From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 315F5D80D4E for ; Thu, 18 Apr 2024 14:03:22 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=XICuGbFxR5aiEaUiqs3dIf963kRbcUHfooPUy5fD6Rc=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713449001; v=1; b=jdD7b+EQlKyjUvBt3j6tW2Vs3q6M1aYWipwJFvEXDwlpZU1t5CPubUrQ/Sq/DdzCmUqmMckf EkvipLFA4SrrKf3+iznAaaOUUJkJinAQ0NN4lC7OyzAZKAcZGWgbRu6rXJw8cbUk4t1x6VIA0fs +6RqHt/4NqA84MOyOO28DXxIfZDwLkBgtg6HFtxWroUmqKbEAU2yZdZsmaWz2yzbIepbEVhaaQ7 PSkQHeA0hl3tt1zHSo4boGvPdvBYDvYAMglHwttQexpPOrDveucCp22Ahj89nuvJUmy4SAFK4HU kwRM42FqoGolxSugaWnICPdu2nVFD1GBD8qwOKVqfP2yA== X-Received: by 127.0.0.2 with SMTP id lmS5YY7687511xsH8R8uYHoP; Thu, 18 Apr 2024 07:03:21 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) by mx.groups.io with SMTP id smtpd.web11.13748.1713449000913135998 for ; Thu, 18 Apr 2024 07:03:20 -0700 X-CSE-ConnectionGUID: Bss9s1UqQQevlfeB0x8CfA== X-CSE-MsgGUID: XJiY/Zq/Q4uPSolZkKZROQ== X-IronPort-AV: E=McAfee;i="6600,9927,11047"; a="19603703" X-IronPort-AV: E=Sophos;i="6.07,212,1708416000"; d="scan'208";a="19603703" X-Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2024 07:02:58 -0700 X-CSE-ConnectionGUID: NZyeI4giTLykmRKuQ6qh5w== X-CSE-MsgGUID: LhsaibUdQiuDsFwOFByxeQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,212,1708416000"; d="scan'208";a="27659911" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orviesa003.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 18 Apr 2024 07:02:58 -0700 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 18 Apr 2024 07:02:57 -0700 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 18 Apr 2024 07:02:57 -0700 X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.168) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 18 Apr 2024 07:02:57 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by IA1PR11MB7385.namprd11.prod.outlook.com (2603:10b6:208:423::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.26; Thu, 18 Apr 2024 14:01:52 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::be3f:5a4f:5180:2ba9]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::be3f:5a4f:5180:2ba9%4]) with mapi id 15.20.7472.027; Thu, 18 Apr 2024 14:01:52 +0000 From: "Yao, Jiewen" To: "kraxel@redhat.com" CC: "devel@edk2.groups.io" , Ard Biesheuvel , Oliver Steffen Subject: Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver Thread-Topic: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver Thread-Index: AQHafGWtHNg/9O1RfUWmfgvml7zJG7FsRr+AgABRqoCAAXp/gIAAJZ6w Date: Thu, 18 Apr 2024 14:01:52 +0000 Message-ID: References: <20240322142735.1749388-1-kraxel@redhat.