[edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

* [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
@ 2024-04-24  6:00 Gerd Hoffmann
  2024-04-24  6:45 ` Yao, Jiewen
  0 siblings, 1 reply; 10+ messages in thread
From: Gerd Hoffmann @ 2024-04-24  6:00 UTC (permalink / raw)
  To: devel
  Cc: Oliver Steffen, Gerd Hoffmann, Ard Biesheuvel, Jiewen Yao,
	Srikanth Aithal

The VirtHstiDxe does not work in confidential guests.  There also isn't
anything we can reasonably test, neither flash storage nor SMM mode will
be used in that case.  So just skip driver load when running in a
confidential guest.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Srikanth Aithal <sraithal@amd.com>
---
 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
index 9514933011e8..b5c237288766 100644
--- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
@@ -49,6 +49,7 @@ [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
 
 [Pcd]
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
   gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
 
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
index b6e53a1219d1..efaff0d1f3cb 100644
--- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiLib.h>
+#include <Library/PcdLib.h>
 #include <Library/PlatformInitLib.h>
 
 #include <IndustryStandard/Hsti.h>
@@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
   EFI_STATUS                           Status;
   EFI_EVENT                            Event;
 
+  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
+    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
+    return EFI_UNSUPPORTED;
+  }
+
   DevId = VirtHstiGetHostBridgeDevId ();
   switch (DevId) {
     case INTEL_82441_DEVICE_ID:
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118181): https://edk2.groups.io/g/devel/message/118181
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24  6:00 [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Gerd Hoffmann
@ 2024-04-24  6:45 ` Yao, Jiewen
  2024-04-24 16:26   ` Ard Biesheuvel
  0 siblings, 1 reply; 10+ messages in thread
From: Yao, Jiewen @ 2024-04-24  6:45 UTC (permalink / raw)
  To: Gerd Hoffmann, devel@edk2.groups.io
  Cc: Oliver Steffen, Ard Biesheuvel, Srikanth Aithal

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Wednesday, April 24, 2024 2:00 PM
> To: devel@edk2.groups.io
> Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> <kraxel@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao, Jiewen
> <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential
> guests
> 
> The VirtHstiDxe does not work in confidential guests.  There also isn't
> anything we can reasonably test, neither flash storage nor SMM mode will
> be used in that case.  So just skip driver load when running in a
> confidential guest.
> 
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> Tested-by: Srikanth Aithal <sraithal@amd.com>
> ---
>  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
>  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
>  2 files changed, 7 insertions(+)
> 
> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> index 9514933011e8..b5c237288766 100644
> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> @@ -49,6 +49,7 @@ [FeaturePcd]
>    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> 
>  [Pcd]
> +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
>    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
>    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> 
> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> index b6e53a1219d1..efaff0d1f3cb 100644
> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include <Library/MemoryAllocationLib.h>
>  #include <Library/UefiBootServicesTableLib.h>
>  #include <Library/UefiLib.h>
> +#include <Library/PcdLib.h>
>  #include <Library/PlatformInitLib.h>
> 
>  #include <IndustryStandard/Hsti.h>
> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
>    EFI_STATUS                           Status;
>    EFI_EVENT                            Event;
> 
> +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
> +    return EFI_UNSUPPORTED;
> +  }
> +
>    DevId = VirtHstiGetHostBridgeDevId ();
>    switch (DevId) {
>      case INTEL_82441_DEVICE_ID:
> --
> 2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118182): https://edk2.groups.io/g/devel/message/118182
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24  6:45 ` Yao, Jiewen
@ 2024-04-24 16:26   ` Ard Biesheuvel
  2024-04-24 16:36     ` Yao, Jiewen
  0 siblings, 1 reply; 10+ messages in thread
From: Ard Biesheuvel @ 2024-04-24 16:26 UTC (permalink / raw)
  To: Yao, Jiewen
  Cc: Gerd Hoffmann, devel@edk2.groups.io, Oliver Steffen,
	Ard Biesheuvel, Srikanth Aithal

On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>

Thanks, I've queued this up.


> > -----Original Message-----
> > From: Gerd Hoffmann <kraxel@redhat.com>
> > Sent: Wednesday, April 24, 2024 2:00 PM
> > To: devel@edk2.groups.io
> > Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> > <kraxel@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential
> > guests
> >
> > The VirtHstiDxe does not work in confidential guests.  There also isn't
> > anything we can reasonably test, neither flash storage nor SMM mode will
> > be used in that case.  So just skip driver load when running in a
> > confidential guest.
> >
> > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > Tested-by: Srikanth Aithal <sraithal@amd.com>
> > ---
> >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> >  2 files changed, 7 insertions(+)
> >
> > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > index 9514933011e8..b5c237288766 100644
> > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > @@ -49,6 +49,7 @@ [FeaturePcd]
> >    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> >
> >  [Pcd]
> > +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> >    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> >    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> >
> > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > index b6e53a1219d1..efaff0d1f3cb 100644
> > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >  #include <Library/MemoryAllocationLib.h>
> >  #include <Library/UefiBootServicesTableLib.h>
> >  #include <Library/UefiLib.h>
> > +#include <Library/PcdLib.h>
> >  #include <Library/PlatformInitLib.h>
> >
> >  #include <IndustryStandard/Hsti.h>
> > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> >    EFI_STATUS                           Status;
> >    EFI_EVENT                            Event;
> >
> > +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> > +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
> > +    return EFI_UNSUPPORTED;
> > +  }
> > +
> >    DevId = VirtHstiGetHostBridgeDevId ();
> >    switch (DevId) {
> >      case INTEL_82441_DEVICE_ID:
> > --
> > 2.44.0
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118220): https://edk2.groups.io/g/devel/message/118220
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 16:26   ` Ard Biesheuvel
@ 2024-04-24 16:36     ` Yao, Jiewen
  2024-04-24 17:05       ` Ard Biesheuvel
  0 siblings, 1 reply; 10+ messages in thread
From: Yao, Jiewen @ 2024-04-24 16:36 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Gerd Hoffmann, devel@edk2.groups.io, Oliver Steffen,
	Ard Biesheuvel, Srikanth Aithal

Thanks Ard.

I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours ago.
But it seems the CI stops working...



> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Thursday, April 25, 2024 12:27 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver Steffen
> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Srikanth
> Aithal <sraithal@amd.com>
> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> confidential guests
> 
> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> >
> > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> >
> 
> Thanks, I've queued this up.
> 
> 
> > > -----Original Message-----
> > > From: Gerd Hoffmann <kraxel@redhat.com>
> > > Sent: Wednesday, April 24, 2024 2:00 PM
> > > To: devel@edk2.groups.io
> > > Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> > > <kraxel@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao,
> Jiewen
> > > <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> confidential
> > > guests
> > >
> > > The VirtHstiDxe does not work in confidential guests.  There also isn't
> > > anything we can reasonably test, neither flash storage nor SMM mode will
> > > be used in that case.  So just skip driver load when running in a
> > > confidential guest.
> > >
> > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
> > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > Tested-by: Srikanth Aithal <sraithal@amd.com>
> > > ---
> > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> > >  2 files changed, 7 insertions(+)
> > >
> > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > index 9514933011e8..b5c237288766 100644
> > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > @@ -49,6 +49,7 @@ [FeaturePcd]
> > >    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > >
> > >  [Pcd]
> > > +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> > >    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> > >    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> > >
> > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > index b6e53a1219d1..efaff0d1f3cb 100644
> > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #include <Library/MemoryAllocationLib.h>
> > >  #include <Library/UefiBootServicesTableLib.h>
> > >  #include <Library/UefiLib.h>
> > > +#include <Library/PcdLib.h>
> > >  #include <Library/PlatformInitLib.h>
> > >
> > >  #include <IndustryStandard/Hsti.h>
> > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> > >    EFI_STATUS                           Status;
> > >    EFI_EVENT                            Event;
> > >
> > > +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> > > +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
> > > +    return EFI_UNSUPPORTED;
> > > +  }
> > > +
> > >    DevId = VirtHstiGetHostBridgeDevId ();
> > >    switch (DevId) {
> > >      case INTEL_82441_DEVICE_ID:
> > > --
> > > 2.44.0
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118222): https://edk2.groups.io/g/devel/message/118222
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 16:36     ` Yao, Jiewen
@ 2024-04-24 17:05       ` Ard Biesheuvel
  2024-04-24 22:56         ` Yao, Jiewen
  0 siblings, 1 reply; 10+ messages in thread
From: Ard Biesheuvel @ 2024-04-24 17:05 UTC (permalink / raw)
  To: Yao, Jiewen
  Cc: Gerd Hoffmann, devel@edk2.groups.io, Oliver Steffen,
	Ard Biesheuvel, Srikanth Aithal

On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Thanks Ard.
>
> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours ago.
> But it seems the CI stops working...
>

OK, I have dropped my PR.



>
>
> > -----Original Message-----
> > From: Ard Biesheuvel <ardb@kernel.org>
> > Sent: Thursday, April 25, 2024 12:27 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver Steffen
> > <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Srikanth
> > Aithal <sraithal@amd.com>
> > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > confidential guests
> >
> > On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> > >
> > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> > >
> >
> > Thanks, I've queued this up.
> >
> >
> > > > -----Original Message-----
> > > > From: Gerd Hoffmann <kraxel@redhat.com>
> > > > Sent: Wednesday, April 24, 2024 2:00 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> > > > <kraxel@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao,
> > Jiewen
> > > > <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> > > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > confidential
> > > > guests
> > > >
> > > > The VirtHstiDxe does not work in confidential guests.  There also isn't
> > > > anything we can reasonably test, neither flash storage nor SMM mode will
> > > > be used in that case.  So just skip driver load when running in a
> > > > confidential guest.
> > > >
> > > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
> > > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > > Tested-by: Srikanth Aithal <sraithal@amd.com>
> > > > ---
> > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> > > >  2 files changed, 7 insertions(+)
> > > >
> > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > index 9514933011e8..b5c237288766 100644
> > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > @@ -49,6 +49,7 @@ [FeaturePcd]
> > > >    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > > >
> > > >  [Pcd]
> > > > +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> > > >    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> > > >    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> > > >
> > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > index b6e53a1219d1..efaff0d1f3cb 100644
> > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > > >  #include <Library/MemoryAllocationLib.h>
> > > >  #include <Library/UefiBootServicesTableLib.h>
> > > >  #include <Library/UefiLib.h>
> > > > +#include <Library/PcdLib.h>
> > > >  #include <Library/PlatformInitLib.h>
> > > >
> > > >  #include <IndustryStandard/Hsti.h>
> > > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> > > >    EFI_STATUS                           Status;
> > > >    EFI_EVENT                            Event;
> > > >
> > > > +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> > > > +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
> > > > +    return EFI_UNSUPPORTED;
> > > > +  }
> > > > +
> > > >    DevId = VirtHstiGetHostBridgeDevId ();
> > > >    switch (DevId) {
> > > >      case INTEL_82441_DEVICE_ID:
> > > > --
> > > > 2.44.0
> > >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118225): https://edk2.groups.io/g/devel/message/118225
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 17:05       ` Ard Biesheuvel
@ 2024-04-24 22:56         ` Yao, Jiewen
  2024-04-24 23:01           ` Michael D Kinney
  0 siblings, 1 reply; 10+ messages in thread
From: Yao, Jiewen @ 2024-04-24 22:56 UTC (permalink / raw)
  To: devel@edk2.groups.io, Kinney, Michael D, Sean Brogan
  Cc: Gerd Hoffmann, Ard Biesheuvel, Oliver Steffen, Ard Biesheuvel,
	Srikanth Aithal

Hi Mike/Sean
Can someone look at the EDKII CI?

My PR has been blocked for 9 hours - https://github.com/tianocore/edk2/pull/5595.

Thank you
Yao, Jiewen


> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Thursday, April 25, 2024 1:05 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver Steffen
> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Srikanth
> Aithal <sraithal@amd.com>
> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> confidential guests
> 
> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> >
> > Thanks Ard.
> >
> > I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours ago.
> > But it seems the CI stops working...
> >
> 
> OK, I have dropped my PR.
> 
> 
> 
> >
> >
> > > -----Original Message-----
> > > From: Ard Biesheuvel <ardb@kernel.org>
> > > Sent: Thursday, April 25, 2024 12:27 AM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>
> > > Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
> Steffen
> > > <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Srikanth
> > > Aithal <sraithal@amd.com>
> > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > > confidential guests
> > >
> > > On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> > > >
> > > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> > > >
> > >
> > > Thanks, I've queued this up.
> > >
> > >
> > > > > -----Original Message-----
> > > > > From: Gerd Hoffmann <kraxel@redhat.com>
> > > > > Sent: Wednesday, April 24, 2024 2:00 PM
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> > > > > <kraxel@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao,
> > > Jiewen
> > > > > <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> > > > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > > confidential
> > > > > guests
> > > > >
> > > > > The VirtHstiDxe does not work in confidential guests.  There also isn't
> > > > > anything we can reasonably test, neither flash storage nor SMM mode will
> > > > > be used in that case.  So just skip driver load when running in a
> > > > > confidential guest.
> > > > >
> > > > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check")
> > > > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > > > Tested-by: Srikanth Aithal <sraithal@amd.com>
> > > > > ---
> > > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> > > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> > > > >  2 files changed, 7 insertions(+)
> > > > >
> > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > index 9514933011e8..b5c237288766 100644
> > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > @@ -49,6 +49,7 @@ [FeaturePcd]
> > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > > > >
> > > > >  [Pcd]
> > > > > +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> > > > >
> > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > index b6e53a1219d1..efaff0d1f3cb 100644
> > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > >  #include <Library/MemoryAllocationLib.h>
> > > > >  #include <Library/UefiBootServicesTableLib.h>
> > > > >  #include <Library/UefiLib.h>
> > > > > +#include <Library/PcdLib.h>
> > > > >  #include <Library/PlatformInitLib.h>
> > > > >
> > > > >  #include <IndustryStandard/Hsti.h>
> > > > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> > > > >    EFI_STATUS                           Status;
> > > > >    EFI_EVENT                            Event;
> > > > >
> > > > > +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> > > > > +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
> > > > > +    return EFI_UNSUPPORTED;
> > > > > +  }
> > > > > +
> > > > >    DevId = VirtHstiGetHostBridgeDevId ();
> > > > >    switch (DevId) {
> > > > >      case INTEL_82441_DEVICE_ID:
> > > > > --
> > > > > 2.44.0
> > > >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118237): https://edk2.groups.io/g/devel/message/118237
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 22:56         ` Yao, Jiewen
@ 2024-04-24 23:01           ` Michael D Kinney
  2024-04-24 23:08             ` Yao, Jiewen
  0 siblings, 1 reply; 10+ messages in thread
From: Michael D Kinney @ 2024-04-24 23:01 UTC (permalink / raw)
  To: Yao, Jiewen, devel@edk2.groups.io, Sean Brogan, Michael Kubacki
  Cc: Gerd Hoffmann, Ard Biesheuvel, Oliver Steffen, Ard Biesheuvel,
	Srikanth Aithal, Kinney, Michael D

