From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.12506.1674040092902013648
 for <devel@edk2.groups.io>;
 Wed, 18 Jan 2023 03:08:13 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UkUyt3mz;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 1096661786
	for <devel@edk2.groups.io>; Wed, 18 Jan 2023 11:08:12 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id F289CC4339B
	for <devel@edk2.groups.io>; Wed, 18 Jan 2023 11:08:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1674040091;
	bh=8rLkLwuvo2tE9FpGWqHW3+Swd+OESYNos6eXVbBQw1s=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=UkUyt3mzgCX2hqfSZPLAxYuVH1ZDHxWGq09G9UttWcZFCHP8PeeGfw+aZzlEsApJP
	 SSjw+wl6gkpiP8N8TXTi4HaISG5STuXUveHU5gOEYM5kGpXiN6eH/MDPXNQlpByqZh
	 XI7Mxavbe+Gzk87hysi6I/ex7n9JS3CjPx/cdtbs4XNNFmlU4zLFIl3QPLyw3PWL7v
	 tzY/EN+3AUwf3pjxK0CWGEDg04vIU/m1kq3EHZiBTGosgcqF23nMiLkrNYOgYEVBv/
	 Rq+TsQ++K0xIJuVVUMPNCQkwL9EAaYQbsLZZv+VXGnGWxZPC5Fi2t2zLpZC9lOJijm
	 sHzAsADOQfwVA==
Received: by mail-lf1-f43.google.com with SMTP id m6so51178955lfj.11
        for <devel@edk2.groups.io>; Wed, 18 Jan 2023 03:08:10 -0800 (PST)
X-Gm-Message-State: AFqh2koUaTuAVIYLIiiBzkrQ+/HIHkqteA4pfMMJx6e0rU1joZfICIeg
	nj1kD7iH85/Oy6v/5KpS5y8IEvz2t9WaMOolK34=
X-Google-Smtp-Source: AMrXdXt+BS5fQJd02D3bXfaw3Wj8fu17NtFLa80fe2zXgPn5hTLzny2U2TUBx1xGUbkU5+5wDsGPNHN6zbwl6+hhpGg=
X-Received: by 2002:a05:6512:118a:b0:4cc:9d69:4703 with SMTP id
 g10-20020a056512118a00b004cc9d694703mr652361lfr.110.1674040088889; Wed, 18
 Jan 2023 03:08:08 -0800 (PST)
MIME-Version: 1.0
References: <20230116233158.1268-1-min.m.xu@intel.com> <20230117105823.tkasxyjfjxku6wsz@sirius.home.kraxel.org>
 <MW4PR11MB5872B751AFFEE6D0B78B65DD8CC79@MW4PR11MB5872.namprd11.prod.outlook.com>
In-Reply-To: <MW4PR11MB5872B751AFFEE6D0B78B65DD8CC79@MW4PR11MB5872.namprd11.prod.outlook.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Wed, 18 Jan 2023 12:07:56 +0100
X-Gmail-Original-Message-ID: <CAMj1kXHEccgHVmHka86S4F-3OWuPnsGK08N3kRf8m-tsoaL6gg@mail.gmail.com>
Message-ID: <CAMj1kXHEccgHVmHka86S4F-3OWuPnsGK08N3kRf8m-tsoaL6gg@mail.gmail.com>
Subject: Re: [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx
To: "Yao, Jiewen" <jiewen.yao@intel.com>, "Xu, Min M" <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>, 
	Leif Lindholm <quic_llindhol@quicinc.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Abner Chang <abner.chang@amd.com>, Daniel Schaefer <git@danielschaefer.me>, 
	"Aktas, Erdem" <erdemaktas@google.com>, James Bottomley <jejb@linux.ibm.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

This series has broken the ArmVirtQemuKernel build (see below).

Please fix or revert.



