From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A0DCC21BC6A7F
 for <edk2-devel@ml01.01.org>; Tue, 28 Mar 2017 01:14:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 099F4C04B92C;
 Tue, 28 Mar 2017 08:14:14 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 099F4C04B92C
Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=lersek@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 099F4C04B92C
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-89.phx2.redhat.com
 [10.3.116.89])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2195F7F94B;
 Tue, 28 Mar 2017 08:14:11 +0000 (UTC)
To: Brijesh Singh <brijesh.ksingh@gmail.com>
References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine>
 <149013078709.27235.16179070664669554073.stgit@brijesh-build-machine>
 <ef554462-38e5-dcaa-4e9d-93dd5aa11bc8@redhat.com>
 <6f2a60a0-2480-457a-ca30-bc260b20f13f@redhat.com>
 <CA+HCGMZma4JD_KL-f0CTiCaKWQ4o366O99Vf0df3cf6WURwqTg@mail.gmail.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
 "Justen, Jordan L" <jordan.l.justen@intel.com>, edk2-devel@ml01.01.org,
 "Gao, Liming" <liming.gao@intel.com>, "Singh, Brijesh"
 <brijesh.singh@amd.com>, Leo Duran <leo.duran@amd.com>,
 Tom Lendacky <Thomas.Lendacky@amd.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <9b671673-f7a5-a5f7-6dfb-ee4fe70ec772@redhat.com>
Date: Tue, 28 Mar 2017 10:14:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CA+HCGMZma4JD_KL-f0CTiCaKWQ4o366O99Vf0df3cf6WURwqTg@mail.gmail.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.31]); Tue, 28 Mar 2017 08:14:14 +0000 (UTC)
Subject: Re: [RFC PATCH v2 04/10] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 08:14:14 -0000
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

On 03/27/17 20:44, Brijesh Singh wrote:
> On Mon, Mar 27, 2017 at 5:07 AM, Laszlo Ersek <lersek@redhat.com> wrote:
> 
>> On 03/27/17 11:19, Laszlo Ersek wrote:
>>> On 03/21/17 22:13, Brijesh Singh wrote:
>>
>>>> +  Returns a boolean to indicate whether SEV is enabled
>>>> +
>>>> +  @retval TRUE           When SEV is active
>>>> +  @retval FALSE          When SEV is not enabled
>>>> +  **/
>>>> +BOOLEAN
>>>> +EFIAPI
>>>> +MemEncryptSevIsEnabled (
>>>> +  VOID
>>>> +  );
>>>
>>> Would it make sense to call this library function in PlatformPei, rather
>>> than add a separate SevIsEnabled() function to it (in patch #3)? The
>>> implementations look nearly identical.
>>
>> I realize that earlier I seemingly suggested the opposite:
>>
>> http://mid.mail-archive.com/dd9436dc-415c-9fab-081c-
>> 39dd2cd71fd5@redhat.com
>>
>> http://mid.mail-archive.com/9193d837-6a78-b1c4-42c0-
>> 427fbc1f2364@redhat.com
>>
>> However, at that time, my understanding was that this library would only
>> be used in PlatformPei (hence the single user wouldn't justify the new
>> library instance). Now it seems that there are going to be several
>> client modules that check on SEV enablement. Is that right?
>>
>>
> 
> Yes, I do expect several client module link against this library to check
> whether the SEV is enabled.
> Are you okay if we link MemEncryptSevLib in PlatformPei and make use of
> MemEncryptSevIsEnabled()
> routine instead of having a local copy ? I was not sure which way to go
> hence I still have PlatformPei
> and QemuFwCfgPei using the local implementation of the same functions. My
> personal perference would
> be to link with MemEncryptSevLib instead of having local function. But as
> always I am open to suggestions.

I think the library function should be used (caching the CPUID detection
results) whenever we have writeable memory (PEI and onwards).

Thanks
Laszlo