From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web11.6496.1632479620006985306 for ; Fri, 24 Sep 2021 03:33:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=xpxKl205; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10116"; a="222158539" X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="222158539" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Sep 2021 03:33:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="614367113" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by fmsmga001.fm.intel.com with ESMTP; 24 Sep 2021 03:33:38 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Fri, 24 Sep 2021 03:33:37 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Fri, 24 Sep 2021 03:33:37 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Fri, 24 Sep 2021 03:33:36 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.105) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Fri, 24 Sep 2021 03:33:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Znc9KF7Us3XlICLZSZaT24rQPIIjW11g7EzSAg2VRoO5TthAexS09N0kbtHayb3ud+3R3V/wDyc7ppxYJ+KiaW+xYdZfeTp2/ArRk46CSqcO/xqqoNMxwB8fd+ker++o0pndmSMfEfduhfdFEAgA23RKMSAR/awLOq+afE4LZpdNUVB/WQcWHloomz3FlayouAKnNHllgFWT2YrU3hGuo/yGOLbBNHjjkLelxzK3QDOl+GLvOABJcuGyICbUCeNO+e22BVCCC1NYWtCYBHgJyTLjwc/QlvJGQ2VjwZ8mNnnOaZHqxmrlowtfOPDxAp96XUjy5ZL92IH+ZUUt+2sd5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=P2UvFvdwUDoww31jukt23V3BzWItBME2hywcvfMj7h8=; b=VKrmlZAyKIt17mJfxLHDoJFvJBAhVH71eVuUYe68CfwdcSHv3V7M1a++F3Rb9a9l20ZHMr5fxQQ8w4svgPK9JWE/fdaqdiu33Rcnja9C3Oo/bAZ++RFBOtydRczh7ksu6/eqCGoaN1t3cCzft1EMUlZK/PueGqcLC+/a6IZ3NOHWm3eGJ8g1GznVfSYQ0x4lFklzD0L2OkeNs1y/1TR6dmfHrUB514Ee7OZJiPpK3jSWWOb59ENqTtsIyJXMASj4QYGC5cRGNsQGoYLVGOmMHz4UC4alBkGi/oQYFV66Cc+XkP+XaOeU+FWZtmycE3CtzK3UAGHLHMiBo9/UU4wv3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P2UvFvdwUDoww31jukt23V3BzWItBME2hywcvfMj7h8=; b=xpxKl205RSVSJ8jAGuNeHJ+vqvNCFg+PBEWVDugaxY5RHqHVUGS8Eqp8OdPY52wfh1VIzWR075po7JRJwRSuxwinTUKPtDqtCDJJtRLnY2Y/t6jLVzzltT4hrA1UWv7BKK1fxzde4Mlu55Ig2MKZjKpgwttYWPZINXziWyhAwaM= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB4838.namprd11.prod.outlook.com (2603:10b6:510:40::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Fri, 24 Sep 2021 10:33:35 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306%6]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021 10:33:35 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "kraxel@redhat.com" , "Xu, Min M" CC: Brijesh Singh , Ard Biesheuvel , "Justen, Jordan L" , Erdem Aktas , James Bottomley , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector Thread-Topic: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector Thread-Index: AQHXrsfv6qwUC8Li5kiwlPdQeu+jg6uvry6AgAEZ5ACAAIjkgIAALkqAgAAWigCAAAcDAIAAA09wgAAI9ICAAAMxAIAA/y2AgAAYU4CAADWiAIAABQmA Date: Fri, 24 Sep 2021 10:33:35 +0000 Message-ID: References: <20210923084821.yxizus3loa2p6hms@sirius.home.kraxel.org> <7c9aeb95-5c33-bd8d-4f0c-40133f4c7c3d@amd.com> <20210924052825.2qljhtvweonbov5q@sirius.home.kraxel.org> <20210924100726.m33otbjod4fo3vur@sirius.home.kraxel.org> In-Reply-To: <20210924100726.m33otbjod4fo3vur@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.200.16 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ca837a59-4313-4170-cbf2-08d97f46c38a x-ms-traffictypediagnostic: PH0PR11MB4838: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: eVZGL/csudbBSRO2zR/jDtAyT99Z22SybPbPEvJzjptsN6XRPIB9thzz2L5tNT/jzl0CxCmFys9XholMNdhFDH4enLMxs8ILwJPjlfS6MsMzBbyBcD93ILhziQFgUYnKshujAE+7a4qx3xp/fiLp4u6W+HNAlPeyiIMxcgi0j1cH1dgF9STL6k+jA+WaKkT930WcsScJrqd+h2F8iOzaGhDlogXK2jwaNFI7QJmygxI41xDJ7R1yMKK9xZ665YgLA0jCkW2A4XSBmmdTVf0ILvbhf4+3SeXPZ/WrbY/779YlMxx1N8wWT1GJi79HcccMD+Vci7wV4vjF56njwyQuyG2AGvgU3gGMKDvMWWburklYAJ+wqfuMU86SCDRAm8TkTLdo1ce3H7WxAqxjm3jbEoMewoYLznzwOYql2Kb9+mc/ZbJ9szJbo6AyrI1ZFOaauNyBObeMe0V/yqO79nYpzmBCAULgLLgWoIhpk0HIOfWtIQl8nMPB19Mdd2bIOZwzA5Dlirh49tmfXmtUx4p0xsdWVxuw6SIQFkhmZTrXYC7jBRrRs2am1dbJ9hTY2vRmYbhQ7qT6Yag/6WQDrghCKRb93Aj5Mod5cYfyaTjreNh1mYxiaa9VhsRU8dEhgdX1ymGXnpH920EVa8NBnve9WyP43dXqx0a0VzhW/2+Jg33bfZgdsQnXXFwSp9nTC3Dn99yv36b2sfgrAAs41io1zg3bwk2+KCPYYBV6iqPd1zz0WLhZN4txxqI80zdpnv1bKOYhbBAf5hfW+Qw4un26964CnsHvrp6cYM8thoP6ukzuoOIxqA+MALhpX3Ybq+FGaTvABWnXzbmsV0cu3OQ4WQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(52536014)(66446008)(55016002)(9686003)(76116006)(66476007)(66556008)(66946007)(83380400001)(4326008)(71200400001)(33656002)(966005)(64756008)(508600001)(8676002)(26005)(6506007)(53546011)(5660300002)(8936002)(7696005)(6636002)(186003)(86362001)(110136005)(54906003)(2906002)(316002)(122000001)(38100700002)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?S4bmHoJyxfbac1+JWwkDXmQMD1vBd0+vQbrJ93SYj01KjrnIQZsReRM+LeXW?= =?us-ascii?Q?2LHxUl4TsncISDF4KhxtQg/Ne0bqeUDFO1qo+y5qbcHa3Jk3q2W4yb7TprQA?= =?us-ascii?Q?U1Nxf1DIiTBHWWRB0OUr9qmphvCcxzIBd3ziA3D4FdRYB5djl3oqZ0dzPQhl?= =?us-ascii?Q?7rGF/bBK+o8SCi+/ybVv4LfAf8lKZQpwUKsEL8y29++CWAIMpUJC5ftPLcGw?= =?us-ascii?Q?fUYKxjHk/J/CREJPSePoH3FXb714pB6S6SrgMjpEz8ykJk1rUQkmhIHod/p7?= =?us-ascii?Q?ru+SsQmWqrzhBjwbQHkDyPlvd6wdBjfyAofbpXm96r7mpFbnSWs0qNF5UKfT?= =?us-ascii?Q?kaZeP0wqi/X/TDJ1q+kVDUB/aABYg1COxBW8rmPP6x7mwlkhXgXvSxB7B4qz?= =?us-ascii?Q?MHJBQ/czVf3I5rib+AaCSz+3nIZuI4usvz2nNZozxkUzEq7vSnY96H+qfT/W?= =?us-ascii?Q?HsTNF4i7xRiiqrgiOBkC7x9aArDrTjwke3bDRwxXfYqt5qCjYZwSInv3m7X7?= =?us-ascii?Q?5FTZfSvGElGvtGs8/lw2pkuSrqKQu9maMeHAeA1Vpx9YtLKLTg9hUDM9XRFj?= =?us-ascii?Q?lQjLLRrXL31X4JEoPNSZiZmHyC+0qHS32wzqCdGIV4/6H7+WercsNtLwG5iT?= =?us-ascii?Q?ricarfA1SyjQiKjEUHSFRXREXirLP1huumg+LH8NWEbsW+WaLlhXNaFcF+r7?= =?us-ascii?Q?ozV1k4C1/CUdIhYYCauAGOF+m+kLFs2VA2Wx59LVEy6Vja5lC3p6su4j+q9w?= =?us-ascii?Q?umOPqvlmyVPnL83g8qqr9grNf+IuoL3VWo5uxwdUnmIT6uyOYnXnI6ysaeiI?= =?us-ascii?Q?qrOs5lnQqnp2jXdtd170BSUzES/zRzhJEMuTQcvZq3i4OS/+XFUKu9gmLV9G?= =?us-ascii?Q?F/SBoklSs12IVS6CRhHg7lQTyxBWExXNKuxPQRGlSzieo+GOFcNguYdWCqPX?= =?us-ascii?Q?Y2Bb0iJbuI7UaktXRkj9RQ1TE7t4/iVXvr2GO49N+/2+iDrmC/MKg4iKiP22?= =?us-ascii?Q?GHZWJLdVrMiX9k+Hf/loXRTCfzTn+tj20rovL5rCHB6CLMphc2aMNsYZrlLq?= =?us-ascii?Q?jLK3vXqlyccL4gpmZ1A8Dd+q8Cz07c/RPsnlAkKo261b4bzZKeukPYP8ehjL?= =?us-ascii?Q?8uq03CYan8kx3vEuSkTbzQ3xSHnVv7f3DtoT/np/Ygaj3mTV5M6KeaQMwoMK?= =?us-ascii?Q?N4IbYZMQInLCwVfK3t5fRE7Kx5iSdFXY4gJvKdanwjKn1R91jXf5IGYYMyBJ?= =?us-ascii?Q?ErSvYp6hfBc2R4YB0MoNdz2qBdvN1bO4jkZzw4QJIOePxU7HuwNHtBLoDlIx?= =?us-ascii?Q?1lfs9Git58xdAUv/KzFh8f+7?