Hi Jiewen,

Michael Kubacki has been working on a CI issue and a change is being merged now.

Mike

> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Wednesday, April 24, 2024 3:57 PM
> To: devel@edk2.groups.io; Kinney, Michael D
> <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> confidential guests
> 
> Hi Mike/Sean
> Can someone look at the EDKII CI?
> 
> My PR has been blocked for 9 hours -
> https://github.com/tianocore/edk2/pull/5595.
> 
> Thank you
> Yao, Jiewen
> 
> 
> > -----Original Message-----
> > From: Ard Biesheuvel <ardb@kernel.org>
> > Sent: Thursday, April 25, 2024 1:05 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
> Steffen
> > <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Srikanth
> > Aithal <sraithal@amd.com>
> > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > confidential guests
> >
> > On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
> wrote:
> > >
> > > Thanks Ard.
> > >
> > > I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
> ago.
> > > But it seems the CI stops working...
> > >
> >
> > OK, I have dropped my PR.
> >
> >
> >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Ard Biesheuvel <ardb@kernel.org>
> > > > Sent: Thursday, April 25, 2024 12:27 AM
> > > > To: Yao, Jiewen <jiewen.yao@intel.com>
> > > > Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
> Oliver
> > Steffen
> > > > <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> > Srikanth
> > > > Aithal <sraithal@amd.com>
> > > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> driver in
> > > > confidential guests
> > > >
> > > > On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
> wrote:
> > > > >
> > > > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> > > > >
> > > >
> > > > Thanks, I've queued this up.
> > > >
> > > >
> > > > > > -----Original Message-----
> > > > > > From: Gerd Hoffmann <kraxel@redhat.com>
> > > > > > Sent: Wednesday, April 24, 2024 2:00 PM
> > > > > > To: devel@edk2.groups.io
> > > > > > Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> > > > > > <kraxel@redhat.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Yao,
> > > > Jiewen
> > > > > > <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> > > > > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> driver in
> > > > confidential
> > > > > > guests
> > > > > >
> > > > > > The VirtHstiDxe does not work in confidential guests.  There
> also isn't
> > > > > > anything we can reasonably test, neither flash storage nor SMM
> mode will
> > > > > > be used in that case.  So just skip driver load when running
> in a
> > > > > > confidential guest.
> > > > > >
> > > > > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
> check")
> > > > > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > > > > Tested-by: Srikanth Aithal <sraithal@amd.com>
> > > > > > ---
> > > > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> > > > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> > > > > >  2 files changed, 7 insertions(+)
> > > > > >
> > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > index 9514933011e8..b5c237288766 100644
> > > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > @@ -49,6 +49,7 @@ [FeaturePcd]
> > > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > > > > >
> > > > > >  [Pcd]
> > > > > > +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> > > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> > > > > >
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> > > > > >
> > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > index b6e53a1219d1..efaff0d1f3cb 100644
> > > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > >  #include <Library/MemoryAllocationLib.h>
> > > > > >  #include <Library/UefiBootServicesTableLib.h>
> > > > > >  #include <Library/UefiLib.h>
> > > > > > +#include <Library/PcdLib.h>
> > > > > >  #include <Library/PlatformInitLib.h>
> > > > > >
> > > > > >  #include <IndustryStandard/Hsti.h>
> > > > > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> > > > > >    EFI_STATUS                           Status;
> > > > > >    EFI_EVENT                            Event;
> > > > > >
> > > > > > +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> > > > > > +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
> __func__));
> > > > > > +    return EFI_UNSUPPORTED;
> > > > > > +  }
> > > > > > +
> > > > > >    DevId = VirtHstiGetHostBridgeDevId ();
> > > > > >    switch (DevId) {
> > > > > >      case INTEL_82441_DEVICE_ID:
> > > > > > --
> > > > > > 2.44.0
> > > > >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118238): https://edk2.groups.io/g/devel/message/118238
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 23:01           ` Michael D Kinney
@ 2024-04-24 23:08             ` Yao, Jiewen
  2024-04-24 23:21               ` Michael Kubacki
  0 siblings, 1 reply; 10+ messages in thread
From: Yao, Jiewen @ 2024-04-24 23:08 UTC (permalink / raw)
  To: Kinney, Michael D, devel@edk2.groups.io, Sean Brogan,
	Michael Kubacki
  Cc: Gerd Hoffmann, Ard Biesheuvel, Oliver Steffen, Ard Biesheuvel,
	Srikanth Aithal

