From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 094D27803CF for ; Wed, 24 Apr 2024 23:01:21 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=0DgpdeLtQjOiyrBpH94mznUfqZJDWdXEFomjhMpOeS4=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713999680; v=1; b=FyeGY47W4blghTgApNiOTPcyuTDGaVZ0ljFKiutcx46mskkAB2lWv5BhysiBjwQ0QqE1dfTx Yt57UtmsVozTwHDPr80+MgXbuPXmGrQsrZ6IV6pdBGthq6G3Oaa1PgO/Q2OtMCj1ZXWqLCHCk8D czZaolVICIVVgUJzgWugkPjVPlH8y4TdW7MaVtMUkYuXfbJEfCoj1Ooc5W7aNEIgwSnED4iF5+O OG4yiunebQnPGQNNuMr3WG04W6s5D1cItMF2nq7DruUFezxis3OkXWIlRl3CPXsSzmLQsdcB0kI aj44inJ6/39VkgMBnV2LV+EzgP9xw9q0F92upCvRcKq8g== X-Received: by 127.0.0.2 with SMTP id g9UDYY7687511xdaT7vDVdbh; Wed, 24 Apr 2024 16:01:20 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18]) by mx.groups.io with SMTP id smtpd.web10.3575.1713999679865015196 for ; Wed, 24 Apr 2024 16:01:19 -0700 X-CSE-ConnectionGUID: P9kW9yJOS0uezhwbthYleg== X-CSE-MsgGUID: Fzcak2WeRjukxhP4bBbbjQ== X-IronPort-AV: E=McAfee;i="6600,9927,11054"; a="9823986" X-IronPort-AV: E=Sophos;i="6.07,227,1708416000"; d="scan'208";a="9823986" X-Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2024 16:01:20 -0700 X-CSE-ConnectionGUID: S1MbwSwQQBKes0jMeDi1oQ== X-CSE-MsgGUID: Affsq2lXSfam0pSXuLZWhA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,227,1708416000"; d="scan'208";a="29508823" X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmviesa004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 24 Apr 2024 16:01:19 -0700 X-Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 24 Apr 2024 16:01:18 -0700 X-Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 24 Apr 2024 16:01:18 -0700 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 24 Apr 2024 16:01:18 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 24 Apr 2024 16:01:18 -0700 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com (2603:10b6:303:6d::19) by CY8PR11MB7338.namprd11.prod.outlook.com (2603:10b6:930:9e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.22; Wed, 24 Apr 2024 23:01:16 +0000 X-Received: from CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::e34e:4d18:b93e:c368]) by CO1PR11MB4929.namprd11.prod.outlook.com ([fe80::e34e:4d18:b93e:c368%5]) with mapi id 15.20.7519.021; Wed, 24 Apr 2024 23:01:15 +0000 From: "Michael D Kinney" To: "Yao, Jiewen" , "devel@edk2.groups.io" , Sean Brogan , "Michael Kubacki" CC: Gerd Hoffmann , Ard Biesheuvel , Oliver Steffen , Ard Biesheuvel , Srikanth Aithal , "Kinney, Michael D" Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Thread-Topic: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Thread-Index: AQHalpqn8v8lRJggRE26SoTHrh4JKLF4CRtQ Date: Wed, 24 Apr 2024 23:01:15 +0000 Message-ID: References: <20240424060029.1330637-1-kraxel@redhat.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO1PR11MB4929:EE_|CY8PR11MB7338:EE_ x-ms-office365-filtering-correlation-id: b4cabde6-08e1-4e65-556a-08dc64b271c0 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?lcrEWZp6yxRgGK3JahrUBG4oQ/X3+rJ0Qu5okrqF0UkDCI8pKfYDFbCHIE7p?