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca837a59-4313-4170-cbf2-08d97f46c38a X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 10:33:35.3423 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: w3L3Cmw9WM+RMjHVcfKiZL9IKS2dc98kyEebcy5tGRsewg8rT7GZeEjwvltLNR/cfy91BHyUwRIj82z3YCm8ww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4838 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Again. Two topics. We need discuss them separately. Topic 1: TD metadata table is an architecture way to communicate with VMM. We took the design from PE/COFF image section, which is flexible to support= different binary format. EDKII TDVF is just one possible producer. There could be other producer in = the future. We don't want to define something only meet current TDVF need. The ATTRIBUTE field are separated from TYPE field, because they are differe= nt thing. Currently, you may use TYPE to predict what ATTRIBUTE will be. Bu= t that is NOT always correct. We are adding more ATTRIBUTE for the future. Topic 2: In config-B we remove PEI. I think we should say it in different way: We add PEI back in config-A. In our original design we totally eliminated PEI, because it is unnecessary= . IMHO, it is totally an overdesign in OVMF to include PEI. However, in order to be compatible with current OVMF and make "minimal" cha= nge for config-A, we add PEI back. Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Gerd > Hoffmann > Sent: Friday, September 24, 2021 6:07 PM > To: Xu, Min M > Cc: Brijesh Singh ; Yao, Jiewen > ; devel@edk2.groups.io; Ard Biesheuvel > ; Justen, Jordan L = ; > Erdem Aktas ; James Bottomley > ; Tom Lendacky > Subject: Re: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVect= or >=20 > Hi, >=20 > > > The question why TDX_BFV_RAW_DATA_OFFSET and > > > TDX_BFV_RAW_DATA_SIZE are needed and why TDX_BFV_MEMORY_BASE + > > > TDX_BFV_MEMORY_SIZE can't be used is still open. > > Here is a BFV metadata. > > 37 <1> _B= fv: > > 38 00000140 00400800 <1> DD TDX_BFV_RAW_DATA_= OFFSET > > 39 00000144 00C03700 <1> DD TDX_BFV_RAW_DATA_= SIZE > > 40 00000148 0040C8FF00000000 <1> DQ TDX_BFV_MEMORY_BASE > > 41 00000150 00C0370000000000 <1> DQ TDX_BFV_MEMORY_SIZE > > 42 00000158 00000000 <1> DD > TDX_METADATA_SECTION_TYPE_BFV > > 43 0000015C 01000000 <1> DD > TDX_METADATA_ATTRIBUTES_EXTENDMR > > > > TDX_BFV_RAW_DATA_OFFSET/TDX_BFV_RAW_DATA_SIZE indicates the > offset/size of BFV in Ovmf.fd. > > TDX_BFV_MEMORY_BASE/ TDX_BFV_MEMORY_SIZE is the physical memory > address which is to be mapped. > > TDX-QEMU use these information to 1) do the measurement of the BFV 2) m= ap > the BFV to the physical memory >=20 > TDX_BFV_RAW_DATA_SIZE + TDX_BFV_MEMORY_SIZE are identical. Why do > you > need both? Yes, I know, some entries have RAW_DATA_SIZE=3D0 because > nothing is loaded for them. You can also figure that by looking at the > section type. >=20 > TDX_BFV_RAW_DATA_OFFSET can be calculated from > TDX_BFV_MEMORY_BASE, it's > a fixed offset (depending on firmware size). At least as long as the > firmware loading uses to the usual x86 workflow (place right below 4G). >=20 > Also: When placing the firmware below 4G MEMORY_BASE + MEMORY_SIZE can > be DD. >=20 > The attribute field can be added to the ovmf meta data, or we make that > part of the section type. >=20 > > *Config-A* enables a minimum functionality in OvmfPkgX64.dsc without > > breaking existing functionality. >=20 > > *Config-B* is a separate platform configuration file can be used to > > provide all the security guarantees that TDX provides. >=20 > Why does config-b need a completely different initialization code path > (i.e. skip PEI, see slide 11 of the tdvf design review)? >=20 > take care, > Gerd >=20 >=20 >=20 >=20 >=20