From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id D0D057803E0 for ; Wed, 24 Apr 2024 06:45:28 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=c/H7f3oPv6W2avqAA6iYTHpXJyoJmAtfEIOOyklcVGg=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713941127; v=1; b=FSE64yWei+kXRoaqSnd9Pc7d9ZbNjWdEBk0e9rhvBUBk7laYaPw0VfDXkNvXBs0dfyOwFCo6 17iktBicFkqvveefyOfsyzm4K3WtUT425PrDIHqrWNQms+TYbNy1rzWJqLX77pgo0OupLkOwYpN haHKJ/Vtq+oa7t6SMcadbUmxBcfMJr+oOVrD0h+m7TuNcCXYRytMK+DpHh+PET5Wsrc4ZS6h7e6 rWXPbedq9Ph++BW4pvzWprKCF9jWGnjWG0spRbnqnpebrFU3GoxAPoMJrpjjZJsWvpmBMqvVIMl 7WVl0/m1CTWYnvIVvVklsW4rYFqAY6TVGYhqGoQj3yYdg== X-Received: by 127.0.0.2 with SMTP id PgXtYY7687511xbu51gZPsSn; Tue, 23 Apr 2024 23:45:27 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web10.10385.1713941125982312353 for ; Tue, 23 Apr 2024 23:45:26 -0700 X-CSE-ConnectionGUID: W31uMoOIR9mZcgJwmDCKUg== X-CSE-MsgGUID: b/kIhtRFSG2vpaGbLOdAOg== X-IronPort-AV: E=McAfee;i="6600,9927,11053"; a="13345336" X-IronPort-AV: E=Sophos;i="6.07,225,1708416000"; d="scan'208";a="13345336" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2024 23:45:25 -0700 X-CSE-ConnectionGUID: 6XVBo0MoR2u24cjIR/FScQ== X-CSE-MsgGUID: c/sHt+jSRRat/zNvp7UoEA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,225,1708416000"; d="scan'208";a="62070065" X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 23 Apr 2024 23:45:25 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 23 Apr 2024 23:45:24 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 23 Apr 2024 23:45:24 -0700 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 23 Apr 2024 23:45:24 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 23 Apr 2024 23:45:24 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SA0PR11MB4733.namprd11.prod.outlook.com (2603:10b6:806:9a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.22; Wed, 24 Apr 2024 06:45:22 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::be3f:5a4f:5180:2ba9]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::be3f:5a4f:5180:2ba9%4]) with mapi id 15.20.7519.021; Wed, 24 Apr 2024 06:45:22 +0000 From: "Yao, Jiewen" To: Gerd Hoffmann , "devel@edk2.groups.io" CC: Oliver Steffen , Ard Biesheuvel , Srikanth Aithal Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Thread-Topic: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Thread-Index: AQHalgzZXK/pb0dUtkOD3j7sbeU47rF2+cwQ Date: Wed, 24 Apr 2024 06:45:22 +0000 Message-ID: References: <20240424060029.1330637-1-kraxel@redhat.com> In-Reply-To: <20240424060029.1330637-1-kraxel@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA0PR11MB4733:EE_ x-ms-office365-filtering-correlation-id: aa404565-419b-46c2-a707-08dc642a1d73 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?ed2WDqTt8iorDttY4eCPdC9xSiqXOAdnsuEfSMLQPb2VpTfDXqx6zfw2MVaW?= =?us-ascii?Q?05K1JublBjBQFQbL91AWzzCC1pnfddUIDmsuQ6qW5doTcXQMaYbD8CZeigX1?= =?us-ascii?Q?wAhq3UyK+xhB9ycx4imAqxkzXExJGb484zxZ9tbh/I0uXyouoViTvU6g9y1a?= =?us-ascii?Q?Jh3yHebGp57EMNFu1GT6Extm9JjKjISy/b1CFqyEVHRavmW/FahWJWpyI5io?