From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web09.3222.1632397197087424042
 for <devel@edk2.groups.io>;
 Thu, 23 Sep 2021 04:39:57 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=RVmV6qjw;
 spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10115"; a="284834053"
X-IronPort-AV: E=Sophos;i="5.85,316,1624345200"; 
   d="scan'208";a="284834053"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Sep 2021 04:39:56 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,316,1624345200"; 
   d="scan'208";a="613916644"
Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83])
  by fmsmga001.fm.intel.com with ESMTP; 23 Sep 2021 04:39:56 -0700
Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Thu, 23 Sep 2021 04:39:56 -0700
Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by
 fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Thu, 23 Sep 2021 04:39:55 -0700
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Thu, 23 Sep 2021 04:39:55 -0700
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.103)
 by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Thu, 23 Sep 2021 04:39:55 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Q6qKnkiTaIfROE4DKbfqodBHg9CFiEwJ1el2EcqWeZTsXLujzBAOP4pEjz4Sw9tYGJe5l8fXiALDh646EqikfAKKUPFtDFT296aQwa4TAuyVK+Us3vcg9kkGlqFv2laUXGUI9olWwYLrncLdihIlJXZxs3Z3PRg3BMKwD3/KiOtswZR5oRMabWo047m2KmH6iduWh6WMUCQfk0Be8CqdGEno/+IMVM5Oij5bEj3nex2ZULQ2WeFMY/vZX8IJWGrJ/6joEbyYhhJg7tKWp9L8AOsx5ZEK9jUqeSvwYcXTEMHgTSd4/doGssFHBs3GnrQ9G/OYnEkz5LOn/NnON+U8Dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=cD2Z3qd8qC4T8Jel0dWV2GzWkTbuqpPTePLVXmvX/2Y=;
 b=Na9Lx/WWf1+j+cKE96r0cMZ46Cu8Ycc073mQIBLInsIBWa6pIkUexu5n1ju5a2XS/8CMTDv8C2bGHCOdnnSufQAwBYOes+GJadJ/+pnIOhmJFqqsxZ4fBktW6MVzMXKlEZWrJrxZNSfe+xaTa14P/QTWOEa8zWMTYXUXtVPgvPY25yFsiVxXyvLWQQjtVFCf3UXIpqze2e5sPlFrcuvWgY41MIA7NMkVluNukmbJBqHNY6dzNqK/tEkWhrt1nAfHuz4PEH9FxIqBJVD0S9EBkI/7zXF7Lleb9NuyUajzDZEKFuOxUz2IX0H1wnc0xGVsfJywhxV9n705eQO807svqg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=cD2Z3qd8qC4T8Jel0dWV2GzWkTbuqpPTePLVXmvX/2Y=;
 b=RVmV6qjwXWeq7QV3m6u64EAkVzplbno0YO7yUOy1tMLF88kmMTcFWxq4ezegeFd0hhyccSoMdlKL87t2etb/6c4c3WsVe3kEBqRB9lrqH+lxsx05Fe3LNc5kUje0P18cIe+vE25lUaLgybnJk6YkPS03KeBuA3QzLWSe06L+qPs=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB5032.namprd11.prod.outlook.com (2603:10b6:510:3a::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.14; Thu, 23 Sep
 2021 11:39:49 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306%6]) with mapi id 15.20.4544.015; Thu, 23 Sep 2021
 11:39:49 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Gerd Hoffmann <kraxel@redhat.com>, "Xu, Min M" <min.m.xu@intel.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, "Justen, Jordan L" <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector
Thread-Topic: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector
Thread-Index: AQHXrsfv6qwUC8Li5kiwlPdQeu+jg6uvry6AgAEZ5ACAAIjkgIAALkqA
Date: Thu, 23 Sep 2021 11:39:48 +0000
Message-ID: <PH0PR11MB4885D5FFE30DA23ADB6E043F8CA39@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <cover.1632214561.git.min.m.xu@intel.com>
 <12721dade1f2f9905cc34271d9abec24650442ff.1632214561.git.min.m.xu@intel.com>
 <20210922074929.e5iwf24t6wyndgbu@sirius.home.kraxel.org>
 <PH0PR11MB5064F97181FD6AE9F5BEA7F6C5A39@PH0PR11MB5064.namprd11.prod.outlook.com>
 <20210923084821.yxizus3loa2p6hms@sirius.home.kraxel.org>
In-Reply-To: <20210923084821.yxizus3loa2p6hms@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.6.200.16
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: redhat.com; dkim=none (message not signed)
 header.d=none;redhat.com; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 23f90f7e-39b5-4525-d961-08d97e86d98d
x-ms-traffictypediagnostic: PH0PR11MB5032:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB5032AFBAE95719E3B22330678CA39@PH0PR11MB5032.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: m+Gmz60bakmLk992kE116ZFpIW/nA7/xBYwld0ikbsnrR38FFJVjWeJXR2rusqAPaedIwV+b5NFyzAppDR7n5MZQOHcirYTw6fjBzGWP/Htw3Ug5/uFY/zmNOhiNCllq+8k66VEj7K13kV+5u87Qrq2qpHht1ohMs34NSBiImZ6dCYXofsX+BTiawfOG+4rh5dbcGWVeHCQ0aygrGa5+EqSoijEGaHM22BtPtM4GuiMr2g/bqQAl02eUKhZBWMsOHplk/xdLhyvvurH2B/NRdPatGEXY0qmNOiqVBipOEWwm7/GzZ5UeLIW9oGKg8EG1c8FgoO0GfFvtlGEauBqlR0Ux5jC3PFkRMuojjcFhQYO09fqgAJRXlwwfx6PPlspFMgy3HFGsQOSMsV57/89KFtMTOjBC+INJyqp2n6MhyZ20VD1xHnd50mZpQ9hJJNDXkppzzwkpxOlnp8WFisfA3z499Kx9aS09TxkU4jA+XK3+W9OVgcKyIwMU3DS0z3PIm7h/UzYXyD5RcPUW44aQiRdmrHaR6qExjbAnpAmuOBKQtGVscBF7jO93NhPPrWsLT3yv12/0yfOt/wgSf6KkfVfbz1r5YnRtZF2qATDRxlq98DVeqas+cSwteIR/6b5nfTQ4uMoVFKVTo3nU22uzxkGm2taVuB9HM+GPhAllb/7YNeILir/wGxpQ6zo904CDIOEc3jW4Yoiz2SSbHHr4Jg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(55016002)(110136005)(7696005)(508600001)(38100700002)(8936002)(186003)(6636002)(83380400001)(54906003)(4326008)(9686003)(8676002)(33656002)(38070700005)(6506007)(122000001)(53546011)(76116006)(2906002)(5660300002)(86362001)(26005)(64756008)(71200400001)(66476007)(66446008)(316002)(66556008)(66946007)(52536014);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?PwC8RY+UVYYGuH+YgCiJP3sz1MQQZqgzYC2rljhPMvSXUgRCRgEHzMUlWrdM?=
 =?us-ascii?Q?xaBTHqGt1SyMY2N9dczRcN8Pclv9QXV0s9tsBHkrlin5VIohmwtjhwz8bptT?=
 =?us-ascii?Q?0prL2bBUE3xls04BaqRgR1pgUgNU+InN5Q3DdDSTTy07w7rDWTTE6WBRcLKH?=
 =?us-ascii?Q?tzrgy7N/i/VE35ocGb47ZevKRE2bGsraAjDJsq1qsohuP2XcVN2tgVyFwlDH?=
 =?us-ascii?Q?f+DREr0pxPGSMrVlsJ0yBMvXjIgO7tjXRSIo5jb6CM9XXEFFJS7zQsSjQrV5?=
 =?us-ascii?Q?QsziOUuur4ii0I9BMvWGMk9l31c1GDgjQ0G6hvSf/+ahZdJgWdBfs6bHYL9P?=
 =?us-ascii?Q?UpUN+9lwQkReIBL7q2mxI8tQ7ss7G9/HMiYt7JantbJVt1ejh1frSfhK8AGh?=
 =?us-ascii?Q?hBZ3kMgFLsGNF7hu2F8C9LLwC/aCppGwYPqAPvgbT9ZCkvIQp4wVPkf9FovU?=
 =?us-ascii?Q?6KkLky5tW7mAtVZge0u0H4y9chG5E5JsKOB2ZTaVenWouT2ME/GJbvfJzTUa?=
 =?us-ascii?Q?rMjt1dgw4NliJ8ftQiJSFL2YIgLapCzZ7YiubgERKI0zeFsLWZ3IoNUEKEah?=
 =?us-ascii?Q?gM32En4RYAb89S34JEgYk9wyjOJ6QVpZqvmvBBP7dxuoQsH12dRm5F4y4Gru?=
 =?us-ascii?Q?9Pe4qH03D782jBEG4QNIie3LCTqB6jYUcdn+DaHkDkXZh0PNtFtA5pPIezsA?=
 =?us-ascii?Q?/krV/Izposug98QXFLrWLHdJP7GCd4mzgIfPFVFohOJLiTyUd9evVwrQQZVs?=
 =?us-ascii?Q?QnJbk2Az2FH3Wr10XOoNUj5ZQ9FRSiUWHmR988qI5UaN2k9696P7Qhycd8vt?=
 =?us-ascii?Q?fTXCw3CKs1awg0jj7EM6wqw1mII5grT7b7YWE/VlxOHT5S5SgDhLxbyNnBzK?=
 =?us-ascii?Q?jVGg3uPk3U1E/BVqECTfNVGDDx2Q3YIxD4w9xDxSIl3pXlvgsReCxru5cDxp?=
 =?us-ascii?Q?I4RIGVZ0BlYh5zzRRo4n57dnbo24NxJPzGpar5Nptq7zGpunf2Pg9P9kjX5f?=
 =?us-ascii?Q?JqFfoFUQR8VdZ+sJH1fDoweuI57CINGlK08vU+UkBqKIF3AI4LWgMygRX2nO?=
 =?us-ascii?Q?4O9Dp72WgBFkb/gwsCRvV+/aHG5VDzesxTqY1hRtH5dXnE1EMG1a+Jwdt2V2?=
 =?us-ascii?Q?YS2XmJXXdBTq1UrcEbFAU8psAC8phm1C3gnGftkLsxfERIk75RhuKwje0iAx?=
 =?us-ascii?Q?R9FRnDQuMklNzqVRd0tVbo4jqMHlxFcbTNPpofAhbPHMUckSJ38rND2QM6cV?=
 =?us-ascii?Q?JBcSS4AmKZGWmQhDv0E34050ryhSPGDTmVii8TpYwkdBhyawP9xcJQv1q2F4?=
 =?us-ascii?Q?LasLf2etHwKZ92o/gWLrptPt?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 23f90f7e-39b5-4525-d961-08d97e86d98d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2021 11:39:48.9518
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BdAFlTRRp+AtDbmMb04jOYAayHEmtB1Btyt9IJ4WgZ6EE5XUJQIhBGBtESDliRmFlFEbv5LlFctIi3boGdZ46g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5032
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I strongly recommend to separate SEV and TDX in all context, if it is somet=
hing SEV or TDX specific.
Then each file has clear ownership.
If it is something generic for both SEV and TDX, it can in one file.=20

For example, SecPeiTempRam/SecPageTable can be in common file.
But SevSnpSecrets/GhcbBookkeeping should be in SEV file.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Thursday, September 23, 2021 4:48 PM
> To: Xu, Min M <min.m.xu@intel.com>
> Cc: devel@edk2.groups.io; Ard Biesheuvel <ardb+tianocore@kernel.org>; Jus=
ten,
> Jordan L <jordan.l.justen@intel.com>; Brijesh Singh <brijesh.singh@amd.co=
m>;
> Erdem Aktas <erdemaktas@google.com>; James Bottomley
> <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Tom Lendacky
> <thomas.lendacky@amd.com>
> Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector
>=20
> On Thu, Sep 23, 2021 at 12:38:24AM +0000, Xu, Min M wrote:
> > On September 22, 2021 3:49 PM, Gerd Hoffmann wrote:
> > >   Hi,
> > >
> > > > +%ifdef ARCH_X64
> > > > +;
> > > > +; TDX Metadata offset block
> > > > +;
> > > > +; TdxMetadata.asm is included in ARCH_X64 because Inte TDX is only=
 ;
> > > > +available in ARCH_X64. Below block describes the offset of ;
> > > > +TdxMetadata block in Ovmf image ; ; GUID :
> > > > +e47a6535-984a-4798-865e-4685a7bf8ec2
> > > > +;
> > > > +tdxMetadataOffsetStart:
> > > > +    DD      tdxMetadataOffsetStart - TdxMetadataGuid - 16
> > > > +    DW      tdxMetadataOffsetEnd - tdxMetadataOffsetStart
> > > > +    DB      0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47
> > > > +    DB      0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2
> > > > +tdxMetadataOffsetEnd:
> > > > +
> > > > +%endif
> > >
> > > This should be switched to common ovmf metadata (see patches 4-7 of t=
he
> > > SEV-SNP series).
> > >
> > > Min: please have a look at these patches.
> > >
>=20
> > Hi, Gerd
> > I checked the patches 4-7 of the SEV-SNP series. The common
> > OvmfMetadata is designed for both SEV and TDX, right?
>=20
> That is the idea, yes.
>=20
> > If so, then it means the SEV and TDX metadata will be mixed in this
> > OvmfMetadata.
>=20
> Yes.
>=20
> > I am thinking there will always be different fields for
> > SEV and TDX. For example, SEV has PcdOvmfSecGhcbPageTable but TDX
> > doesn't need that page. If the common OvmfMetadata is consumed by
> > TDX-QEMU, then PcdOvmfSecGhcbPageTableBase will be initialized too.
> > That doesn't make sense.
>=20
> We have different range types.  OVMF_* are the common areas.  SEV_* will
> be used by sev only, TDX_* will be used by tdx only.  TDX and SEV
> entries are allowed to overlap, i.e. PcdOvmfSecGhcbPageTableBase should
> have some SEV_* type for sev (I think this needs fixing in the series),
> and tdx can use the page for something else by adding an TDX_* entry for
> the same range.
>=20
> > I am thinking that SEV and TDX can keep their own Metadata (in
> > separate files, SevMetadata.asm and TdxMetadata.asm) which are pointed
> > by the SEV or TDX offsets in the GUID-ed chain in ResetVector.
>=20
> I'd very much prefer to have a single table to avoid duplication for the
> common memory areas and keep the reset vector small.
>=20
> Having separate SevMetadata.asm + TdxMetadata.asm files (then have
> OvmfMetadata.asm include these two) is an option.  I think this isn't
> needed, we can also just group the entries in OvmfMetadata.asm.
>=20
> > In this case, SEV and TDX can design their own metadata flexibly, for
> > example, the attribute, the item structure, add/remove/update the
> > items, etc.
>=20
> Why have two ways to do the same thing?
>=20
> take care,
>   Gerd