From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9B81F7803CF for ; Tue, 12 Mar 2024 05:54:06 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=5bYqBvlrRXjFUrD2q5LVgn93uz9l4mD4X+mlS7Eqw/8=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1710222845; v=1; b=3peGvSgksIUk0qGFLTBDlCvxfb9jXAH9qHdGP6cXPSy6yDpDltDAsUJcxR4nPt4w4EtlUGef LXWMOQWJL9StJpw99x1MAINYJLSwnnIDf9+xETskw7pIEMw66BiwCQWD+4GT3a24mTutVhefWyU 15askU+nxpx9wUzSdIVFT4lKzwQ3wTKYw/HnAI8nV1zGJSt0Wsysf4yp706TWTP7xCopio4KgwE kxPDJk4KFMR7behrLncN0COAQQGBMU6n//hfTK8g82hWZNq2ATcCKbC6YfaS/S5DMcQud6+CLpk qgy5CGCCRjSn9PGa1ubMvpNjlo+Qh3p4wbEV8un4o/zqw== X-Received: by 127.0.0.2 with SMTP id y5tfYY7687511xftSBIHDQVI; Mon, 11 Mar 2024 22:54:05 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.16]) by mx.groups.io with SMTP id smtpd.web10.2214.1710222839372433889 for ; Mon, 11 Mar 2024 22:53:59 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11010"; a="5520443" X-IronPort-AV: E=Sophos;i="6.07,118,1708416000"; d="scan'208";a="5520443" X-Received: from orviesa010.jf.intel.com ([10.64.159.150]) by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Mar 2024 22:53:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,118,1708416000"; d="scan'208";a="11391765" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orviesa010.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 11 Mar 2024 22:53:59 -0700 X-Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 11 Mar 2024 22:53:58 -0700 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 11 Mar 2024 22:53:58 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 11 Mar 2024 22:53:58 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SJ0PR11MB7702.namprd11.prod.outlook.com (2603:10b6:a03:4e2::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.16; Tue, 12 Mar 2024 05:53:55 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::e598:df44:ae74:eda3]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::e598:df44:ae74:eda3%6]) with mapi id 15.20.7386.014; Tue, 12 Mar 2024 05:53:55 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "Sun, CepingX" , "devel@edk2.groups.io" CC: Liming Gao , "Kinney, Michael D" , "Aktas, Erdem" , "James Bottomley" , Tom Lendacky , Michael Roth , Gerd Hoffmann , "Yamahata, Isaku" Subject: Re: [edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM Thread-Topic: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM Thread-Index: AQHaaHNQ1oOMi3w98kiaFT9+URI92bEdwRuAgBXxREA= Date: Tue, 12 Mar 2024 05:53:55 +0000 Message-ID: References: <20240226211833.3156606-1-cepingx.sun@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SJ0PR11MB7702:EE_ x-ms-office365-filtering-correlation-id: a01ddbcd-10f5-4a28-80f3-08dc4258cdc9 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: gdm12bAD/DEBq9L6TkNURVH2Srfw46RsqM1vCQimYvVgg14Z8WSu+RWyKps9y4FtwxTjzPjo8AqT9Jw5/qWtKwqxfz/PRdr6xg/F3GKNtdfVXYGrJiNKTaxe5cIHynnlDQWuMk5nbxG6xf14v5U6WLL1+Np0dW3evTHjkv9w8F+GW7p0q0cBriwmcg1Jc8Mpf5G0vAl2rX+4vLFzTGlLZjdh3CU9jAY1e59oYwo/BuYn5wlWUTUiEpfXqUrBx74vTSJ93FDweCfNCg3B428rJV/bdSvRU/SD821kGMrYURwV2UQLTgNjM7nU41x0xm6/9+vUsXde3dgw1Uc5+JIwS3uJACKWkKNiy5AJoXP3w6gfV24zm2TetZTC0bMwKb/oM2lIeDrwevXD9MiQgLilcft+wWLioadnlDQUXP+kNJEJYmpdaSHL+9M9vXNkxm1MdCx8G7Kyp9SlY9/fPEmH+wdysMgDBATqAyQ5M9kp0TGTvVCpzbXAjvX1y/eJDwedkyPYfcGLHTtwXWT3ubpNSRLolgyFdgMyh8qTR6/eIwS9jU5F264GrBX+CfriEO3ZWI7eg2R79x8uKFdg0c0BbjzkMvfLP7QG3O5uZyMoMYBXQJiSNa6TIpeeFJNJDZDJXXNv2DCCYAjNjq5QpYt4prjbQk94Rj2417Dt7pnqtLg/YrkgRuc/BjSKjR0+WMnv x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?HcA27oMbtoCTi9qhMVK39sLxmt7FLoVt8NjwYqpeG2kYnjxH4F2q0Ni5bwRQ?= =?us-ascii?Q?SeCFWoefN0EfcxXmArfTzZ/9W5wACji68sfuKBnBV2Bu9aQg9CJnBR9FOZrZ?= =?us-ascii?Q?xESSsyUB/R0bnI5sP7J8uRS4D9kZ4hsDwmOkcKQMoDTNziLryRhZ/KqOMqvO?= =?us-ascii?Q?hhd/cgqn+GfcjrX4PNR3BoRs7NMxuFT2bYs6IJBfzhiIluDoVUxDCcj5Asbs?= =?us-ascii?Q?On6K4FTEIVEblFsFTPl98zDAOmKWzhbsxio87NuVoNXiIZf2BmIEWPMmCrzX?= =?us-ascii?Q?pv+/SuovI+UyBJcfFV7kcxkP7ZoeU7RQp9Q/fPI08mjDpHAmSMHwdTNrm11J?= =?us-ascii?Q?cAkOZylCnwhS3LCuNZBfsuS/Td7F8lpPImgZuBS3x4LdlUHNreUG/sbgPR0g?= =?us-ascii?Q?xJn2jn7a1g5WzFwvK0czG/x3C4ieMrjO8lNWzjtVcWwJWfi+JZCDdVL87SFp?= =?us-ascii?Q?vW8eLh8j9ErUU+V2Bo07csq8gJMw93xZRBF0OnwSXwZ321Uf7W522loh88dX?= =?us-ascii?Q?1YO4qpysBgx/cJ/cFe4iNSEtKwCfFXCnsbyxM3KC4txQHO5m+8KV+Oh8Zg2g?= =?us-ascii?Q?bTVcQTjMahLQ66PxYs88TibbKuOmKrDnEghojgiCaEJBB3MAb0Bm9pU+tTlz?= =?us-ascii?Q?U97Og/XmzWs/uQ2lMAcH1+vVN3WN4Xih+u1O9ShjmogeMbDfwNRY58cDWqDU?= =?us-ascii?Q?9Ut9X6VvGZ0iHNPQmE1oA0rU9gZ0KJDYVeBIEGCD1+OrXQArRLVnOGd1GY7N?= =?us-ascii?Q?VmCeYyD26YIZjG1Hwkp3l7bqiwak4mNpn7MQRLVdGYJPJzPvPSWpkOJQgPpI?= =?us-ascii?Q?vq3BoHygI3B+NSQG+vZ+HdoIoKGSvRk3XrvpK+yl6WX+RIwB07kLP601jog+?= =?us-ascii?Q?nO/bU3YhtMZbwW1EdmHfJcbap2A7YmpaedRWPlkhKKiJGSJJGv5K7yRNSK52?= =?us-ascii?Q?vDNX0/lqlXf9lM/F2vmofxQOkOmNt3g7yXoaxKyJLDUtsnK+s7hfqJj6TN8u?= =?us-ascii?Q?fgYX2uavUq5H4pPMDMtd+1e3/JsuNvzwZRWwvFuv0OMJ9f6+MWCJew4U62Zw?= =?us-ascii?Q?oxe5K65x1BgGYMjnMNDL/PqRKyexxBuAO4XqkPSiSEX31W4wiFEenh9xdfc5?= =?us-ascii?Q?YDu+kIVwp7qjFtBjIvnIZ6ZF6Gewv9KuzGulUUKT9cB7Jta3oqfAqwNwVjSG?= =?us-ascii?Q?YFhhshXJVRunxYxo+vb8ph3RjPImg5gOqTQMlSvBldzAsMSxPlLsF2bi5G2s?= =?us-ascii?Q?Mx9NHnHxAYe+YgJDs1QMVOLyv0jgBD1a2p19geMQcWCt03qa11lWVS3mrRlo?= =?us-ascii?Q?YiRG6OP46OBXomGBB4q9XmAK5/p07EAwk6xMFVTmN2n2V6xGjxDze8+kWr2L?= =?us-ascii?Q?H+MuPyvabC1SnobX2Ct8EiG4HIWfmVs0acHRd9XnA72jLSCDaZaOnM/ih9WQ?= =?us-ascii?Q?sqpEB7IzEs8XFEVQnrlNeJfqFhGfwkGwfPUCaT3piq0eKazFcVn5d3DJzUol?= =?us-ascii?Q?Ap6p8uq5Kh1zTmGlsyDjf0QWfvwzNN5AhQifGFjVyY9WjDkBuvT70UpfWcq/?= =?us-ascii?Q?6RQnkqGxApMoHPo0e8mBmJdohEj4MKdcq4l7UUWf?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a01ddbcd-10f5-4a28-80f3-08dc4258cdc9 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2024 05:53:55.6550 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PQU+iGA7zfc5c0KsfXvq2amsLHLi9V37I462IgHAkcTgZfdx8pbgqacEf4dRoINdPWrU4ydMf0bfZ2F+D6oMkA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB7702 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 11 Mar 2024 22:53:59 -0700 Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 667Ve7xJDeI2iZmm98TrVTk8x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=3peGvSgk; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Jiewen Yao > -----Original Message----- > From: Xu, Min M > Sent: Tuesday, February 27, 2024 2:49 PM > To: Sun, CepingX ; devel@edk2.groups.io > Cc: Liming Gao ; Kinney, Michael D > ; Aktas, Erdem ; James > Bottomley ; Yao, Jiewen ; Tom > Lendacky ; Michael Roth > ; Gerd Hoffmann ; Yamahata, > Isaku > Subject: RE: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking sec= rets > to the VMM >=20 > Reviewed-by: Min Xu >=20 > > -----Original Message----- > > From: Sun, CepingX > > Sent: Tuesday, February 27, 2024 5:19 AM > > To: devel@edk2.groups.io > > Cc: Sun, CepingX ; Liming Gao > > ; Kinney, Michael D > > ; Aktas, Erdem ; > > James Bottomley ; Yao, Jiewen > > ; Xu, Min M ; Tom Lendacky > > ; Michael Roth ; > > Gerd Hoffmann ; Yamahata, Isaku > > > > Subject: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secre= ts > > to the VMM > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4696 > > > > According to section 2.4.1 of [GHCI] spec, RBP register is usually used= as a > > frame pointer according to the C language calling convention. > > The software should not use RBP as an input/output parameter and should > > clear BIT5 (RBP) in the GPR mask in RCX. > > > > Reference: > > [GHCI]: TDX Guest-Host-Communication Interface v1.5 > > https://cdrdv2.intel.com/v1/dl/getContent/726792 > > > > > > Cc: Liming Gao > > Cc: Michael D Kinney > > Cc: Erdem Aktas > > Cc: James Bottomley > > Cc: Jiewen Yao > > Cc: Min Xu > > Cc: Tom Lendacky > > Cc: Michael Roth > > Cc: Gerd Hoffmann > > Cc: Isaku Yamahata > > Signed-off-by: Ceping Sun > > > > Ceping Sun (3): > > MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK > > OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK > > OvmfPkg/TdxDxe: Clear the registers before tdcall > > > > MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +- > > .../Library/CcExitLib/X64/TdVmcallCpuid.nasm | 2 +- > > OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 ++++++++++++++++--- > > 3 files changed, 28 insertions(+), 6 deletions(-) > > > > -- > > 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116668): https://edk2.groups.io/g/devel/message/116668 Mute This Topic: https://groups.io/mt/104577516/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-