= =?us-ascii?Q?nXVwLEtCKSL0keY+w0Qedq4aInw3dplvC+g5Ra3mOP7C1WlQ5J1ihioSh9RG?= =?us-ascii?Q?2Kxy5YyB/tY61R3SHHh7ad2dN2Zr982kX5e3hIgKGNu2iFpPESaaN27anKyT?= =?us-ascii?Q?pbFV2oqEuZ16UtCDnZJYntlpvBIn8+4/LPTEtR6acjahIzR38hymVVUzSTQA?= =?us-ascii?Q?Nz+68vw2c8JCAVw3x9R5ywE4QGXCmGEPRk5dXKPlHsNulCH2QDFQzLdf1C4t?= =?us-ascii?Q?o3CQs3g2ENdDsRgp8UZkpHi5LOO36n35cOwkEYRTUr8Mce4U8l6WAlIIyBiR?= =?us-ascii?Q?WoAbyV8+GiUKIo1L95rDlhEnewqi8OPs3WNxUQLyQBPCuZwSzfC1MSZKMQDQ?= =?us-ascii?Q?Etp66FcpRH43mSB06+AkPToe53HZqVyyfeeUJ6k9t+FcYM0Jm6JXCQi1up42?= =?us-ascii?Q?izLESDHe9+sA2PcH8tAxb29oLti5Rzbs+fqVNrq4MpJk4+06jbg4Ea2ErT1C?= =?us-ascii?Q?L+oWZIjo1gLBLYxZ/R+TSIahLajnn6ubfqGLQt7z/P/lAoCXQ980gEtwXGfK?= =?us-ascii?Q?Y26q1unUJMSCbk1uMRSRiwUIVdgOkccI59x6eA9g+Dew9O4KfgLaXR/KoDVN?= =?us-ascii?Q?L+vAq43h1wNc4zyEqqItSpMlw6PscoH5hn4iKQ3FaYRkHhqrYw+NNDucyLIK?= =?us-ascii?Q?tJXlK19xS9P3dr9ptD7U+2d3/Nbyyfi8JwOQfrhCdcUUnMh/U5MAroK7ar6F?= =?us-ascii?Q?v11pGzuYMqAdVJ+p+1QnKWsBklGZuHQMiPiKXy2HxgJDV7dQjio2//mCrvSE?= =?us-ascii?Q?QTwp9A2mqfOldiUvrmhCQ8SxkKMhNQEcqa1dd+F82FtXsUPUpEWpHAcSP3wp?= =?us-ascii?Q?RYPbpo+4myH6AVM1i2xxsxO70vxldd0Nz+Xfz2ft0L3kDFPA+YVWi5nrejXO?= =?us-ascii?Q?trsHBOm00EWe8v94Bw9+TzHicbBBmC8yfsrx+aSi8g5E2s25+FCmmqNJZqUx?= =?us-ascii?Q?fuUHjQJU6VTnGGygserHkvgTYHafmcKHrx+d8GkV2gXO3PoiD2jt0bUrwKjr?= =?us-ascii?Q?OimiHof4mN4gNm+NyzMEalV07b3SdBwZOk2Xwwi5MuZ4nWA8kOm26lB7dPfr?= =?us-ascii?Q?h0pLgP/17Lysb45RCxxc2HIYhRYDrpnVGVKacDLghu9bx/t0QcIaqQ4XChK5?= =?us-ascii?Q?eSdSbJkNmDsfX+whlq9aeSTIotQ9FUayg2ctDSmIpyTMsroYh6F3+G5aM987?= =?us-ascii?Q?5ygj+/Uj1pu0PXiUI95+rlEpitSCGBOwSmIsQ1MgxNpjltYU8h3bT4jpEGom?= =?us-ascii?Q?F2OmTDJotGaPvdL2YTA/HeGIAyRH3KrlptG2qcS4N5pnhA=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?7dxwzd8ZlxtvkGBpRZgVPLS+DbzYj5+HGsuy3dJHxjwfJesssd07hqXUmBGp?= =?us-ascii?Q?+O83YizIOxWsX5vks+corG+F5ruYhzJHBteM+m2sKRhVVf1NpKguFIgGwn4N?= =?us-ascii?Q?3usQeJYn0BjgyYD2rBKrMrOqTZS7nDdPCzfvK0KtILP2tzLHbv0TP2liH3Ki?= =?us-ascii?Q?ZcZxEPnQIvz7Lk4bTWG2XY338P5EuU/Psib4G57DrHaiEq/leA8Cz09KeDhN?= =?us-ascii?Q?cMawQaMlef0Yi08CRuSc7KlAfSspjIpMUvLexvBsE8c46HF8eE6kgiQjN+wU?= =?us-ascii?Q?jHXk1NlZdw4ZUZV9tKYqVQG6dDZJ/rb2iQ5qasJgSo4xQte/4EQLFfCmD3yM?= =?us-ascii?Q?n53aVC1AIC2koVLw/xszeO3esPHfi2Q45qt7QKlhz9WeOJEgrthw6NkBwI/I?= =?us-ascii?Q?NZPwS9BZ5ctZO22/4i6/0SkGgbJ+wooTH1qHvy2eIBKDLIPcWZ7lC0xdcE9R?= =?us-ascii?Q?QeHKPppZJuIDJ5gVdNecE0Ix1nVPyyN9ZG6x2BZzGluN0MuOkKLklAV4R1Sk?= =?us-ascii?Q?8NSNSIGKwM6t2YRTvUCevLhRBMGtYQ37eYhJuEfhwRCBw0pN7uvfxzjQXZQI?= =?us-ascii?Q?eDGoZ3Rw2BuTbDEi+P3SP5u+K5G7Y4RZqKEz8QdK6cLDjLm4swZIOh6hMmao?= =?us-ascii?Q?2FLf1QeRcWaBhoewdkD1v9mqVl+/S8fv6/3lZZQKKqmwaBkrs8MZXFEQr+AL?= =?us-ascii?Q?AvJ9fusrvImjGHgfSjGkI2PMsnT47qqY99yC8E2khkYIMpgrZa7sJvY8+1RC?= =?us-ascii?Q?/OdNBZJMglbrXFSYy/CJS/XiuxB5pHtgZIcwB6YrUvVG8Jhv2gQruI5WVlKO?= =?us-ascii?Q?CYlxaCF4V2Y+nCACTtQY1EQ3m+1ySw3/WsOx5PIyBaFz1mjMoTHBxboq+j52?= =?us-ascii?Q?LIngG3r1VSTGIS3m/xITYANqSyG40+T6SuL6TkdMhA0aOqxCvAhK/gk5i3RC?= =?us-ascii?Q?oaqUA8BPxLXG8o11plMu5cGhzOacCFaJNqx4SbpSyDwFmNHgmS6TNYIB8WKV?= =?us-ascii?Q?t/qq4t3lXAwmJWPeLgoy1I2kBEzczHGxoU4JNWaG39NWhb6Vp/aMz2FCVU4T?= =?us-ascii?Q?xhKzavnu34pfXzc/39fl1Lex5pwsLZovBL6EGVol9vYfklHJRFLm/cm5oBhE?= =?us-ascii?Q?aPUg1DloOsch03mvs60jVv8yklx0oErgMP/ahrIfRDF+2Ov53HSdOe0tHRlq?= =?us-ascii?Q?oKSBdRuWOixieo6KbjQQLuwfANJnyBXAU9ExNsnHuuvGRNlyaK7WoBTfnGi3?= =?us-ascii?Q?yINn39fn97gfI6GIcfaY7KUOPs1exZdGk8d18cECPX+9mktQxvQq3o2KZUhf?= =?us-ascii?Q?kQG93ihYKX5gdOxZEpJjdPcqtOulwW0xowt6WOzm5eMd9jG/TV3jjV16P47p?= =?us-ascii?Q?cMRre1v1+UgfPC/LzJ3aIZA7/n9wkvUtvYc2pa47yrN1Ul+M830fI2OjE2tk?= =?us-ascii?Q?VmUvcp/ysuyyv31psck5yE3T83/22KnRaHjs9Ql4yL/CDeNMOC4+g39j5mLW?= =?us-ascii?Q?twm3wBIMWuV+8HK91kfwdD001CMwTgQ7lm/WQphdb22M1fgR3D7fXgTA5P9R?= =?us-ascii?Q?lukxu2WaHzrt0EBtZYrB5GGfRtF07YM2Ck1LViXBr3yVixVXYrYFm7YAfk4p?= =?us-ascii?Q?LA=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4929.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b4cabde6-08e1-4e65-556a-08dc64b271c0 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2024 23:01:15.4846 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vpdUE4nR3od7er8ARlrJDmqI1rwUmWcTfFYce6ZjE7J4Y1paES9octVdjUON88h7RRsJsm+lBALigF8CO5S197ZrHOuWMVlqczXdMioXtvs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7338 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 24 Apr 2024 16:01:19 -0700 Resent-From: michael.d.kinney@intel.com Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 2V503wTp9zhU9vQUhckAwqIKx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=FyeGY47W; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Jiewen, Michael Kubacki has been working on a CI issue and a change is being merged= now. Mike > -----Original Message----- > From: Yao, Jiewen > Sent: Wednesday, April 24, 2024 3:57 PM > To: devel@edk2.groups.io; Kinney, Michael D > ; Sean Brogan > Cc: Gerd Hoffmann ; Ard Biesheuvel ; > Oliver Steffen ; Ard Biesheuvel > ; Srikanth Aithal > Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in > confidential guests >=20 > Hi Mike/Sean > Can someone look at the EDKII CI? >=20 > My PR has been blocked for 9 hours - > https://github.com/tianocore/edk2/pull/5595. >=20 > Thank you > Yao, Jiewen >=20 >=20 > > -----Original Message----- > > From: Ard Biesheuvel > > Sent: Thursday, April 25, 2024 1:05 AM > > To: Yao, Jiewen > > Cc: Gerd Hoffmann ; devel@edk2.groups.io; Oliver > Steffen > > ; Ard Biesheuvel ; > Srikanth > > Aithal > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in > > confidential guests > > > > On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen > wrote: > > > > > > Thanks Ard. > > > > > > I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours > ago. > > > But it seems the CI stops working... > > > > > > > OK, I have dropped my PR. > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Ard Biesheuvel > > > > Sent: Thursday, April 25, 2024 12:27 AM > > > > To: Yao, Jiewen > > > > Cc: Gerd Hoffmann ; devel@edk2.groups.io; > Oliver > > Steffen > > > > ; Ard Biesheuvel ; > > Srikanth > > > > Aithal > > > > Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load > driver in > > > > confidential guests > > > > > > > > On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen > wrote: > > > > > > > > > > Reviewed-by: Jiewen Yao > > > > > > > > > > > > > Thanks, I've queued this up. > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Gerd Hoffmann > > > > > > Sent: Wednesday, April 24, 2024 2:00 PM > > > > > > To: devel@edk2.groups.io > > > > > > Cc: Oliver Steffen ; Gerd Hoffmann > > > > > > ; Ard Biesheuvel > ; Yao, > > > > Jiewen > > > > > > ; Srikanth Aithal > > > > > > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load > driver in > > > > confidential > > > > > > guests > > > > > > > > > > > > The VirtHstiDxe does not work in confidential guests. There > also isn't > > > > > > anything we can reasonably test, neither flash storage nor SMM > mode will > > > > > > be used in that case. So just skip driver load when running > in a > > > > > > confidential guest. > > > > > > > > > > > > Cc: Ard Biesheuvel > > > > > > Cc: Jiewen Yao > > > > > > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash > check") > > > > > > Signed-off-by: Gerd Hoffmann > > > > > > Tested-by: Srikanth Aithal > > > > > > --- > > > > > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + > > > > > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ > > > > > > 2 files changed, 7 insertions(+) > > > > > > > > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > > > index 9514933011e8..b5c237288766 100644 > > > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > > > @@ -49,6 +49,7 @@ [FeaturePcd] > > > > > > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > > > > > > > > > > > > [Pcd] > > > > > > + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr > > > > > > gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase > > > > > > > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase > > > > > > > > > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > > > index b6e53a1219d1..efaff0d1f3cb 100644 > > > > > > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > > > > > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > #include > > > > > > #include > > > > > > #include > > > > > > +#include > > > > > > #include > > > > > > > > > > > > #include > > > > > > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( > > > > > > EFI_STATUS Status; > > > > > > EFI_EVENT Event; > > > > > > > > > > > > + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { > > > > > > + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", > __func__)); > > > > > > + return EFI_UNSUPPORTED; > > > > > > + } > > > > > > + > > > > > > DevId =3D VirtHstiGetHostBridgeDevId (); > > > > > > switch (DevId) { > > > > > > case INTEL_82441_DEVICE_ID: > > > > > > -- > > > > > > 2.44.0 > > > > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118238): https://edk2.groups.io/g/devel/message/118238 Mute This Topic: https://groups.io/mt/105705705/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-