Re: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ard Biesheuvel" <ardb@kernel.org>
To: "Yao, Jiewen" <jiewen.yao@intel.com>
Cc: Dov Murik <dovmurik@linux.ibm.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	 "Michael.Roth@amd.com" <Michael.Roth@amd.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	 "Ni, Ray" <ray.ni@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory
Date: Sat, 7 Jan 2023 17:52:32 +0100	[thread overview]
Message-ID: <CAMj1kXE+i2E75HCRH5phxJ5ioMotnRJNiWVR_OpZp53r8pMAnw@mail.gmail.com> (raw)
In-Reply-To: <MW4PR11MB58726DF26FD8BBBAE0E86E6D8CF89@MW4PR11MB5872.namprd11.prod.outlook.com>

On Sat, 7 Jan 2023 at 03:01, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Hi Dov/Ard
> Please allow me to clarify:
>
> EfiACPIReclaimMemory in UEFI spec means: OS may use the memory, after it copies the ACPI table to its own location. It is also called "AddressRangeACPI" in ACPI spec.
>
> [2] https://uefi.org/specs/ACPI/6.5/15_System_Address_Map_Interfaces.html, search AddressRangeACPI.
> [3] https://uefi.org/specs/UEFI/2.10/07_Services_Boot_Services.html, search EfiACPIReclaimMemory.
>
> However, in the description, you mentioned "The SEV-SNP Confidential Computing blob contains metadata that should remain accessible for the life of the guest."
> That requirement conflicts with the definition of ACPIReclaim memory.
>
> I would like to suggest either of below, to meet the need "that should remain accessible for the life of the guest."
> a) EfiACPIMemoryNVS in UEFI, also known as AddressRangeNVS in ACPI (or)
> b) EfiReservedMemoryType in UEFI, also knowns as AddressRangeReserved in ACPI.
>
> Please double confirm that.
>

If EfiACPIMemoryNVS is considered more appropriate, I don't have any
issues with that.

But the patch is correct in the sense that it should not use
statically allocated objects. And EfiRuntimeServicesData should be
avoided as well (athough it is often used for cases like this) as it
will end up getting mapped into the firmware page tables for no
reason.

EfiReservedMemory is not suitable for this - Linux on ARM must omit
this from all its mappings of system memory, because the OS does not
know *why* it is reserved and with which attributes it is being
mapped, and the architecture does not tolerate duplicate mappings with
mismatched attributes.

The semantics of EfiAcpiReclaimMemory are also suitable for cases
where the contents of the region is only relevant to the OS, and not
to the firmware itself, and it is really up to the OS to decided
whether or not it will reclaim the region in question. So for passing
tables in memory that are similar in purpose to ACPI tables (i.e.,
describe the platform to the OS), EfiAcpiReclaimMemory is suitable
imho.

next prev parent reply	other threads:[~2023-01-07 16:52 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-21 16:06 [PATCH 0/4] Fixes for SEV-SNP CC blob and CPUID table handling Roth, Michael
2022-12-21 16:06 ` [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory Roth, Michael
2022-12-21 16:48   ` Lendacky, Thomas
2022-12-21 21:26   ` Dov Murik
2023-01-06  9:18   ` [edk2-devel] " Yao, Jiewen
2023-01-06 20:25     ` Dov Murik
2023-01-07  2:01       ` Yao, Jiewen
2023-01-07 16:52         ` Ard Biesheuvel [this message]
2023-01-12 10:15           ` Yao, Jiewen
2022-12-21 16:06 ` [PATCH 2/4] OvmfPkg/AmdSevDxe: Update ConfidentialComputing blob struct definition Roth, Michael
2023-01-06  9:14   ` [edk2-devel] " Yao, Jiewen
2022-12-21 16:06 ` [PATCH 3/4] OvmfPkg/CcExitLib: Fix SEV-SNP XSave area size calculation Roth, Michael
2022-12-21 16:52   ` Lendacky, Thomas
2023-01-06  8:53   ` [edk2-devel] " Yao, Jiewen
2022-12-21 16:06 ` [PATCH 4/4] OvmfPkg/CcExitLib: Use documented XSave area base size for SEV-SNP Roth, Michael
2022-12-21 16:59   ` Lendacky, Thomas
2023-01-06  8:53   ` [edk2-devel] " Yao, Jiewen
2022-12-21 17:41 ` [PATCH 0/4] Fixes for SEV-SNP CC blob and CPUID table handling Roth, Michael
2023-01-18  3:57   ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMj1kXE+i2E75HCRH5phxJ5ioMotnRJNiWVR_OpZp53r8pMAnw@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox