From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web08.10400.1664383061060012657
 for <devel@edk2.groups.io>;
 Wed, 28 Sep 2022 09:37:41 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kGxhTheH;
 spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 622D2B820D1
	for <devel@edk2.groups.io>; Wed, 28 Sep 2022 16:37:38 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2532CC433C1
	for <devel@edk2.groups.io>; Wed, 28 Sep 2022 16:37:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1664383057;
	bh=oBO/DRHhFQOOm2oLy57MzJjUb+jdm+QoKreSicO8GX8=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=kGxhTheHnKMOAtwZrgPTDhpOzitevRn/4wDAtgir5V9yXBS1/m2c9ImOzr0a/9XMO
	 NU/SWqHsIcXjhjmbUJQh5NfwdN3ayeJnko3lSbS8v/MLgvusAvrirtRVThjEAh2jle
	 /ToBaU5IMY+E68/vG24/Imo839vYK830Uc9ZAbldku6QV+CZHScI7ZBhOBPoirsc5P
	 u6xlrHfjXQ+bK3INXPIBdObwKQI0t/zKk+Nhy3/vWaQLcKQrtTAmjpfEn64kmEmMnM
	 Lh4JxubMJ8609Hk/Wi5Lmo/MDheCtIlXSOVIh57qAqWSYfROq298kPoDJfZhY3NUSE
	 XCqMDV+kcW9BQ==
Received: by mail-lf1-f49.google.com with SMTP id d42so21308875lfv.0
        for <devel@edk2.groups.io>; Wed, 28 Sep 2022 09:37:37 -0700 (PDT)
X-Gm-Message-State: ACrzQf3YUgKtz3w/fQD+2rtuFfw4QAoLLgI+7/B+vbDbCSCgwbR+z15G
	7dT1CFEZ/AV4jidNGmP14jRZ2LdXnEzqpnFQ36g=
X-Google-Smtp-Source: AMsMyM7uYDyLX2BdLM5KbqfxOt8uHOIZREeV6qt/P8hUWZIX04WrK6A8jxsvF+J+A0bCgsKuHX1ORvy23aZoXDs0PYM=
X-Received: by 2002:a05:6512:261b:b0:4a1:abd7:3129 with SMTP id
 bt27-20020a056512261b00b004a1abd73129mr9789249lfb.637.1664383055152; Wed, 28
 Sep 2022 09:37:35 -0700 (PDT)
MIME-Version: 1.0
References: <20220928153323.2583389-1-dionnaglaze@google.com> <20220928153323.2583389-4-dionnaglaze@google.com>
In-Reply-To: <20220928153323.2583389-4-dionnaglaze@google.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Wed, 28 Sep 2022 18:37:23 +0200
X-Gmail-Original-Message-ID: <CAMj1kXHbJueZkL32XcZt8TWPXcPnBvnkHKY+1cVnCtY-mgfV6Q@mail.gmail.com>
Message-ID: <CAMj1kXHbJueZkL32XcZt8TWPXcPnBvnkHKY+1cVnCtY-mgfV6Q@mail.gmail.com>
Subject: Re: [PATCH v4 3/6] OvmfPkg: set PcdEnableUnacceptedMemory to FALSE
To: Dionna Glaze <dionnaglaze@google.com>
Cc: devel@edk2.groups.io, Gerd Hoffmann <kraxel@redhat.com>, 
	James Bottomley <jejb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>
Content-Type: text/plain; charset="UTF-8"

On Wed, 28 Sept 2022 at 17:33, Dionna Glaze <dionnaglaze@google.com> wrote:
>
> The default value of PcdEnableUnacceptedMemory should be FALSE in order
> for default safe behavior. If the next started image does not yet
> understand UEFI v2.9's new memory type, then it's stuck with most of its
> memory inaccessible.
>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Ard Biesheuvel <ardb@kernel.org>
>
> Signed-off-by: Dionna Glaze <dionnaglaze@google.com>

Generally, we tend to rely on the DEC default for new PCDs if we're
not deviating from it.
If there is no specific reason to deviate from this here, I think we
can drop this patch.

Or is this also needed to declare them as the right type? In that
case, I think you can drop the hunks that touch non-CC platforms.




> ---
>  OvmfPkg/AmdSev/AmdSevX64.dsc     | 1 +
>  OvmfPkg/Bhyve/BhyveX64.dsc       | 2 ++
>  OvmfPkg/CloudHv/CloudHvX64.dsc   | 2 ++
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 ++
>  OvmfPkg/OvmfPkgIa32X64.dsc       | 2 ++
>  OvmfPkg/OvmfPkgX64.dsc           | 2 ++
>  OvmfPkg/OvmfXen.dsc              | 2 ++
>  7 files changed, 13 insertions(+)
>
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index 90e8a213ef..23086748c5 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -526,6 +526,7 @@
>
>    # Set ConfidentialComputing defaults
>    gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
>
>  !include OvmfPkg/OvmfTpmPcds.dsc.inc
>
> diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
> index 475b88b21a..004be8b019 100644
> --- a/OvmfPkg/Bhyve/BhyveX64.dsc
> +++ b/OvmfPkg/Bhyve/BhyveX64.dsc
> @@ -559,6 +559,8 @@
>    # Set Tdx shared bit mask
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
>
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
> +
>    gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
>
>    # MdeModulePkg resolution sets up the system display resolution
> diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
> index 10b16104ac..41f43a2631 100644
> --- a/OvmfPkg/CloudHv/CloudHvX64.dsc
> +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
> @@ -618,6 +618,8 @@
>    # Set Tdx shared bit mask
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
>
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
> +
>    # Set SEV-ES defaults
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
> diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> index c0c1a15b09..55b6a2a845 100644
> --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> @@ -514,6 +514,8 @@
>    # Set Tdx shared bit mask
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
>
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
> +
>    # Set SEV-ES defaults
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index af566b953f..aebe1c3192 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -655,6 +655,8 @@
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
>
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
> +
>    # Set SEV-ES defaults
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index f39d9cd117..6e4418388e 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -679,6 +679,8 @@
>    # Set Tdx shared bit mask
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
>
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
> +
>    # Set SEV-ES defaults
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
>    gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
> diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
> index 58a7c97cdd..0f57e22a2b 100644
> --- a/OvmfPkg/OvmfXen.dsc
> +++ b/OvmfPkg/OvmfXen.dsc
> @@ -505,6 +505,8 @@
>    # Set Tdx shared bit mask
>    gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
>
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
> +
>    gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
>
>  ################################################################################
> --
> 2.37.3.998.g577e59143f-goog
>