From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web08.6223.1632477327932247041
 for <devel@edk2.groups.io>;
 Fri, 24 Sep 2021 02:55:28 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=zfmbAG5Y;
 spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10116"; a="211117252"
X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; 
   d="scan'208";a="211117252"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Sep 2021 02:55:27 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; 
   d="scan'208";a="475149475"
Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85])
  by orsmga007.jf.intel.com with ESMTP; 24 Sep 2021 02:55:26 -0700
Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by
 fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Fri, 24 Sep 2021 02:55:26 -0700
Received: from fmsmsx605.amr.corp.intel.com (10.18.126.85) by
 fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Fri, 24 Sep 2021 02:55:25 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Fri, 24 Sep 2021 02:55:25 -0700
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.172)
 by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Fri, 24 Sep 2021 02:55:25 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=GlSfPl9qj1mKyFoLF2+7X/aFChGdG5RGlSyT13KamR699FAEICOVp2aZhIGH8j5rWdXhk5+NdcvUZQWEKZhnAzumRx9qZMeGp7pTBOJ5urN6N23zbWn21Sn+fFzM/j9rSkYOu4rWGoR4Ffsb1KV6YtMtXFcXiuHMS+9w5t4OL0K1Ub7sLUQU2uiNXhDpa4fTnUCkw9G4uGsfsppSOgnNbZEcfbNtYMFMrDvjfsGI9PumXR5KhEUjhYnLUQR58yEilI0e7ry0h38Zl+aSgFazgZb46ULxwor4TprtTYSVMgeZZAmOCuywE/KK+sp2T/GdM3qMeDtXi/Ww41QtwZod7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=Zsv2L4XFdExOnspiYoh3r3Hq8qyhl5s2u/LI/1iHmHg=;
 b=i8l4S27aP6jJQmqw+3wbVTf5f1r+R8JB2zJRTGZNS2lKT4lF9RwHWmJ1AtT4OETlf+wrLpdCBfAdjbqFRIRqBzM6/HMZhKQ6GAYwCXDjJeEi+IPA373Oo9hqK2jPcFvokW6p1Unsod6hgtmG9GKQ1oPEtgWpVZ2ENpWKAS1VLZiJEaxGVqxjKnoVXZ05DL53nume2UtWc0pVTrO13kC6L28mGbneguyaxI9yx/cBYRcpccINP+Jph96cofLmRGqrDs5pKq71FSo2eePwo7sm4vaqP07pmmx6xGyCaJEzhfu93fO0HD688oldgVPr00xf6oAWy+sqz5Ktz+RFFHWbRw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Zsv2L4XFdExOnspiYoh3r3Hq8qyhl5s2u/LI/1iHmHg=;
 b=zfmbAG5Ydl/Hc3DGmGy0ZXivKGMeRZDNxMZnYDWy0oKZebbUJBB3flZ2uuzwGFS2sJflPFAW/L1huzpn76iCV07Ed+P60149Bls717iFv7wQka4a94ZzpE0xHddXVNDXWVmUpgULaaAPrkCBHInAidCwnrIMNSx1ZWEK1rZykAU=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB5189.namprd11.prod.outlook.com (2603:10b6:510:3d::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Fri, 24 Sep
 2021 09:55:24 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306%6]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021
 09:55:23 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "kraxel@redhat.com"
	<kraxel@redhat.com>
CC: "Xu, Min M" <min.m.xu@intel.com>, Brijesh Singh <brijesh.singh@amd.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>, "Justen, Jordan L"
	<jordan.l.justen@intel.com>, Erdem Aktas <erdemaktas@google.com>, "James
 Bottomley" <jejb@linux.ibm.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector
Thread-Topic: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector
Thread-Index: AQHXrsfv6qwUC8Li5kiwlPdQeu+jg6uvry6AgAEZ5ACAAIjkgIAALkqAgAAWigCAAAcDAIAAA09wgAAI9ICAAAMxAIAAAMeQgAEA24CAACBUMIAAHyEAgAAAXyA=
Date: Fri, 24 Sep 2021 09:55:23 +0000
Message-ID: <PH0PR11MB4885F718A894AF9E5A109E668CA49@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <20210923084821.yxizus3loa2p6hms@sirius.home.kraxel.org>
 <PH0PR11MB4885D5FFE30DA23ADB6E043F8CA39@PH0PR11MB4885.namprd11.prod.outlook.com>
 <7c9aeb95-5c33-bd8d-4f0c-40133f4c7c3d@amd.com>
 <PH0PR11MB5064315E616890F1D3B5CABDC5A39@PH0PR11MB5064.namprd11.prod.outlook.com>
 <PH0PR11MB4885D523395C08266148DEFD8CA39@PH0PR11MB4885.namprd11.prod.outlook.com>
 <dfb4bdde-601e-d896-fe01-44aab0566dc1@amd.com>
 <PH0PR11MB5064C03B9B7041BC6A9E1822C5A39@PH0PR11MB5064.namprd11.prod.outlook.com>
 <PH0PR11MB488574F0233C7BB5A48F16E98CA39@PH0PR11MB4885.namprd11.prod.outlook.com>
 <20210924053713.fy4ulz3ykbs4xqka@sirius.home.kraxel.org>
 <SJ0PR11MB4894298E75BDC15EEC791B958CA49@SJ0PR11MB4894.namprd11.prod.outlook.com>
 <20210924092420.a2r6tsiah2bj4zku@sirius.home.kraxel.org>
In-Reply-To: <20210924092420.a2r6tsiah2bj4zku@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.6.200.16
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2bd43785-6467-4dce-0dc0-08d97f416db6
x-ms-traffictypediagnostic: PH0PR11MB5189:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB5189A7B4FFF2BEE9EDB297C38CA49@PH0PR11MB5189.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SQwhh+TQOpaYDiUDPNpoHDMC8WrMOGOZRJ55YVKZFWWwWW+6POsa1BMYiMVUaEu5lNJdE9f4RcBE/OFGnj+8SjHnFpbCEirnQYPQFgms/BgF+JsoIt/YaYdNdO42ckqA4MwNcC9roBm+eJ+AVtX90t0l5ISwT+kMBjNImIbZDCvvYEe1cZu7dcVeGXr6aVdgtRrIf7CgI04mnny9fn18ZYNxrEEQMhKSIOglL317odSkVcvhd7C8UMMIiqkgrQOzCykvvI9IvLuT89xYPgyKFAgiD/r4YrJ5Y9WFoprXAyiHo+apb9oOC/pYgqY5baWKOjctgSs7W2kqtSW9Jq49ra17oO29x3QHwuQIXknTKBJENZDj5ovYQloSgVhM/SR4QLgbpid5eHAJgspTWC5hhy4O4GxFKVSjR0rgr1SaKosi65pkbMnSK3KCPfbwjg9gCNq763kWlIklhZ9LG87jWWJdntL1dBZV2DV2N2XMoEAUuq03YS/rPGsqvOkE4zh9L8gwFcRJY120H4SEER4W7IgD1u4Xk1vINWQWnn+gj1u6iJwL2ninkUTDmgk59pssJsn/GNxu3CDr7oVDOqb6nrzboIH/T/xVJqXlyWd/nOoE8kmA7d1vVY4vhpF+Pddpcvo31fJkCXurOOgS5UkFXTnLCojWuAI38J5M4Sa6D+hrhI15HU0e5MA7F7Ctx5dakG2/JsYm8rLeZibeMT/2+lhf3S+tajD95IKHVSozEgm9tD+yiI4PzaxXb/fecDzPp3ytW2NQzDjfkSyqJpcNrpD1lbYJzkapA4o3HAEXwL+5Cq5+