From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2F1128034C for ; Thu, 23 Mar 2017 09:48:40 -0700 (PDT) Received: by mail-qk0-x229.google.com with SMTP id p22so45625039qka.3 for ; Thu, 23 Mar 2017 09:48:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8NIlks5kMbE9ujbW/l5YhgpkhtwfnlJXVMuGqUqaeeg=; b=rkYDE/GWoOneZCmKJeL5WNwWlfyOAEM2fMKViy/gS/v3SkAwjKAvD29pKDevZGmm75 A4NuPsxW/E7LaMYXCdd3M1DRwlob1AZWpKjMAfzV54r03843l8eLi6bh9dx1H6Xh+wm4 Uw5lT0zKnUxBYLzutR96lCuRKIrMNaMmUnMPJBIjLdugm37Na7AXZiWZf3eUQUojSsN4 FY/D0V5ndBV4zHTQC7+7vX6PIf8j+Qam+MPEu32/QsHUUkHTW8Hu8GD5cl3pDNrTE9IH UD9JpVV2CR6IseuF5vsB8p65hwo0LW1L+1VEJ50hSr73DNntNDsjL0E72Gmaa0j5aHNk 9x+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8NIlks5kMbE9ujbW/l5YhgpkhtwfnlJXVMuGqUqaeeg=; b=rr9aLwFyOuGlbwjDXIrIycpBYNbs0T1CYqQo5bUeXWsSGssc2+O3WGmBfz7enAN5I1 O41LRHmuGTUASGjiJtpVlwTsK/Xq+rUV1+L+d6mhwKQgT2YTTNh5HO4v+MTMujO5FXtC CJU71PNYgB/D4HvSsaJPbXN8ivLmFRFPRp5bBleC+urEup/vRuNMtZb6JX1z/gzkIF0+ LNPBPmZ1Zje3vKn3+I+eBIzjBsldM7FqB0OBMrTVfFmaU2I/xk2P0tudSt1WI7H26Hcq pJA2o21CQjwTddiTmSuKH5pGmXgo3flPLDxuZnPhV8bgRw9qGLiZEWukf8P6UCiCKvG0 HnlQ== X-Gm-Message-State: AFeK/H3g6knWIpG8aQ3RMrXsOcpXMXe3wihSEWUaQbne6hcrw2WLwhrW6p5dKW+DY/K4TTzjeYtomLw8wC1p/g== X-Received: by 10.55.47.69 with SMTP id v66mr3056330qkh.222.1490287719269; Thu, 23 Mar 2017 09:48:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.182.65 with HTTP; Thu, 23 Mar 2017 09:48:38 -0700 (PDT) In-Reply-To: References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> <149013077498.27235.15379321048646409782.stgit@brijesh-build-machine> <15681e6f-dd58-957a-067f-f1036b31c62d@redhat.com> From: Brijesh Singh Date: Thu, 23 Mar 2017 11:48:38 -0500 Message-ID: To: Laszlo Ersek Cc: "Kinney, Michael D" , "Justen, Jordan L" , edk2-devel@ml01.01.org, "Gao, Liming" , brijesh.singh@amd.com, Leo Duran , Tom Lendacky X-Content-Filtered-By: Mailman/MimeDel 2.1.22 Subject: Re: [RFC PATCH v2 02/10] OvmfPkg/ResetVector: add memory encryption mask when SEV is enabled X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2017 16:48:40 -0000 Content-Type: text/plain; charset=UTF-8 On Thu, Mar 23, 2017 at 11:16 AM, Laszlo Ersek wrote: > On 03/23/17 16:05, Brijesh Singh wrote: > > On Wed, Mar 22, 2017 at 3:20 PM, Laszlo Ersek wrote: > > >> In the below logic, which branch exactly (to NoSev) will be taken on > >> Intel processors? > >> > >> > > The below check should branch to NoSev on Intel processor > > (please note that 0x8000_001F is new leaf and may not exist on older AMD > > processor hence we will also branch to NoSev on AMD processor which does > > not support this leaf) > > > > *; Check if we have a valid (0x8000_001F) CPUID leaf > > **mov eax, 0x80000000 > > **cpuid > > **cmp eax, 0x8000001f > > **jl NoSev* > > Yes, I figured that maybe this "highest supported cpuid leaf" check > would catch Intel processors. > > But, what prevents a future Intel processor from exposing such a high > CPUID leaf, for a completely different purpose? Should we not perform > some kind of vendor-id check? (I'm quite unfamiliar with CPUID, as you > can tell, I just seem to recall a comment (from Liming perhaps?) for one > of your MdeModulePkg patches, where he said that directly using a > software-defined CPUID leaf (?) would not be portable across all CPU > vendors, or some such.) > > I had similar question in my mind. Before creating the patch I checked with AMD architecture team. The response was, CPUID 0x8000_001F definition is fixed for x86 architecture. So, if Intel ever decides to report this CPUID leaf then it will comply to exact same definition. I think vendor check is weak, e.g user could change the vendor string through the qemu property which will break this loop. Because of this, I wanted to avoid any kind of vendor string or hypervisor defined CPUID checks inside the code. BTW, in my previous patches I was using KVM software defined CPUID leaf and I got rid of it because hypervisor's are flexiable to define that CPUID in whatever way they want. -Brijesh