From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Michael Kubacki <mikuback@linux.microsoft.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
Sean Brogan <sean.brogan@microsoft.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>,
Ard Biesheuvel <ardb@kernel.org>,
Oliver Steffen <osteffen@redhat.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Srikanth Aithal <sraithal@amd.com>
Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
Date: Thu, 25 Apr 2024 02:37:10 +0000 [thread overview]
Message-ID: <MW4PR11MB587257B33A1DCA4D5ED2D0C38C172@MW4PR11MB5872.namprd11.prod.outlook.com> (raw)
In-Reply-To: <e6cf8253-defa-44ac-b408-bae0be841fa3@linux.microsoft.com>
Thank you very much for the help.
https://github.com/tianocore/edk2/pull/5595 merged.
> -----Original Message-----
> From: Michael Kubacki <mikuback@linux.microsoft.com>
> Sent: Thursday, April 25, 2024 7:22 AM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
> Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver
> in confidential guests
>
> That issue looks different in that CodeQL did not have a problem. You
> can use the same PR, just rebase with master.
>
> It looks like that had an issue triggering pipelines from GitHub which
> might be fixed be rerunning after the push.
>
> Thanks,
> Michael
>
> On 4/24/2024 7:08 PM, Yao, Jiewen wrote:
> > Ah, thank you Mike.
> >
> > Should I close/re-open my PR?
> > Or should I keep waiting?
> >
> > Thank you
> > Yao, Jiewen
> >
> >> -----Original Message-----
> >> From: Kinney, Michael D <michael.d.kinney@intel.com>
> >> Sent: Thursday, April 25, 2024 7:01 AM
> >> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Sean Brogan
> >> <sean.brogan@microsoft.com>; Michael Kubacki
> >> <mikuback@linux.microsoft.com>
> >> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
> >> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> >> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>; Kinney,
> >> Michael D <michael.d.kinney@intel.com>
> >> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> >> confidential guests
> >>
> >> Hi Jiewen,
> >>
> >> Michael Kubacki has been working on a CI issue and a change is being merged
> >> now.
> >>
> >> Mike
> >>
> >>> -----Original Message-----
> >>> From: Yao, Jiewen <jiewen.yao@intel.com>
> >>> Sent: Wednesday, April 24, 2024 3:57 PM
> >>> To: devel@edk2.groups.io; Kinney, Michael D
> >>> <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
> >>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel
> <ardb@kernel.org>;
> >>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
> >>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
> >>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> >>> confidential guests
> >>>
> >>> Hi Mike/Sean
> >>> Can someone look at the EDKII CI?
> >>>
> >>> My PR has been blocked for 9 hours -
> >>> https://github.com/tianocore/edk2/pull/5595.
> >>>
> >>> Thank you
> >>> Yao, Jiewen
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Ard Biesheuvel <ardb@kernel.org>
> >>>> Sent: Thursday, April 25, 2024 1:05 AM
> >>>> To: Yao, Jiewen <jiewen.yao@intel.com>
> >>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
> >>> Steffen
> >>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >>> Srikanth
> >>>> Aithal <sraithal@amd.com>
> >>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
> >>>> confidential guests
> >>>>
> >>>> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
> >>> wrote:
> >>>>>
> >>>>> Thanks Ard.
> >>>>>
> >>>>> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
> >>> ago.
> >>>>> But it seems the CI stops working...
> >>>>>
> >>>>
> >>>> OK, I have dropped my PR.
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Ard Biesheuvel <ardb@kernel.org>
> >>>>>> Sent: Thursday, April 25, 2024 12:27 AM
> >>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
> >>>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
> >>> Oliver
> >>>> Steffen
> >>>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> >>>> Srikanth
> >>>>>> Aithal <sraithal@amd.com>
> >>>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> >>> driver in
> >>>>>> confidential guests
> >>>>>>
> >>>>>> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
> >>> wrote:
> >>>>>>>
> >>>>>>> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> >>>>>>>
> >>>>>>
> >>>>>> Thanks, I've queued this up.
> >>>>>>
> >>>>>>
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: Gerd Hoffmann <kraxel@redhat.com>
> >>>>>>>> Sent: Wednesday, April 24, 2024 2:00 PM
> >>>>>>>> To: devel@edk2.groups.io
> >>>>>>>> Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
> >>>>>>>> <kraxel@redhat.com>; Ard Biesheuvel
> >>> <ardb+tianocore@kernel.org>; Yao,
> >>>>>> Jiewen
> >>>>>>>> <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
> >>>>>>>> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
> >>> driver in
> >>>>>> confidential
> >>>>>>>> guests
> >>>>>>>>
> >>>>>>>> The VirtHstiDxe does not work in confidential guests. There
> >>> also isn't
> >>>>>>>> anything we can reasonably test, neither flash storage nor SMM
> >>> mode will
> >>>>>>>> be used in that case. So just skip driver load when running
> >>> in a
> >>>>>>>> confidential guest.
> >>>>>>>>
> >>>>>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> >>>>>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >>>>>>>> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
> >>> check")
> >>>>>>>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> >>>>>>>> Tested-by: Srikanth Aithal <sraithal@amd.com>
> >>>>>>>> ---
> >>>>>>>> OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
> >>>>>>>> OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++
> >>>>>>>> 2 files changed, 7 insertions(+)
> >>>>>>>>
> >>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> index 9514933011e8..b5c237288766 100644
> >>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >>>>>>>> @@ -49,6 +49,7 @@ [FeaturePcd]
> >>>>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> >>>>>>>>
> >>>>>>>> [Pcd]
> >>>>>>>> + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
> >>>>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
> >>>>>>>>
> >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
> >>>>>>>>
> >>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> index b6e53a1219d1..efaff0d1f3cb 100644
> >>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >>>>>>>> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >>>>>>>> #include <Library/MemoryAllocationLib.h>
> >>>>>>>> #include <Library/UefiBootServicesTableLib.h>
> >>>>>>>> #include <Library/UefiLib.h>
> >>>>>>>> +#include <Library/PcdLib.h>
> >>>>>>>> #include <Library/PlatformInitLib.h>
> >>>>>>>>
> >>>>>>>> #include <IndustryStandard/Hsti.h>
> >>>>>>>> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
> >>>>>>>> EFI_STATUS Status;
> >>>>>>>> EFI_EVENT Event;
> >>>>>>>>
> >>>>>>>> + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
> >>>>>>>> + DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
> >>> __func__));
> >>>>>>>> + return EFI_UNSUPPORTED;
> >>>>>>>> + }
> >>>>>>>> +
> >>>>>>>> DevId = VirtHstiGetHostBridgeDevId ();
> >>>>>>>> switch (DevId) {
> >>>>>>>> case INTEL_82441_DEVICE_ID:
> >>>>>>>> --
> >>>>>>>> 2.44.0
> >>>>>>>
> >
> >
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118254): https://edk2.groups.io/g/devel/message/118254
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2024-04-25 2:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-24 6:00 [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Gerd Hoffmann
2024-04-24 6:45 ` Yao, Jiewen
2024-04-24 16:26 ` Ard Biesheuvel
2024-04-24 16:36 ` Yao, Jiewen
2024-04-24 17:05 ` Ard Biesheuvel
2024-04-24 22:56 ` Yao, Jiewen
2024-04-24 23:01 ` Michael D Kinney
2024-04-24 23:08 ` Yao, Jiewen
2024-04-24 23:21 ` Michael Kubacki
2024-04-25 2:37 ` Yao, Jiewen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB587257B33A1DCA4D5ED2D0C38C172@MW4PR11MB5872.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox