmK3dmRzNXZ1FnbzBXNy9XSmQ1?=
 =?utf-8?B?SlZEUkJ6TE5YSm1UYWRIbVM1WGpaSnJEL2hYUWQrTmszdnZqbitWaEk3dXlt?=
 =?utf-8?B?ZDRtZFdpQlFMM3pPazVHa29YclI3T0l0bnVGWjFrYnZWN3V2dGxFWjVxcVFr?=
 =?utf-8?B?T1FoeS9NbmplTDJwZ0NMd0RKclJmU3M3aE5YZjZZSDdOVStSZTB1dnBhYmx1?=
 =?utf-8?B?aDFCQkVBYlkyRzlaWDBQWURJNUFrTnN1WkRYSFV1MXFZTlFDd2txa1IwOUd1?=
 =?utf-8?B?bXQyc1AxQldIRUxvcVRkSVlmRWdpRU8zT2pEQ2ozV3BMaXlvNGFZSUNzbk5N?=
 =?utf-8?B?TUhuMFVoT2NvZCtCY3VSd0F2RVo3YVQySWx2TU5uT2pSekJ4SGFnbVl1R1ht?=
 =?utf-8?B?QmpraW91bURyaEVNUmtxaVNKWnJ2THIrbytpUnpIL3JKKy9Hb1drTEo0UkNI?=
 =?utf-8?B?MTh5QlVUMUo1UG1rQVdaRDNjTDhPRVNnMlgvUzJzWGxpb0RvMHlKUVkzR1VI?=
 =?utf-8?B?RFhHMVBKT1h1eXFadkpzbFIrTEtVSy9maG1zTDVNNVg2MjNQZW5aNk9Jbmcw?=
 =?utf-8?Q?IK92QA3tingYJGOyvF+PqtaPfssYBVL/O10ECne?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 05e20460-a231-4637-819c-08d97902cbd6
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2021 11:11:56.7263
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: cVLQSDFT4AlYqknZ0WFaQElxJmN+76XgZcUsfU5Zor5pRUjPyVKXVs89yPVsGeeeUrhFCBUYq4zAw/XZeFl4PA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2718
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US


On 9/16/21 3:58 AM, Gerd Hoffmann wrote:
>   Hi,
>
>> +  ## The range of memory that need to be pre-validated in the SEC phase
>> +  #  when SEV-SNP is active in the guest VM.
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedStart|0|UINT32|0x56
>> +  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecPreValidatedEnd|0|UINT32|0x57
> I guess TDX needs to do that too?
> Should we pick more generic names for the PCDs then?

I was not sure how TDX is approaching the validation in the SEC phase;
i.e, will it go with validating the entire guest RAM at once or validate
the selective portion then push everything to PEI or DXE phase. Min or
Jiewen, can you comment on it ?

But I agree with you that picking generic name to start with is a good
idea. I will drop SNP name from it.

thanks