TQc+JDzKclgrz7RirT34rdQJlM6scJb0xoedwA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(38070700005)(9686003)(7696005)(55016002)(4326008)(110136005)(76116006)(54906003)(83380400001)(66946007)(316002)(186003)(966005)(6506007)(86362001)(2906002)(64756008)(8936002)(66446008)(53546011)(66476007)(66556008)(508600001)(71200400001)(8676002)(26005)(5660300002)(33656002)(122000001)(38100700002)(52536014);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?uZ6A1l0DquXE2lCxvuqm8jr3jMwwQeCzztrqmg9iNBgU5aDFK2BmFpEWwyig?=
 =?us-ascii?Q?03AQD98O4IvfBjm7nD9Qik1Rb41mB9sWqUKinw83tvNCmSJnwFEVVRq8RbP/?=
 =?us-ascii?Q?CG8yz9mwiGcNtpHDiCNmVIpyWxlbznZ1XtPUV8aK6U0nxEhVmyQtJzUx2C+k?=
 =?us-ascii?Q?742QIuKG7ySOL0q2gq27t/5+t40SfGOhLVD9UYaGnrls8JqEsIKlYA7liQ9e?=
 =?us-ascii?Q?CpzmFl23MXgoliWlhNHFeYajX9nPTLi5720rIl/NQhxN2ktzU2hw88QipHUD?=
 =?us-ascii?Q?J3GEt1/KOYH6Dp+wTVfhdUatgI4v02PNQTGVqo/KTT8655DiSUkM3sONtMoD?=
 =?us-ascii?Q?V9Z35FcWMr/TcDmaZNexUm2V0OWIBSnRDiJqdPwdAatEjSMKNrpuNt4W60rl?=
 =?us-ascii?Q?8QKL0EqA41/SWP1Dgu63p+oeNqOhCfQXrZDgSNEQjLs4MkzMco3fVf3z9Nbi?=
 =?us-ascii?Q?aRJJHQAiOI/RTwnD2xa5NmoOaE3WTnBuY4/N25hfpgi28JqpUp/J9SnOAMtC?=
 =?us-ascii?Q?dnU96PTzkojT0VPsrKYSDdq8xok7f50m5gJqYjsSu8ItFRjqh5PGR61AogOI?=
 =?us-ascii?Q?n+z4rFFHYnlQ5qlXFF2gqW4pCEQErZ8cfGDGoqZQl7zNk167dq0DVUa2cKG1?=
 =?us-ascii?Q?/MixA5ThQbOVPaCtPZ5yxC8g4tERi1pe8+3e142Jcor6a8PiY0f8845Bgdrv?=
 =?us-ascii?Q?Bn2MgGvYU1ioavOJpM8olZp1wmaqef5D6DHeKZxnuLjliH23/cCVpTaT9f2Z?=
 =?us-ascii?Q?yA+1djxklhcgHntZk0iv7+PaiU98cxhn9PUK+dQZyyUvJtzlMYvLnKNiY28d?=
 =?us-ascii?Q?MJ5oQDSl2qcBpif/1vME+o8EnXa9/eHfZh7UJW6b5r4pl3KjsnssWT4V0Hl4?=
 =?us-ascii?Q?mV9RUNfFarHpQS0lJwVgnI97HGdQ0/Qdro6+nvhuG+pi4lwAKhL+exfDzmG9?=
 =?us-ascii?Q?BY7L/gviY34wkP2/j8yWdDX3h0gabA6N3aa53rk8cyRUYpVrIA/XPTjzhAgi?=
 =?us-ascii?Q?q/O87QabtdiaV1w3GD5MpY4l9rdSTToYcca1UJAgKon2ROJ6LN8VmKIco/8M?=
 =?us-ascii?Q?gqhFhzNA87H1wQejfIIDcOp6GclxmJVjuBgJ5rKVnPCMVkwprcTSr5K798WI?=
 =?us-ascii?Q?csc0IT0VMlVSTFFwgtvn2amKdxUCWAY+uMvCkEuRImII+F8Au8Vdk0rWzqJ/?=
 =?us-ascii?Q?l2v9pj2/UbSOZ75Sg4yOyjDttNQyTIY0jJ5trB7/ac+Nq7UVc697hdKNwNjI?=
 =?us-ascii?Q?ypBh1rh5RPJici2kt7IB7dvf0oaEW6JCHYfdgsPK1dzPVrmNvY96s79lqjGS?=
 =?us-ascii?Q?xatxEYFaj/h5FAEMY52OLV31?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2bd43785-6467-4dce-0dc0-08d97f416db6
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 09:55:23.8371
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5YwJ8GejwTafmpPj3d7NJEbIBdZdKULPlPUjNG5m+6FBceIQAZzddcsncSchG3ja1YxRFE7iXJ4zFLH1ePmnWQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5189
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I think we are discussing two topics. Please allow me to separate them.

1) Topic one: A unified build for config-A and config-B

I think we have discussed that before in EDKII, when Laszlo suggested:
A) don't put all TDX features into OvmfPkg.dsc, just put a basic feature th=
em - we call it config-A.
B) Put full TDX feature into another TdvfPkg.dsc - we call it config-B.
Once we finish A) and B), we can evaluate how to merge B into A.
I do recommend you track back or have a discussion in RedHat to see what is=
 high level suggestion from RedHat.


2) Topic two: A unified metadata table for SEV and TDX.

To me, I don't see it is necessary. I would say: I agree with you that we c=
an align the design as much as possible, such as MemEncryption, ExceptionLi=
b, IOMMU, etc.
However, if there is something totally different, I see no benefit to merge=
.
One example I could give is ACPI MADT table, X86 system defines its own int=
errupt table (APIC), while ARM system defines its own interrupt table (GIC)=
. There is NO need to define a common interrupt table to cover both X86 and=
 ARM.

I think current two table approach is good enough. TDX owner maintains its =
own table. SEV owner maintains its own table. Just like APIC table and GIC =
in ACPI MADT.
Although they are called confidential computing technology, the hardware im=
plementation is different and features are different.
>>From software layer, we can have HAL. But it does not mean we only have one=
 common HAL for SEV and TDX. Two different HAL implementation are acceptabl=
e.

For the one table proposal, I would like to understand
A) What is the problem statement with current implementation?
B) What is the goal we want to achieve?
C) What is the benefit we can get?

Please be as specific as possible.

BTW: For C), I don't think we will have smaller code size, because we align=
 we have to define some unnecessary field.
For your statement to remove duplication, please give me some real example.=
 The page table example is invalid, because TDX does not need define an pag=
e table entry.
SEV requires GHCB, CPUID page but TDX does not. While TDX need indicate whi=
ch range extend to MRTD, which is NOT. Also TDX metadata table will indicat=
e which region may use AUG page, and which use ADD page in the future. I am=
 not sure if SEV need those info.


Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Gerd
> Hoffmann
> Sent: Friday, September 24, 2021 5:24 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Xu, Min M <min.m.xu@intel.com>; Brijesh Singh <brijesh.singh@amd.com>=
;
> devel@edk2.groups.io; Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen,
> Jordan L <jordan.l.justen@intel.com>; Erdem Aktas <erdemaktas@google.com>=
;
> James Bottomley <jejb@linux.ibm.com>; Tom Lendacky
> <thomas.lendacky@amd.com>
> Subject: Re: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVect=
or
>=20
> On Fri, Sep 24, 2021 at 07:36:10AM +0000, Yao, Jiewen wrote:
> > That is my question.
> > AMD has its own extension. TDX has its own extension.
> > Why we have to unify the firmware binary, and to make both us unconfirm=
able?
>=20
> Isn't that the plan anyway?  At least for "config-a" with a basic
> feature set?  See other mail just sent for comments on "config-b".
>=20
> > Or do we want to unify ARM/AARch64/RISC-V ?
>=20
> Not sure what you are trying to tell me.
>=20
> take care,
>   Gerd
>=20
>=20
>=20
>=20
>=20