From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B26D8D806DA for ; Wed, 24 Apr 2024 17:05:20 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=wbhcWWdJ/AOgT9x6IT9w93N+jLoDf9Gqxi85/lhh+RM=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1713978319; v=1; b=cjAZUgjCeM91Qmk95zPt42MQd1PDHWsVCONFo4PbdpUVkGVCebrYYhy+vwumIV81AhDACwZQ pObAIdho9BrjmpqqtCrp2H/Ai+EZ40VEyMY94TFJd0M2xZjaKEUNkpfFV2NKWztmXd225rrQQKB 7W8nVTbjh+hZ60v/GAYtJckMaDOYFxEcXVw3fneUWbAu6MMDBp3s9ZK5Kh0V0ArDvxAQrOg8+J4 y3ejYopgRFMi4h4taVFZyR3yOv2yi55qPNTk1x7HDkcCtq46+zot3ggkPxLOiOQQ2oyf5WWmiRa a/xpH1xgcFU4W8/DNmmIcZ4wC3O57t6BzEM0GB6RYNHig== X-Received: by 127.0.0.2 with SMTP id UvQ7YY7687511xdIWVPI3JlM; Wed, 24 Apr 2024 10:05:19 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.2096.1713978318328290447 for ; Wed, 24 Apr 2024 10:05:18 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id C7C1F61A30 for ; Wed, 24 Apr 2024 17:05:17 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 70F80C2BD10 for ; Wed, 24 Apr 2024 17:05:17 +0000 (UTC) X-Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-516d264d0e4so1060336e87.0 for ; Wed, 24 Apr 2024 10:05:17 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVw1WQB2SjtEWXZ6srroTGoK/xbK88oV440QFR9UL6afETPuqFcLxUb7yx/wRDmWGDjyhpXoesqElLQAQEJ/AC+yeZk+w== X-Gm-Message-State: hiY5dlMiZc6drv3BDV8Pvy1ix7686176AA= X-Google-Smtp-Source: AGHT+IGzdd4mElpJyU8/Y/16THnmvVVoGxesOvOjb48OSOBMooMKh4tPjX5iOQnxtnG6Fok6k/8sD59TJ4ogmanRKZA= X-Received: by 2002:a19:e04b:0:b0:513:e29d:6840 with SMTP id g11-20020a19e04b000000b00513e29d6840mr92243lfj.15.1713978315843; Wed, 24 Apr 2024 10:05:15 -0700 (PDT) MIME-Version: 1.0 References: <20240424060029.1330637-1-kraxel@redhat.com> In-Reply-To: From: "Ard Biesheuvel" Date: Wed, 24 Apr 2024 19:05:04 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests To: "Yao, Jiewen" Cc: Gerd Hoffmann , "devel@edk2.groups.io" , Oliver Steffen , Ard Biesheuvel , Srikanth Aithal Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 24 Apr 2024 10:05:18 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=cjAZUgjC; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen wrote: > > Thanks Ard. > > I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours ago. > But it seems the CI stops working... > OK, I have dropped my PR. > > > > -----Original Message----- > > From: Ard Biesheuvel > > Sent: Thursday, April 25, 2024 12:27 AM > > To: Yao, Jiewen > > Cc: Gerd Hoffmann ; devel@edk2.groups.io; Oliver Steffen > > ; Ard Biesheuvel ; Srikanth > > Aithal > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in > > confidential guests > > > > On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen wrote: > > > > > > Reviewed-by: Jiewen Yao > > > > > > > Thanks, I've queued this up. > > > > > > > > -----Original Message----- > > > > From: Gerd Hoffmann > > > > Sent: Wednesday, April 24, 2024 2:00 PM > > > > To: devel@edk2.groups.io > > > > Cc: Oliver Steffen ; Gerd Hoffmann > > > > ; Ard Biesheuvel ; Yao, > > Jiewen > > > > ; Srikanth Aithal > > > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in > > confidential > > > > guests > > > > > > > > The VirtHstiDxe does not work in confidential guests. There also isn't > > > > anything we can reasonably test, neither flash storage nor SMM mode will > > > > be used in that case. So just skip driver load when running in a > > > > confidential guest. > > > > > > > > Cc: Ard Biesheuvel > > > > Cc: Jiewen Yao > > > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check") > > > > Signed-off-by: Gerd Hoffmann > > > > Tested-by: Srikanth Aithal > > > > --- > > > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + > > > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ > > > > 2 files changed, 7 insertions(+) > > > > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > index 9514933011e8..b5c237288766 100644 > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > @@ -49,6 +49,7 @@ [FeaturePcd] > > > > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > > > > > > > > [Pcd] > > > > + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr > > > > gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase > > > > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase > > > > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > index b6e53a1219d1..efaff0d1f3cb 100644 > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #include > > > > #include > > > > #include > > > > +#include > > > > #include > > > > > > > > #include > > > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( > > > > EFI_STATUS Status; > > > > EFI_EVENT Event; > > > > > > > > + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { > > > > + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__)); > > > > + return EFI_UNSUPPORTED; > > > > + } > > > > + > > > > DevId = VirtHstiGetHostBridgeDevId (); > > > > switch (DevId) { > > > > case INTEL_82441_DEVICE_ID: > > > > -- > > > > 2.44.0 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118225): https://edk2.groups.io/g/devel/message/118225 Mute This Topic: https://groups.io/mt/105705705/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-