<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/ArmVirt=
Pkg/PrePi/PrePi.c>:
In function =E2=80=98RelocatePeCoffImage=E2=80=99:
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/ArmVirt=
Pkg/PrePi/PrePi.c>:158:12:
error: too few arguments to function =E2=80=98FfsFindSectionData=E2=80=99
  158 |   Status =3D FfsFindSectionData (EFI_SECTION_PE32, FileHandle,
&SectionData);
      |            ^~~~~~~~~~~~~~~~~~
In file included from
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/ArmVirt=
Pkg/PrePi/PrePi.c>:13:
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/Embedde=
dPkg/Include/Library/PrePiLib.h>:81:1:
note: declared here
   81 | FfsFindSectionData (
      | ^~~~~~~~~~~~~~~~~~
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/ArmVirt=
Pkg/PrePi/PrePi.c>:160:14:
error: too few arguments to function =E2=80=98FfsFindSectionData=E2=80=99
  160 |     Status =3D FfsFindSectionData (EFI_SECTION_TE, FileHandle,
&SectionData);
      |              ^~~~~~~~~~~~~~~~~~
In file included from
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/ArmVirt=
Pkg/PrePi/PrePi.c>:13:
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/Embedde=
dPkg/Include/Library/PrePiLib.h>:81:1:
note: declared here
   81 | FfsFindSectionData (
      | ^~~~~~~~~~~~~~~~~~
make: *** [GNUmakefile:397:
<https://ci.linaro.org/job/leg-virt-tianocore-edk2-upstream/ws/edk2/Build/A=
rmVirtQemuKernel-AARCH64/DEBUG_GCC5/AARCH64/ArmVirtPkg/PrePi/ArmVirtPrePiUn=
iCoreRelocatable/OUTPUT/PrePi.obj]>
Error 1

On Wed, 18 Jan 2023 at 04:05, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>
> Merged https://github.com/tianocore/edk2/pull/3916
>
> > -----Original Message-----
> > From: Gerd Hoffmann <kraxel@redhat.com>
> > Sent: Tuesday, January 17, 2023 6:58 PM
> > To: Xu, Min M <min.m.xu@intel.com>
> > Cc: devel@edk2.groups.io; Leif Lindholm <quic_llindhol@quicinc.com>; Ar=
d
> > Biesheuvel <ardb+tianocore@kernel.org>; Abner Chang
> > <abner.chang@amd.com>; Daniel Schaefer <git@danielschaefer.me>; Aktas,
> > Erdem <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>;
> > Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky
> > <thomas.lendacky@amd.com>
> > Subject: Re: [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx
> >
> > On Tue, Jan 17, 2023 at 07:31:54AM +0800, Min Xu wrote:
> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4152
> > >
> > > In current DXE FV there are 100+ drivers. Some of the drivers are not
> > > used in Td guest. (Such as USB support drivers, network related
> > > drivers, etc).
> > >
> > > From the security perspective if a driver is not used, we should prev=
ent
> > > it from being loaded/started. There are 2 benefits:
> > > 1. Reduce the attack surface
> > > 2. Improve the boot performance
> > >
> > > So we introduce Separate-Fv which separates DXEFV into 2 FVs: DXEFV
> > > and NCCFV. All the drivers which are not needed by a Confidential
> > > Computing guest are moved from DXEFV to NCCFV.
> > >
> > > When booting a CC guest only the drivers in DXEFV will be loaded and
> > > started. For a Non-CC guest both DXEFV and NCCFV drivers will be
> > > loaded and started.
> > >
> > > Patch#1 updates EmbeddedPkg/PrePiLib with FFS_CHECK_SECTION_HOOK.
> > > Patch#2 adds PCDs/GUID for NCCFV.
> > > Patch#3 moves cc-unused drivers to NCCFV.
> > > Patch#4 update PeilessStartupLib to find NCCFV for non-cc guest.
> >
> > series:
> > Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> >
> > take care,
> >   Gerd
>