= =?us-ascii?Q?az+UPvYBBEKiE5L86sq/OzenNFP4+718jAuKpk8Q/Oa5kGjDTGz525wMlI1M?= =?us-ascii?Q?U1vdpyR5DWHq7Kx0wPhPYlGG1zryiN+KKysNknrfipUrfcP09ZiPcQbQ7PxQ?= =?us-ascii?Q?DNF3SuFSL6NByz9PkyvNUJB8zuHzM3vULPv/CrmlK7D7eJ6pLqtOuc8xs7V+?= =?us-ascii?Q?91VTArSopeB6IYM37ti6UP64+9CV3jp3gO/16OXYxJMmmSvtdS7kWqPmv0+W?= =?us-ascii?Q?Ep8kefN2mYAr6HcoU1HiFu6sMU7r8bGttropvmO7L4ATfVIJWLwwv9RexEuq?= =?us-ascii?Q?IqpLLgyBhtJBso8U1ejq6ZKPW9WsGumk5/d4hluI3aKJZdRLpRYxbyDXj04b?= =?us-ascii?Q?XQPf56zsW0xXiYwjLkCVur//+NEP8Be99h6EwAqN63EDZf+1Dm8XW8y3OP1G?= =?us-ascii?Q?XPWyTTs4oYnihwrRwRfZa8Y95DcuSpkwYLFNLpWnEpbhgqsTJjZEC94kXLCr?= =?us-ascii?Q?ZcWA6xJXmcLAJbucE6AyeMhYv6m65MhLEpEO06eopEffp6l5RG/3trWfvLmi?= =?us-ascii?Q?xLT5tnZ8wQDOvYStiwcklldBCZOp6FQZGO7qC699Gr5GL57CsSFRwc4I5tYQ?= =?us-ascii?Q?ulbxME+V25GjPlPMyUpvwkMly1vSqWEoapKH6GhBy8nZyHvG5/bxIdDxJsiC?= =?us-ascii?Q?C+FLUaRjGKo4ADWl/JJ30uST24kJWYidskAHvzUYMrby8JvWRscDr8bDJaQ0?= =?us-ascii?Q?bjV8VS2G9NmgVccTmi4YMDgBErvzxY483vH4WsMkp/h2ESm/4tytCnfFOLQc?= =?us-ascii?Q?4D5R5y2v6S9wTrazuSb+gsPPOQV0tFeX4yZb3vGBVBJFKK1lcT59o/OuInpV?= =?us-ascii?Q?0+rU87GgdGQ+ctAI8QBBYLY/LqBou9GXmKbUVEPdV5eQaAZP9UCBimcyvf6G?= =?us-ascii?Q?Lw/GJsTmG8vqYqpIm0WfaeaNZkONf5e0J7wIw5iGRdZ4l2UZyVelEbHbSbZF?= =?us-ascii?Q?jo6hEIXolEVKZLgqeMNB2pXJ7O5SKfXXKOuA9CXtxkoZ9fDaIQsfd0Ezsd8Z?= =?us-ascii?Q?WwSOQV2+VDfPVrCH5xt8NAOst4asuCUJfmOM8rsGzZTLxk00VcQDAeh6KQrR?= =?us-ascii?Q?jEBnmUclbzLxikX+GKyq8u7mTd7fMUJJm3sOC3MfSXNoZQ=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?QJJL097I1oIt4NHkczyriEUI8oHTgNrBKse4kBHLJNvLlY+Ehaqu3daxU3Se?= =?us-ascii?Q?ASyJaG2ZiuAzLqOdRIDwrl8qCP8rKDNtfy7W50S0zv6kkXfSs4maKKjU8R7i?= =?us-ascii?Q?IEfkVTdLi+AbDVHgQjmKXk2hAUAZ9LD1jKzHAW9GPBQnUvZiUg3b/iA2UNIL?= =?us-ascii?Q?17FItyc3N/5XL+N6NUhaJiJ0acOWGyQWhN8GigMlGL+k1I39NsKpnY7cPdcA?= =?us-ascii?Q?KTfEO/Cu9cszSZGD056G2svl8mzgcPe12BYqcuSkZ+b4AIq0A+mUpI3M71YU?= =?us-ascii?Q?dnsYGTcZaAFSH3MgMXp4zH78paYW7MbnC/I2kTM4xkThmV4fdGrm1r2zYFfP?= =?us-ascii?Q?wXGlvbzfIyl6TRLEwiwxEcKSw4zyhqI0kiYj1ueweCBDzx/ZXgXLLbUQRrIJ?= =?us-ascii?Q?R6yeh9isONCRIZBzTFYved36kuguuLVYuB8/wkh2t3hseebg41D4FqUhyxPj?= =?us-ascii?Q?2cumjh/g6hLKFvLJU982hSM6U9VB2YYlpHXV52W5OPU/cQCA+qGzejEp1noL?= =?us-ascii?Q?soFsaJdibU+rEkmBH3ovfHMqvhP+UF2MyZzVMHOKOl6oQPgnS0JHzu+AdqM2?= =?us-ascii?Q?oJYhQxZv3zAo1y8uccNJTy7aUugEfKOT6gS7hOjzzL6/AmyBe8xse04kCbN8?= =?us-ascii?Q?blPNKWZpnOfccZdL7TAlQvBpT8T9m3CPgVdspshKHUTP0dmizs4xC7W9ImNS?= =?us-ascii?Q?jp3ViJ3OKWI1K9gH54qwOKR3VVWTLre6qearRnCU9qrxvenN7YaNJyoNSSFH?= =?us-ascii?Q?2VN0VD6kWIyDcvFpixP06IxoH+gBc/1Mtc1H/UvYIdtPng2fl56Xk3sa7nFG?= =?us-ascii?Q?j2wxCaW7c6aXX4HjMKj64KPq8jc3d8wK9X8rxHfaXy/kE6d2sejET1jNrz/2?= =?us-ascii?Q?m+bYuuMRwtI/2LZP8zSkWUvzk5EKkoiRfsiruuYCA8D7MBpmj3J3FftpIRrE?= =?us-ascii?Q?w1Fc3eQTc/HdpUvFOTgU/eTS0BCkd5yS0B8tD5ZFo8Bv/F3WIMFHPBETASRk?= =?us-ascii?Q?f3Zfh/T+pUdo9T/mBw6/JONn6gpQv53JJBadJ8TkjsNPGielKM00nhEuEQvI?= =?us-ascii?Q?wkO1weFf39GKXAX+OnTPrTfwM69+lVrqfeDyrCuaejAFAtkk3cfNHBcct8NR?= =?us-ascii?Q?+Jqyqko1AobyC3wcP+WrTcsiBdapLBp1KutMjm9gGHTfGtYu7fCulAi9vlyw?= =?us-ascii?Q?w9Y8u5u1cHQo6sK1ucpCDKH6xy7IE+GCXlbrf2oPivJsX9dfuiQ7Vxy3tq6+?