Ah, thank you Mike.

Should I close/re-open my PR?
Or should I keep waiting?

Thank you
Yao, Jiewen

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Thursday, April 25, 2024 7:01 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Sean Brogan
> <sean.brogan@microsoft.com>; Michael Kubacki
> <mikuback@linux.microsoft.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>
> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> confidential guests
> 
> Hi Jiewen,
> 
> Michael Kubacki has been working on a CI issue and a change is being merged
> now.
> 
> Mike
> 
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Wednesday, April 24, 2024 3:57 PM
> > To: devel@edk2.groups.io; Kinney, Michael D
> > <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> > Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> > <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
> > Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > confidential guests
> >
> > Hi Mike/Sean
> > Can someone look at the EDKII CI?
> >
> > My PR has been blocked for 9 hours -
> > https://github.com/tianocore/edk2/pull/5595.
> >
> > Thank you
> > Yao, Jiewen
> >
> >
> > > -----Original Message-----
> > > From: Ard Biesheuvel <ardb@kernel.org>
> > > Sent: Thursday, April 25, 2024 1:05 AM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>
> > > Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
> > Steffen
> > > <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> > Srikanth
> > > Aithal <sraithal@amd.com>
> > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> > > confidential guests
> > >
> > > On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
> > wrote:
> > > >
> > > > Thanks Ard.
> > > >
> > > > I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
> > ago.
> > > > But it seems the CI stops working...
> > > >
> > >
> > > OK, I have dropped my PR.
> > >
> > >
> > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Ard Biesheuvel <ardb@kernel.org>
> > > > > Sent: Thursday, April 25, 2024 12:27 AM
> > > > > To: Yao, Jiewen <jiewen.yao@intel.com>
> > > > > Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
> > Oliver
> > > Steffen
> > > > > <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> > > Srikanth
> > > > > Aithal <sraithal@amd.com>
> > > > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> > driver in
> > > > > confidential guests
> > > > >
> > > > > On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
> > wrote:
> > > > > >
> > > > > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> > > > > >
> > > > >
> > > > > Thanks, I've queued this up.
> > > > >
> > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Gerd Hoffmann <kraxel@redhat.com>
> > > > > > > Sent: Wednesday, April 24, 2024 2:00 PM
> > > > > > > To: devel@edk2.groups.io
> > > > > > > Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> > > > > > > <kraxel@redhat.com>; Ard Biesheuvel
> > <ardb+tianocore@kernel.org>; Yao,
> > > > > Jiewen
> > > > > > > <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> > > > > > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> > driver in
> > > > > confidential
> > > > > > > guests
> > > > > > >
> > > > > > > The VirtHstiDxe does not work in confidential guests.  There
> > also isn't
> > > > > > > anything we can reasonably test, neither flash storage nor SMM
> > mode will
> > > > > > > be used in that case.  So just skip driver load when running
> > in a
> > > > > > > confidential guest.
> > > > > > >
> > > > > > > Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > > > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
> > check")
> > > > > > > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > > > > > > Tested-by: Srikanth Aithal <sraithal@amd.com>
> > > > > > > ---
> > > > > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> > > > > > >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> > > > > > >  2 files changed, 7 insertions(+)
> > > > > > >
> > > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > > index 9514933011e8..b5c237288766 100644
> > > > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > > > > > > @@ -49,6 +49,7 @@ [FeaturePcd]
> > > > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > > > > > >
> > > > > > >  [Pcd]
> > > > > > > +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> > > > > > >    gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> > > > > > >
> > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> > > > > > >
> > > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > > index b6e53a1219d1..efaff0d1f3cb 100644
> > > > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > > > > > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > > > >  #include <Library/MemoryAllocationLib.h>
> > > > > > >  #include <Library/UefiBootServicesTableLib.h>
> > > > > > >  #include <Library/UefiLib.h>
> > > > > > > +#include <Library/PcdLib.h>
> > > > > > >  #include <Library/PlatformInitLib.h>
> > > > > > >
> > > > > > >  #include <IndustryStandard/Hsti.h>
> > > > > > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> > > > > > >    EFI_STATUS                           Status;
> > > > > > >    EFI_EVENT                            Event;
> > > > > > >
> > > > > > > +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> > > > > > > +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
> > __func__));
> > > > > > > +    return EFI_UNSUPPORTED;
> > > > > > > +  }
> > > > > > > +
> > > > > > >    DevId = VirtHstiGetHostBridgeDevId ();
> > > > > > >    switch (DevId) {
> > > > > > >      case INTEL_82441_DEVICE_ID:
> > > > > > > --
> > > > > > > 2.44.0
> > > > > >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118239): https://edk2.groups.io/g/devel/message/118239
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 23:08             ` Yao, Jiewen
@ 2024-04-24 23:21               ` Michael Kubacki
  2024-04-25  2:37                 ` Yao, Jiewen
  0 siblings, 1 reply; 10+ messages in thread
From: Michael Kubacki @ 2024-04-24 23:21 UTC (permalink / raw)
  To: devel, jiewen.yao, Kinney, Michael D, Sean Brogan
  Cc: Gerd Hoffmann, Ard Biesheuvel, Oliver Steffen, Ard Biesheuvel,
	Srikanth Aithal

