From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117993+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 315F5D80D4E
	for <rebecca@openfw.io>; Thu, 18 Apr 2024 14:03:22 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=XICuGbFxR5aiEaUiqs3dIf963kRbcUHfooPUy5fD6Rc=;
 c=relaxed/simple; d=groups.io;
 h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1713449001; v=1;
 b=jdD7b+EQlKyjUvBt3j6tW2Vs3q6M1aYWipwJFvEXDwlpZU1t5CPubUrQ/Sq/DdzCmUqmMckf
 EkvipLFA4SrrKf3+iznAaaOUUJkJinAQ0NN4lC7OyzAZKAcZGWgbRu6rXJw8cbUk4t1x6VIA0fs
 +6RqHt/4NqA84MOyOO28DXxIfZDwLkBgtg6HFtxWroUmqKbEAU2yZdZsmaWz2yzbIepbEVhaaQ7
 PSkQHeA0hl3tt1zHSo4boGvPdvBYDvYAMglHwttQexpPOrDveucCp22Ahj89nuvJUmy4SAFK4HU
 kwRM42FqoGolxSugaWnICPdu2nVFD1GBD8qwOKVqfP2yA==
X-Received: by 127.0.0.2 with SMTP id lmS5YY7687511xsH8R8uYHoP; Thu, 18 Apr 2024 07:03:21 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11])
 by mx.groups.io with SMTP id smtpd.web11.13748.1713449000913135998
 for <devel@edk2.groups.io>;
 Thu, 18 Apr 2024 07:03:20 -0700
X-CSE-ConnectionGUID: Bss9s1UqQQevlfeB0x8CfA==
X-CSE-MsgGUID: XJiY/Zq/Q4uPSolZkKZROQ==
X-IronPort-AV: E=McAfee;i="6600,9927,11047"; a="19603703"
X-IronPort-AV: E=Sophos;i="6.07,212,1708416000"; 
   d="scan'208";a="19603703"
X-Received: from orviesa003.jf.intel.com ([10.64.159.143])
  by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2024 07:02:58 -0700
X-CSE-ConnectionGUID: NZyeI4giTLykmRKuQ6qh5w==
X-CSE-MsgGUID: LhsaibUdQiuDsFwOFByxeQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,212,1708416000"; 
   d="scan'208";a="27659911"
X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81])
  by orviesa003.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 18 Apr 2024 07:02:58 -0700
X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Thu, 18 Apr 2024 07:02:57 -0700
X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by
 fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Thu, 18 Apr 2024 07:02:57 -0700
X-Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.168)
 by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Thu, 18 Apr 2024 07:02:57 -0700
X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by IA1PR11MB7385.namprd11.prod.outlook.com (2603:10b6:208:423::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.26; Thu, 18 Apr
 2024 14:01:52 +0000
X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::be3f:5a4f:5180:2ba9]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::be3f:5a4f:5180:2ba9%4]) with mapi id 15.20.7472.027; Thu, 18 Apr 2024
 14:01:52 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "kraxel@redhat.com" <kraxel@redhat.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>, Ard Biesheuvel
	<ardb@kernel.org>, Oliver Steffen <osteffen@redhat.com>
Subject: Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver
Thread-Topic: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver
Thread-Index: AQHafGWtHNg/9O1RfUWmfgvml7zJG7FsRr+AgABRqoCAAXp/gIAAJZ6w
Date: Thu, 18 Apr 2024 14:01:52 +0000
Message-ID: <MW4PR11MB5872726B3F7BC55BD9CE6DE48C0E2@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <20240322142735.1749388-1-kraxel@redhat.com>
 <l5el5elqqn26n33ht54zti5j5hyfxum6262rjfngihv3eluwcs@pdocjqwo7ogu>
 <MW4PR11MB58729D8EB28F5FDA7FA2E93B8C0F2@MW4PR11MB5872.namprd11.prod.outlook.com>