= =?us-ascii?Q?ZlRRN7NalHIcFqB3lc90yvrstUoz85Y2fEcdGcK/ri2V+KSTrKMGiGZif59Y?= =?us-ascii?Q?4cB2ygJ9d42ajMJBRDvgkJcHitzX1c/mKCBTtlZ96B9GzRyFAXjptzVXpWAV?= =?us-ascii?Q?DpnSQ23izQmlE7sWc+/CXXAZuyYjCTzise8kb2cDb97OpIWkAbQlSJQX3ISE?= =?us-ascii?Q?FbEC05Kj4DhqA/fJ40A8qT7IqhHS7zkS+3YEstTJY+//BSxZ9WfBdUHITczy?= =?us-ascii?Q?iBv4izNmjB2edfSev+Y3V8C8kBwZfdO3+GFErOogw6jF5nrwwvKy65EsRE2v?= =?us-ascii?Q?Av6W9LvQuegwRerJoC2edybq8MhjZNfZyZMbzwZJ?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: aa404565-419b-46c2-a707-08dc642a1d73 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2024 06:45:22.4868 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RWP8bYc3ifpufu6xAfHPE66MfrD8MhwfL3wfD9Pq+jD7fIgDrx8x67bwGq03q7tBq3LgRU3btnEGnqlYwC9bvA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4733 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 23 Apr 2024 23:45:26 -0700 Resent-From: jiewen.yao@intel.com Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: JK23Mk9tFvDT75C8Dy15DTTJx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=FSE64yWe; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Jiewen Yao > -----Original Message----- > From: Gerd Hoffmann > Sent: Wednesday, April 24, 2024 2:00 PM > To: devel@edk2.groups.io > Cc: Oliver Steffen ; Gerd Hoffmann > ; Ard Biesheuvel ; Yao, Jie= wen > ; Srikanth Aithal > Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confid= ential > guests >=20 > The VirtHstiDxe does not work in confidential guests. There also isn't > anything we can reasonably test, neither flash storage nor SMM mode will > be used in that case. So just skip driver load when running in a > confidential guest. >=20 > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check") > Signed-off-by: Gerd Hoffmann > Tested-by: Srikanth Aithal > --- > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ > 2 files changed, 7 insertions(+) >=20 > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > index 9514933011e8..b5c237288766 100644 > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > @@ -49,6 +49,7 @@ [FeaturePcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire >=20 > [Pcd] > + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr > gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase >=20 > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > index b6e53a1219d1..efaff0d1f3cb 100644 > --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include > #include >=20 > #include > @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( > EFI_STATUS Status; > EFI_EVENT Event; >=20 > + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { > + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__)); > + return EFI_UNSUPPORTED; > + } > + > DevId =3D VirtHstiGetHostBridgeDevId (); > switch (DevId) { > case INTEL_82441_DEVICE_ID: > -- > 2.44.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118182): https://edk2.groups.io/g/devel/message/118182 Mute This Topic: https://groups.io/mt/105705705/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-