Re: [edk2-devel] [PATCH V2 12/28] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception

["Yao, Jiewen" <jiewen.yao@intel.com>]

Just to clarify the proposal: We will use EFI_CC_MEASUREMENT_PROTOCOL, CcMemoryEncryptionLib, and CcExceptionLib, right?

Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Friday, October 29, 2021 8:17 AM
> To: Tom Lendacky <thomas.lendacky@amd.com>; Brijesh Singh
> <brijesh.singh@amd.com>; kraxel@redhat.com; Xu, Min M
> <min.m.xu@intel.com>; sami.mujawar@arm.com
> Cc: devel@edk2.groups.io; Erdem Aktas <erdemaktas@google.com>; James
> Bottomley <jejb@linux.ibm.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ray
> <ray.ni@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: Re: [edk2-devel] [PATCH V2 12/28] UefiCpuPkg/CpuExceptionHandler:
> Add base support for the #VE exception
> 
> I am OK to use EFI_CC_MEASUREMENT_PROTOCOL to replace
> EFI_TEE_MEASUREMENT_PROTOCOL. (much better than COCO)
> 
> Samy
> What do you think?
> 
> 
> 
> > -----Original Message-----
> > From: Tom Lendacky <thomas.lendacky@amd.com>
> > Sent: Friday, October 29, 2021 2:29 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; Brijesh Singh
> > <brijesh.singh@amd.com>; kraxel@redhat.com; Xu, Min M
> > <min.m.xu@intel.com>
> > Cc: devel@edk2.groups.io; Erdem Aktas <erdemaktas@google.com>; James
> > Bottomley <jejb@linux.ibm.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ray
> > <ray.ni@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> > Subject: Re: [edk2-devel] [PATCH V2 12/28] UefiCpuPkg/CpuExceptionHandler:
> > Add base support for the #VE exception
> >
> > On 10/28/21 10:52 AM, Yao, Jiewen wrote:
> > > Thanks Brijesh.
> > >
> > > We can merge SNP patches at first, then decide next step. Not a problem.
> > >
> > > TEE is just my initial thought. And I am open to change if we have a better
> > name.
> > >
> > > We already have EFI_TEE_MEASUREMENT_PROTOCOL. I did not see your
> > feedback on that. So I assume you agree with that.
> > >
> > > If you have different idea, please feedback to this patch. I hope we have one
> > name.
> > >
> > > COCO seems weird to me, btw. :(
> >
> > Like Brijesh, I worry about confusion with the ARM TEE feature. Maybe just
> > CC then?
> >
> > Thanks,
> > Tom
> >
> > >
> > > Thank you
> > > Yao Jiewen
> > >
> > >> -----Original Message-----
> > >> From: Brijesh Singh <brijesh.singh@amd.com>
> > >> Sent: Thursday, October 28, 2021 11:35 PM
> > >> To: Yao, Jiewen <jiewen.yao@intel.com>; kraxel@redhat.com; Xu, Min M
> > >> <min.m.xu@intel.com>
> > >> Cc: brijesh.singh@amd.com; devel@edk2.groups.io; Erdem Aktas
> > >> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Tom
> > >> Lendacky <thomas.lendacky@amd.com>; Dong, Eric
> <eric.dong@intel.com>;
> > Ni,
> > >> Ray <ray.ni@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> > >> Subject: Re: [edk2-devel] [PATCH V2 12/28]
> > UefiCpuPkg/CpuExceptionHandler:
> > >> Add base support for the #VE exception
> > >>
> > >>
> > >>
> > >> On 10/27/21 8:59 PM, Yao, Jiewen wrote:
> > >>> Hi Gerd
> > >>> I tend to agree with you on the direction to use one TEE specific Exception
> > lib.
> > >>>
> > >>> However, I have naming concern.
> > >>> The VMG is very SEV specific term. I don't believe it is a right name to
> cover
> > >> the TEE exception lib.
> > >>>
> > >>> If Brijesh agree to merge, I think we should rename it to a neutral name,
> > such
> > >> as TeeExitLib.
> > >>>
> > >>> What do you think, Brijesh?
> > >>
> > >> I am good with merging both the TDX and SEV feature into one library but
> > >> I am not sure about the "TEE" name in it. TEE generally is used on the
> > >> ARM. In Linux kernel and everywhere else we have been using the COCO
> > >> (Confidential Computing), so something along that line makes much more
> > >> sense.
> > >>
> > >> We can rename the library after the SNP patches are merged. I would
> > >> prefer to avoid renaming because all of the SNP patches are Ack-ed.
> > >>
> > >> -Brijesh
> > >>>
> > >>> Thank you
> > >>> Yao Jiewen
> > >>>
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: kraxel@redhat.com <kraxel@redhat.com>
> > >>>> Sent: Wednesday, October 27, 2021 3:20 PM
> > >>>> To: Xu, Min M <min.m.xu@intel.com>
> > >>>> Cc: Brijesh Singh <brijesh.singh@amd.com>; Yao, Jiewen
> > >>>> <jiewen.yao@intel.com>; devel@edk2.groups.io; Erdem Aktas
> > >>>> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>;
> > Tom
> > >>>> Lendacky <thomas.lendacky@amd.com>; Dong, Eric
> > <eric.dong@intel.com>;
> > >> Ni,
> > >>>> Ray <ray.ni@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> > >>>> Subject: Re: [edk2-devel] [PATCH V2 12/28]
> > >> UefiCpuPkg/CpuExceptionHandler:
> > >>>> Add base support for the #VE exception
> > >>>>
> > >>>>     Hi,
> > >>>>
> > >>>>>> How about adding the tdx exception handler to the existing library, so
> > we
> > >>>> don't
> > >>>>>> have the churn of adding a new library everywhere *again*?
> > >>>>
> > >>>>> Do you mean add the VmTdExitVeHandler.c/VmTdExitLibNull.c in
> > >>>> CpuExceptionHandlerLib, then include the corresponding source file in
> > each
> > >>>> *CpuExceptionHandlerLib.inf?
> > >>>>
> > >>>> No, I mean extend the existing VmgExitLib instead of adding a new
> > >>>> VmTdExitLib, i.e. place the tdx handler in
> > >>>> OvmfPkg/Library/VmgExitLib/TdxExitHandler.c
> > >>>>
> > >>>> take care,
> > >>>>     Gerd
> > >>>
> 
> 
> 
>