That issue looks different in that CodeQL did not have a problem. You 
can use the same PR, just rebase with master.

It looks like that had an issue triggering pipelines from GitHub which 
might be fixed be rerunning after the push.

Thanks,
Michael

On 4/24/2024 7:08 PM, Yao, Jiewen wrote:
> Ah, thank you Mike.
> 
> Should I close/re-open my PR?
> Or should I keep waiting?
> 
> Thank you
> Yao, Jiewen
> 
>> -----Original Message-----
>> From: Kinney, Michael D <michael.d.kinney@intel.com>
>> Sent: Thursday, April 25, 2024 7:01 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Sean Brogan
>> <sean.brogan@microsoft.com>; Michael Kubacki
>> <mikuback@linux.microsoft.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>; Kinney,
>> Michael D <michael.d.kinney@intel.com>
>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>> confidential guests
>>
>> Hi Jiewen,
>>
>> Michael Kubacki has been working on a CI issue and a change is being merged
>> now.
>>
>> Mike
>>
>>> -----Original Message-----
>>> From: Yao, Jiewen <jiewen.yao@intel.com>
>>> Sent: Wednesday, April 24, 2024 3:57 PM
>>> To: devel@edk2.groups.io; Kinney, Michael D
>>> <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
>>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
>>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
>>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>>> confidential guests
>>>
>>> Hi Mike/Sean
>>> Can someone look at the EDKII CI?
>>>
>>> My PR has been blocked for 9 hours -
>>> https://github.com/tianocore/edk2/pull/5595.
>>>
>>> Thank you
>>> Yao, Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>> Sent: Thursday, April 25, 2024 1:05 AM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
>>> Steffen
>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>> Srikanth
>>>> Aithal <sraithal@amd.com>
>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>>>> confidential guests
>>>>
>>>> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
>>> wrote:
>>>>>
>>>>> Thanks Ard.
>>>>>
>>>>> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
>>> ago.
>>>>> But it seems the CI stops working...
>>>>>
>>>>
>>>> OK, I have dropped my PR.
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>>>> Sent: Thursday, April 25, 2024 12:27 AM
>>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
>>>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
>>> Oliver
>>>> Steffen
>>>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Srikanth
>>>>>> Aithal <sraithal@amd.com>
>>>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
>>> driver in
>>>>>> confidential guests
>>>>>>
>>>>>> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
>>> wrote:
>>>>>>>
>>>>>>> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>>>>>>>
>>>>>>
>>>>>> Thanks, I've queued this up.
>>>>>>
>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Gerd Hoffmann <kraxel@redhat.com>
>>>>>>>> Sent: Wednesday, April 24, 2024 2:00 PM
>>>>>>>> To: devel@edk2.groups.io
>>>>>>>> Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
>>>>>>>> <kraxel@redhat.com>; Ard Biesheuvel
>>> <ardb+tianocore@kernel.org>; Yao,
>>>>>> Jiewen
>>>>>>>> <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
>>>>>>>> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
>>> driver in
>>>>>> confidential
>>>>>>>> guests
>>>>>>>>
>>>>>>>> The VirtHstiDxe does not work in confidential guests.  There
>>> also isn't
>>>>>>>> anything we can reasonably test, neither flash storage nor SMM
>>> mode will
>>>>>>>> be used in that case.  So just skip driver load when running
>>> in a
>>>>>>>> confidential guest.
>>>>>>>>
>>>>>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>>>>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>>>>>>> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
>>> check")
>>>>>>>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>>>>>>>> Tested-by: Srikanth Aithal <sraithal@amd.com>
>>>>>>>> ---
>>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
>>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
>>>>>>>>   2 files changed, 7 insertions(+)
>>>>>>>>
>>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> index 9514933011e8..b5c237288766 100644
>>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> @@ -49,6 +49,7 @@ [FeaturePcd]
>>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
>>>>>>>>
>>>>>>>>   [Pcd]
>>>>>>>> +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
>>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
>>>>>>>>
>>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
>>>>>>>>
>>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> index b6e53a1219d1..efaff0d1f3cb 100644
>>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>>>   #include <Library/MemoryAllocationLib.h>
>>>>>>>>   #include <Library/UefiBootServicesTableLib.h>
>>>>>>>>   #include <Library/UefiLib.h>
>>>>>>>> +#include <Library/PcdLib.h>
>>>>>>>>   #include <Library/PlatformInitLib.h>
>>>>>>>>
>>>>>>>>   #include <IndustryStandard/Hsti.h>
>>>>>>>> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
>>>>>>>>     EFI_STATUS                           Status;
>>>>>>>>     EFI_EVENT                            Event;
>>>>>>>>
>>>>>>>> +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
>>>>>>>> +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
>>> __func__));
>>>>>>>> +    return EFI_UNSUPPORTED;
>>>>>>>> +  }
>>>>>>>> +
>>>>>>>>     DevId = VirtHstiGetHostBridgeDevId ();
>>>>>>>>     switch (DevId) {
>>>>>>>>       case INTEL_82441_DEVICE_ID:
>>>>>>>> --
>>>>>>>> 2.44.0
>>>>>>>
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118240): https://edk2.groups.io/g/devel/message/118240
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
  2024-04-24 23:21               ` Michael Kubacki
@ 2024-04-25  2:37                 ` Yao, Jiewen
  0 siblings, 0 replies; 10+ messages in thread
From: Yao, Jiewen @ 2024-04-25  2:37 UTC (permalink / raw)
  To: Michael Kubacki, devel@edk2.groups.io, Kinney, Michael D,
	Sean Brogan
  Cc: Gerd Hoffmann, Ard Biesheuvel, Oliver Steffen, Ard Biesheuvel,
	Srikanth Aithal

Thank you very much for the help.

https://github.com/tianocore/edk2/pull/5595 merged.

> -----Original Message-----
> From: Michael Kubacki <mikuback@linux.microsoft.com>
> Sent: Thursday, April 25, 2024 7:22 AM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
> Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver
> in confidential guests
> 
> That issue looks different in that CodeQL did not have a problem. You
> can use the same PR, just rebase with master.
> 
> It looks like that had an issue triggering pipelines from GitHub which
> might be fixed be rerunning after the push.
> 
> Thanks,
> Michael
> 
> On 4/24/2024 7:08 PM, Yao, Jiewen wrote:
> > Ah, thank you Mike.
> >
> > Should I close/re-open my PR?
> > Or should I keep waiting?
> >
> > Thank you
> > Yao, Jiewen
> >
> >> -----Original Message-----
> >> From: Kinney, Michael D <michael.d.kinney@intel.com>
> >> Sent: Thursday, April 25, 2024 7:01 AM
> >> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Sean Brogan
> >> <sean.brogan@microsoft.com>; Michael Kubacki
> >> <mikuback@linux.microsoft.com>
> >> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> >> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> >> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>; Kinney,
> >> Michael D <michael.d.kinney@intel.com>
> >> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> >> confidential guests
> >>
> >> Hi Jiewen,
> >>
> >> Michael Kubacki has been working on a CI issue and a change is being merged
> >> now.
> >>
> >> Mike
> >>
> >>> -----Original Message-----
> >>> From: Yao, Jiewen <jiewen.yao@intel.com>
> >>> Sent: Wednesday, April 24, 2024 3:57 PM
> >>> To: devel@edk2.groups.io; Kinney, Michael D
> >>> <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
> >>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel
> <ardb@kernel.org>;
> >>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> >>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
> >>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> >>> confidential guests
> >>>
> >>> Hi Mike/Sean
> >>> Can someone look at the EDKII CI?
> >>>
> >>> My PR has been blocked for 9 hours -
> >>> https://github.com/tianocore/edk2/pull/5595.
> >>>
> >>> Thank you
> >>> Yao, Jiewen
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Ard Biesheuvel <ardb@kernel.org>
> >>>> Sent: Thursday, April 25, 2024 1:05 AM
> >>>> To: Yao, Jiewen <jiewen.yao@intel.com>
> >>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
> >>> Steffen
> >>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >>> Srikanth
> >>>> Aithal <sraithal@amd.com>
> >>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> >>>> confidential guests
> >>>>
> >>>> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
> >>> wrote:
> >>>>>
> >>>>> Thanks Ard.
> >>>>>
> >>>>> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
> >>> ago.
> >>>>> But it seems the CI stops working...
> >>>>>
> >>>>
> >>>> OK, I have dropped my PR.
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Ard Biesheuvel <ardb@kernel.org>
> >>>>>> Sent: Thursday, April 25, 2024 12:27 AM
> >>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
> >>>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
> >>> Oliver
> >>>> Steffen
> >>>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >>>> Srikanth
> >>>>>> Aithal <sraithal@amd.com>
> >>>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> >>> driver in
> >>>>>> confidential guests
> >>>>>>
> >>>>>> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
> >>> wrote:
> >>>>>>>
> >>>>>>> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> >>>>>>>
> >>>>>>