 <cqxqxbtisxbsf4kw3lqsepeqvkyti4oddvqwqn5yfrz67ynmw7@34fs2rsip6nf>
In-Reply-To: <cqxqxbtisxbsf4kw3lqsepeqvkyti4oddvqwqn5yfrz67ynmw7@34fs2rsip6nf>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|IA1PR11MB7385:EE_
x-ms-office365-filtering-correlation-id: 88e03bd5-b7bb-4b9e-ddf5-08dc5fb0197e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: y5mW1bljQiRKWwZPvlJahW832BgNgbQyhuPGnTLHWONUEoP+HFZV0iZ3x2PB+3S9ILH9HCupxrFIpUneqlbFweczeNsQLZ3hb9MiO/dKe1TXwh07P+k9nHsF46wqDKAdVQ+dveEAHMaNhOOcnRpSvEAVaJ9n4F+kknoGUKH+pGj/uDzyjW+mbQHpC+eNb0suYsMd834J0fuM4eaxM41ZfuFIpjvDD1Xuzj1VbfPGyI5yviwjEJZ4AMaMQnTZpsv8Ej+Jfl8o5ew8pPTN8Vbkpf7ClkOCep2pgMHvsqTUa4iBxZam48Yyc5k5ctHLoikuliYcnaY2uOItCMjfijgcqqiAUtYz8jktkoZHZAA2l5OQelfjJbEa7UTIYE/+rj2a58QPYlH4nmHs2v23sbVnow1e0C21/xZB4yeHU0n0j/U8hcpsmTMl4VSXdb7ipk0mqc7bDKm4AzoTGwoXxquEEY2all/742q4KzCGb1HI7DDahbNAvkG2h6PPzc3uptUOhyg2tzNXmpZhZV4W8+LD3ivHZgBw7fMiRmkYgMqD0TFGT6fyn/oKmnk9CS98y1ZfnMJ0kL4g5z8HcHTXruH4N3Q5LHIE902hzZ+8Woichvv9k3YbYxNHZLdgYsIghecBycxdlQ7FdV0ayvTURe0JlzdmMEwRAgemDToXGIQz4S/CQffLvch70rYBrEMzYdhbxktXkPMsGiqrIdfIDfQseg==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NTvPegT5fWkmNvFYoxrHS/I/6QgT7j/cwuifaVYF0W8aH1lxHLaSgY0OsIJk?=
 =?us-ascii?Q?Nqno/OG0l3RzA8mB2dZvuzayWugNXkLvxGwaqS9Z8rch7r+SMMhLAAc+gIM3?=
 =?us-ascii?Q?ODB7v8lTtM+vHGApviVJUiG3SFTfyb/gcTjI6p7OJ5edrhTkJkAnW0G2tX/6?=
 =?us-ascii?Q?jOaaXH2VnM1z926shisMDJlvyWyXDvjMRVsOmDFIOxXTgBeAqEJ0QVR3jHha?=
 =?us-ascii?Q?LdXdUJALN42Ps1MBWPMnEvvHskaat0SLGqdWFWK4s6EMK6jL7qXpNcphaUEm?=
 =?us-ascii?Q?lHKyHTJq8/X8yDIyPJTWVBfnBfOJmHJxtdLe1b+F0WVsrjQmz9p9TYSrPZV0?=
 =?us-ascii?Q?79Bzen+o+Cm/inl/pG8cWkfeNBUOns1fkw81//km3vucAKnGcJVj9X0K2Bvf?=
 =?us-ascii?Q?hkrk+Ivf9/ZpUVywJDUJSt6CPNSnZAF3mf6gFrJ/dKC8eip9B/0Nyek+svlT?=
 =?us-ascii?Q?9YJq+w+32V7eLEdsVSBGrJN52S3YWFPthv1vGe59Z2AbITsq/4JpVXfEeR9z?=
 =?us-ascii?Q?jWV7lp70bfSly5KNNgsGHfGgVuWe5adHr68NueezcrqjJ6+prJ1PMtYtahpO?=
 =?us-ascii?Q?FvxJlGHZXzKGK0sejHfBYqis/4lErigZS0PTj+TkMBXgO81KgMJFWo/85Qp9?=
 =?us-ascii?Q?/YLlHcGBC53KxZ5G27HmZoIY5519TxMU5cUiCVuF2WYrNgq+Go01tAMzFtx6?=
 =?us-ascii?Q?+9q5ZZybtqwTnCy56Hdf9hk/Q5n4hBrYcLGvNlTo4C84gzpfvcOrQmmshNra?=
 =?us-ascii?Q?qufb7lDqmEAimKDWkQ9X+aZTvCzsdjJgOB4efwooCBG80osBfNwex8f106ih?=
 =?us-ascii?Q?WcMUzS3k8pJx3wrX937/pfhBobmupN9LbXLH5px24d80ghZftg9DrwDSuXIy?=
 =?us-ascii?Q?r8sd97UrgjmDjnTlNG8toaoZBrzNzmz25eONFJ4hgBta7caGgDOMwMdKIv9O?=
 =?us-ascii?Q?5sTcAMrakqMFqWslKZjHOiTxsSObA4IdocAdnSUki67cfE0Vev9CSuWwSf8p?=
 =?us-ascii?Q?4+ph10VUORfL1nxbv+FDlar/EY+5NuMhHS3wF/rqNsNtSrkpQacqc7cWYXvR?=
 =?us-ascii?Q?KXW5o9U2Yrlbg/reoH8c0LtizRCHLxQGWyd8hwFqfmKBJHejylwYROUfiwHs?=
 =?us-ascii?Q?T1vPnYwnYHsAiqJ4o38rEttxCJe37UsU1cwlFITBkMoTeQdqJPPLu+ZIJVod?=
 =?us-ascii?Q?8+ov+fCp5Uz7ywszOkrl7yzlFEJowuKjqHiqNRtd+rQBZ/NEhA0C94iqiuHd?=
 =?us-ascii?Q?LSh/syyTzVy5KCZ6MpCiRAvphtIzKoc/1B9zErSKrBexgUaiMpsAZNryW0lF?=
 =?us-ascii?Q?WcPzeK4MiL0Ur5AXneU/oR9+kBmwvsp5xSB7fIvBVpjLZAd+67PgQXpOVVjp?=
 =?us-ascii?Q?Rp87yWzzY1CYKHsF4cw5NlhHzFQPlep+SKd8irVd0RsIMH2R0gS+v73Q987M?=
 =?us-ascii?Q?hp5KQ5wmbIiBi34LZ5lr4iDY1TyY4aANv2nt7LwCEnq5LZqgcUWb2U5B+SEB?=
 =?us-ascii?Q?7Uxn0jxMWhgU5NIi2hGsiZBbehnRXINDO4ySrEm4F3yjQzqyCkU29x8h8tkS?=
 =?us-ascii?Q?JqJzG8niQDYQR1o36JCiQEnwg+gsOZ3ueEqBk14R?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 88e03bd5-b7bb-4b9e-ddf5-08dc5fb0197e
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2024 14:01:52.6014
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SQDa8oOCY78hZ53ELKJS6rmY3MhGkksxKtaoKzUQYDIqmF4S+2Qav7GUqyA9pdhkGCkOdYPSBe1l5IphZ8qn8A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB7385
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 18 Apr 2024 07:03:21 -0700
Resent-From: jiewen.yao@intel.com
Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: Sxa6J2lNPZhDvUei7RhRhpaMx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=jdD7b+EQ;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none)

1) Yes, I highly recommend remove Q35 keyword.
2) Got it. I think we had better add such info in the code as comment as we=
ll.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: kraxel@redhat.com <kraxel@redhat.com>
> Sent: Thursday, April 18, 2024 7:45 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: devel@edk2.groups.io; Ard Biesheuvel <ardb@kernel.org>; Oliver Steffe=
n
> <osteffen@redhat.com>
> Subject: Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver
>=20
> On Wed, Apr 17, 2024 at 01:20:57PM +0000, Yao, Jiewen wrote:
> > That is good start. The SMRAM lock and Flash lock seem good to me.
> >
> > Comment:
> > 1) Do we really need to add "Q35" for the policy?
> > #define VIRT_HSTI_BYTE0_Q35_SMM_SMRAM_LOCK         BIT0
> > #define VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH  BIT1
> >
> > I feel we had better remove it, since SMM_SMRAM_LOCK and
> SMM_SECURE_VARS_FLASH are common features for almost all X86 platforms.
>=20
> Well, SMM mode is supported for the qemu 'q35' machine type only, the
> 'pc' machine type doesn't provide enough memory for SMM.  Which why I've
> added 'Q35' to the name.
>=20
> The SMM_SMRAM_LOCK test actually is q35-specific because the control
> registers are chipset specific.  But, yes, the concept is not q35
> specific.
>=20
> I can drop 'Q35' if you prefer it that way.
>=20
> > 2) Would you please let me know what "READONLY_CODE_FLASH" really
> means?
> >
> > #define VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH  BIT1
> > #define VIRT_HSTI_BYTE0_READONLY_CODE_FLASH        BIT2
> >
> > Does READONLY_CODE_FLASH mean NO write to flash even in SMM mode?
> > Or does it just mean NO write in normal operation mode, but still writa=
ble in
> SMM mode?
>=20
> With qemu being configured properly flash behavior should be this:
>=20
>                                |  OVMF_CODE.fd  |  OVMF_VARS.fd
> -------------------------------+----------------+----------------
> SMM_REQUIRE=3DTRUE, SMM mode     |  read-only     |  writable
> SMM_REQUIRE=3DTRUE, normal mode  |  read-only (1) |  read-only (2)
> SMM_REQUIRE=3DFALSE              |  read-only (3) |  writable
>=20
> VIRT_HSTI_BYTE0_READONLY_CODE_FLASH will verify (1) + (3).
> VIRT_HSTI_BYTE0_Q35_SMM_SECURE_VARS_FLASH will verify (2).
>=20
> (probably a good idea to add that as comment to the patches).
>=20
> take care,
>   Gerd



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117993): https://edk2.groups.io/g/devel/message/117993
Mute This Topic: https://groups.io/mt/105086174/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-