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|IA1PR11MB7385:EE_ x-ms-office365-filtering-correlation-id: 88e03bd5-b7bb-4b9e-ddf5-08dc5fb0197e x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: y5mW1bljQiRKWwZPvlJahW832BgNgbQyhuPGnTLHWONUEoP+HFZV0iZ3x2PB+3S9ILH9HCupxrFIpUneqlbFweczeNsQLZ3hb9MiO/dKe1TXwh07P+k9nHsF46wqDKAdVQ+dveEAHMaNhOOcnRpSvEAVaJ9n4F+kknoGUKH+pGj/uDzyjW+mbQHpC+eNb0suYsMd834J0fuM4eaxM41ZfuFIpjvDD1Xuzj1VbfPGyI5yviwjEJZ4AMaMQnTZpsv8Ej+Jfl8o5ew8pPTN8Vbkpf7ClkOCep2pgMHvsqTUa4iBxZam48Yyc5k5ctHLoikuliYcnaY2uOItCMjfijgcqqiAUtYz8jktkoZHZAA2l5OQelfjJbEa7UTIYE/+rj2a58QPYlH4nmHs2v23sbVnow1e0C21/xZB4yeHU0n0j/U8hcpsmTMl4VSXdb7ipk0mqc7bDKm4AzoTGwoXxquEEY2all/742q4KzCGb1HI7DDahbNAvkG2h6PPzc3uptUOhyg2tzNXmpZhZV4W8+LD3ivHZgBw7fMiRmkYgMqD0TFGT6fyn/oKmnk9CS98y1ZfnMJ0kL4g5z8HcHTXruH4N3Q5LHIE902hzZ+8Woichvv9k3YbYxNHZLdgYsIghecBycxdlQ7FdV0ayvTURe0JlzdmMEwRAgemDToXGIQz4S/CQffLvch70rYBrEMzYdhbxktXkPMsGiqrIdfIDfQseg== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NTvPegT5fWkmNvFYoxrHS/I/6QgT7j/cwuifaVYF0W8aH1lxHLaSgY0OsIJk?= =?us-ascii?Q?Nqno/OG0l3RzA8mB2dZvuzayWugNXkLvxGwaqS9Z8rch7r+SMMhLAAc+gIM3?= =?us-ascii?Q?ODB7v8lTtM+vHGApviVJUiG3SFTfyb/gcTjI6p7OJ5edrhTkJkAnW0G2tX/6?= =?us-ascii?Q?jOaaXH2VnM1z926shisMDJlvyWyXDvjMRVsOmDFIOxXTgBeAqEJ0QVR3jHha?= =?us-ascii?Q?LdXdUJALN42Ps1MBWPMnEvvHskaat0SLGqdWFWK4s6EMK6jL7qXpNcphaUEm?= =?us-ascii?Q?lHKyHTJq8/X8yDIyPJTWVBfnBfOJmHJxtdLe1b+F0WVsrjQmz9p9TYSrPZV0?= =?us-ascii?Q?79Bzen+o+Cm/inl/pG8cWkfeNBUOns1fkw81//km3vucAKnGcJVj9X0K2Bvf?= =?us-ascii?Q?hkrk+Ivf9/ZpUVywJDUJSt6CPNSnZAF3mf6gFrJ/dKC8eip9B/0Nyek+svlT?= =?us-ascii?Q?9YJq+w+32V7eLEdsVSBGrJN52S3YWFPthv1vGe59Z2AbITsq/4JpVXfEeR9z?= =?us-ascii?Q?jWV7lp70bfSly5KNNgsGHfGgVuWe5adHr68NueezcrqjJ6+prJ1PMtYtahpO?= =?us-ascii?Q?FvxJlGHZXzKGK0sejHfBYqis/4lErigZS0PTj+TkMBXgO81KgMJFWo/85Qp9?= =?us-ascii?Q?/YLlHcGBC53KxZ5G27HmZoIY5519TxMU5cUiCVuF2WYrNgq+Go01tAMzFtx6?= =?us-ascii?Q?+9q5ZZybtqwTnCy56Hdf9hk/Q5n4hBrYcLGvNlTo4C84gzpfvcOrQmmshNra?= =?us-ascii?Q?qufb7lDqmEAimKDWkQ9X+aZTvCzsdjJgOB4efwooCBG80osBfNwex8f106ih?= =?us-ascii?Q?WcMUzS3k8pJx3wrX937/pfhBobmupN9LbXLH5px24d80ghZftg9DrwDSuXIy?= =?us-ascii?Q?r8sd97UrgjmDjnTlNG8toaoZBrzNzmz25eONFJ4hgBta7caGgDOMwMdKIv9O?= =?us-ascii?Q?5sTcAMrakqMFqWslKZjHOiTxsSObA4IdocAdnSUki67cfE0Vev9CSuWwSf8p?= =?us-ascii?Q?4+ph10VUORfL1nxbv+FDlar/EY+5NuMhHS3wF/rqNsNtSrkpQacqc7cWYXvR?= =?us-ascii?Q?KXW5o9U2Yrlbg/reoH8c0LtizRCHLxQGWyd8hwFqfmKBJHejylwYROUfiwHs?= =?us-ascii?Q?T1vPnYwnYHsAiqJ4o38rEttxCJe37UsU1cwlFITBkMoTeQdqJPPLu+ZIJVod?= =?us-ascii?Q?8+ov+fCp5Uz7ywszOkrl7yzlFEJowuKjqHiqNRtd+rQBZ/NEhA0C94iqiuHd?= =?us-ascii?Q?LSh/syyTzVy5KCZ6MpCiRAvphtIzKoc/1B9zErSKrBexgUaiMpsAZNryW0lF?= =?us-ascii?Q?WcPzeK4MiL0Ur5AXneU/oR9+kBmwvsp5xSB7fIvBVpjLZAd+67PgQXpOVVjp?= =?us-ascii?Q?Rp87yWzzY1CYKHsF4cw5NlhHzFQPlep+SKd8irVd0RsIMH2R0gS+v73Q987M?= =?us-ascii?Q?hp5KQ5wmbIiBi34LZ5lr4iDY1TyY4aANv2nt7LwCEnq5LZqgcUWb2U5B+SEB?= =?us-ascii?Q?7Uxn0jxMWhgU5NIi2hGsiZBbehnRXINDO4ySrEm4F3yjQzqyCkU29x8h8tkS?= =?us-ascii?Q?JqJzG8niQDYQR1o36JCiQEnwg+gsOZ3ueEqBk14R?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 88e03bd5-b7bb-4b9e-ddf5-08dc5fb0197e X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2024 14:01:52.6014 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SQDa8oOCY78hZ53ELKJS6rmY3MhGkksxKtaoKzUQYDIqmF4S+2Qav7GUqyA9pdhkGCkOdYPSBe1l5IphZ8qn8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB7385 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 18 Apr 2024 07:03:21 -0700 Resent-From: jiewen.yao@intel.com Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Sxa6J2lNPZhDvUei7RhRhpaMx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=jdD7b+EQ; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) 1) Yes, I highly recommend remove Q35 keyword. 2) Got it. I think we had better add such info in the code as comment as we= ll. Thank you Yao, Jiewen > -----Original Message----- > From: kraxel@redhat.com > Sent: Thursday, April 18, 2024 7:45 PM > To: Yao, Jiewen > Cc: devel@edk2.groups.io; Ard Biesheuvel ; Oliver Steffe= n > > Subject: Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver >=20 > On Wed, Apr 17, 2024 at 01:20:57PM +0000, Yao, Jiewen wrote: > > That is good start. The SMRAM lock and Flash lock seem good to me. > > > > Comment: > > 1) Do we really need to add "Q35" for the policy? > > #define VIRT_HSTI_BYTE0_Q35_SMM_SMRAM_LOCK BIT0 > > #define VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH BIT1 > > > > I feel we had better remove it, since SMM_SMRAM_LOCK and > SMM_SECURE_VARS_FLASH are common features for almost all X86 platforms. >=20 > Well, SMM mode is supported for the qemu 'q35' machine type only, the > 'pc' machine type doesn't provide enough memory for SMM. Which why I've > added 'Q35' to the name. >=20 > The SMM_SMRAM_LOCK test actually is q35-specific because the control > registers are chipset specific. But, yes, the concept is not q35 > specific. >=20 > I can drop 'Q35' if you prefer it that way. >=20 > > 2) Would you please let me know what "READONLY_CODE_FLASH" really > means? > > > > #define VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH BIT1 > > #define VIRT_HSTI_BYTE0_READONLY_CODE_FLASH BIT2 > > > > Does READONLY_CODE_FLASH mean NO write to flash even in SMM mode? > > Or does it just mean NO write in normal operation mode, but still writa= ble in > SMM mode? >=20 > With qemu being configured properly flash behavior should be this: >=20 > | OVMF_CODE.fd | OVMF_VARS.fd > -------------------------------+----------------+---------------- > SMM_REQUIRE=3DTRUE, SMM mode | read-only | writable > SMM_REQUIRE=3DTRUE, normal mode | read-only (1) | read-only (2) > SMM_REQUIRE=3DFALSE | read-only (3) | writable >=20 > VIRT_HSTI_BYTE0_READONLY_CODE_FLASH will verify (1) + (3). > VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH will verify (2). >=20 > (probably a good idea to add that as comment to the patches). >=20 > take care, > Gerd -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117993): https://edk2.groups.io/g/devel/message/117993 Mute This Topic: https://groups.io/mt/105086174/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-