> >>>>>> Thanks, I've queued this up.
> >>>>>>
> >>>>>>
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: Gerd Hoffmann <kraxel@redhat.com>
> >>>>>>>> Sent: Wednesday, April 24, 2024 2:00 PM
> >>>>>>>> To: devel@edk2.groups.io
> >>>>>>>> Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> >>>>>>>> <kraxel@redhat.com>; Ard Biesheuvel
> >>> <ardb+tianocore@kernel.org>; Yao,
> >>>>>> Jiewen
> >>>>>>>> <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> >>>>>>>> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> >>> driver in
> >>>>>> confidential
> >>>>>>>> guests
> >>>>>>>>
> >>>>>>>> The VirtHstiDxe does not work in confidential guests.  There
> >>> also isn't
> >>>>>>>> anything we can reasonably test, neither flash storage nor SMM
> >>> mode will
> >>>>>>>> be used in that case.  So just skip driver load when running
> >>> in a
> >>>>>>>> confidential guest.
> >>>>>>>>
> >>>>>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> >>>>>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >>>>>>>> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
> >>> check")
> >>>>>>>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> >>>>>>>> Tested-by: Srikanth Aithal <sraithal@amd.com>
> >>>>>>>> ---
> >>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> >>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
> >>>>>>>>   2 files changed, 7 insertions(+)
> >>>>>>>>
> >>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> index 9514933011e8..b5c237288766 100644
> >>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> @@ -49,6 +49,7 @@ [FeaturePcd]
> >>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> >>>>>>>>
> >>>>>>>>   [Pcd]
> >>>>>>>> +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> >>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> >>>>>>>>
> >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> >>>>>>>>
> >>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> index b6e53a1219d1..efaff0d1f3cb 100644
> >>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>>>>>>   #include <Library/MemoryAllocationLib.h>
> >>>>>>>>   #include <Library/UefiBootServicesTableLib.h>
> >>>>>>>>   #include <Library/UefiLib.h>
> >>>>>>>> +#include <Library/PcdLib.h>
> >>>>>>>>   #include <Library/PlatformInitLib.h>
> >>>>>>>>
> >>>>>>>>   #include <IndustryStandard/Hsti.h>
> >>>>>>>> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> >>>>>>>>     EFI_STATUS                           Status;
> >>>>>>>>     EFI_EVENT                            Event;
> >>>>>>>>
> >>>>>>>> +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> >>>>>>>> +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
> >>> __func__));
> >>>>>>>> +    return EFI_UNSUPPORTED;
> >>>>>>>> +  }
> >>>>>>>> +
> >>>>>>>>     DevId = VirtHstiGetHostBridgeDevId ();
> >>>>>>>>     switch (DevId) {
> >>>>>>>>       case INTEL_82441_DEVICE_ID:
> >>>>>>>> --
> >>>>>>>> 2.44.0
> >>>>>>>
> >
> >
> > 
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118254): https://edk2.groups.io/g/devel/message/118254
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2024-04-25  2:37 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-24  6:00 [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Gerd Hoffmann
2024-04-24  6:45 ` Yao, Jiewen
2024-04-24 16:26   ` Ard Biesheuvel
2024-04-24 16:36     ` Yao, Jiewen
2024-04-24 17:05       ` Ard Biesheuvel
2024-04-24 22:56         ` Yao, Jiewen
2024-04-24 23:01           ` Michael D Kinney
2024-04-24 23:08             ` Yao, Jiewen
2024-04-24 23:21               ` Michael Kubacki
2024-04-25  2:37                 ` Yao, Jiewen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox