From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.3440.1641536021073328741 for ; Thu, 06 Jan 2022 22:13:41 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Hr5ET/HZ; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1641536021; x=1673072021; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=g6izY6JY/zmHE/MDUW+XQqAdISg7dLQET4Rlwgvx/es=; b=Hr5ET/HZCtPZXWUqYEjfla+XzuFYELXAvKS/R3A7WR5UvCxTnqfg11eg HfL6VEr//TpY/tJ7eV3nxffWegFPajd/L2XaH+5VbLnIJByhWkb82Ine9 F7oT8wCghyvirutjpF3pkl+ePCwTNxNXwVUt744x2NPAj/JLlxHNx767J 8IbBYbNDbND3xv3mjv2qoRkkwqdqdX38mx8Aqzxfb4gt4f0kgRalIDExd ZqsG9QydUdnIPY/6NyERcQT486IIGguPNUsKkTyg3AlfcH7IVHHMBy3n0 h6pWXwEChj1ugtbwPwVrpozJnfQqlOOxPKwWBXDzla9PyNwA/BFB2XQxX g==; X-IronPort-AV: E=McAfee;i="6200,9189,10219"; a="303562557" X-IronPort-AV: E=Sophos;i="5.88,268,1635231600"; d="scan'208";a="303562557" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jan 2022 22:13:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,268,1635231600"; d="scan'208";a="471214210" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga003.jf.intel.com with ESMTP; 06 Jan 2022 22:13:39 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Thu, 6 Jan 2022 22:13:39 -0800 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Thu, 6 Jan 2022 22:13:39 -0800 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Thu, 6 Jan 2022 22:13:39 -0800 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Thu, 6 Jan 2022 22:13:38 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eSxAUdL0Ovyq+Sah/Vh5G3muaJkyoJe/8YqitofYeswZ9EIGOiczTeXyJbXjvFPGUhy5xmNgQrY0hJEFj6TXFcPBdcgRtUVVe3JKxiTXrK57zSaVMbs3ZtcQk8l03gKfUyTf6OD1MfN+W/yVXx4eT+W3xQS8QHCRyl82Nq1Re9ZL03ZvM2yniImQnWbvf1GwN9d/V/MBYofQIrgzgLQU9MhYGggL+wOsdlUSjInPSax4yxrWLXkltC16ztB0s/qXUO2ZMoIppxdZBBXbhRD+35jjvu9MIq9aVPc+bQhbXjxNnQwZEtKjQWQ18xf0CO6b9wDjGBsuZ7GROrTFFPWlbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bd+sLVkJwYSGgIdXIjOK7z1i2bdPcmCVjDphuc2y6eY=; b=A3bGcDDT9tJuclihMt0FGY/xzZKWQDj14qY/uuJW63jPtSOonpC+MUzglF8htoCPONurQzEyP6HFrZPpE8oL1etl/NDeC2SiGFc31SYXSYNWGBnjVQCUdzWzMjygaOjiKR4KY2YhHp/3yqUCwyfTk62ThF8yVAEDG3eVBxVfjckxaBJCXu3MwyPs3sVN7UrcF/EYT4ZGqUh+uLRCwAP6Ij9RYzX8ZkZdbFRpd3xSvGCpDPqGebD718STvUX2gegxGwiolWTuRTI7TryJzG8E1p77smsSFB5GSefq90GzB24IIizLPQItvbKB4KLNIxzczKqSFXDaQrazeo4fNLs3Bg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB5174.namprd11.prod.outlook.com (2603:10b6:510:3b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.9; Fri, 7 Jan 2022 06:13:37 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d%5]) with mapi id 15.20.4867.011; Fri, 7 Jan 2022 06:13:37 +0000 From: "Min Xu" To: "kraxel@redhat.com" CC: "devel@edk2.groups.io" , "Kinney, Michael D" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B Thread-Topic: [edk2-devel] [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B Thread-Index: AQHX8PBp3T4AYRIE0EySqY5nWcpMV6wzWvSAgAGrRwCAAClsgIAD7/RAgAI0B4CAAsQ50IAS9rgAgAYeU7A= Date: Fri, 7 Jan 2022 06:13:37 +0000 Message-ID: References: <20211214134126.869-1-min.m.xu@intel.com> <20211214134126.869-9-min.m.xu@intel.com> <20211215102753.m4bp56bdxzgmdzkr@sirius.home.kraxel.org> <20211216142525.pkaxszwaevlpg4ap@sirius.home.kraxel.org> <20211220121145.aiqcqs6vd2hb2sb4@sirius.home.kraxel.org> <20220103080218.ap7tktgh4fuvw6sf@sirius.home.kraxel.org> In-Reply-To: <20220103080218.ap7tktgh4fuvw6sf@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 673f972b-7760-4798-015a-08d9d1a4d7dc x-ms-traffictypediagnostic: PH0PR11MB5174:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hQPrOf1LlVPnZcuCZDF/ZsdTH9GepAZI56vIdjhA8gMpQWsUVkbkYZet1OIHkeUcQSKFTP6+1VBWAZHY6iaVGnY+Bj/EGIo05UjC3/rOCRFnjYHXimpBMM/vVbhhqU17K+KgkwVmSomaQr3sG5GnNH3Wm/98zZjT4J3mfsSc7nRya2oP5gp3SufGLiRROrLBQSpLEGAyZ1HxKqKbsuKVOrO2ES8CgdmFkp0gklf3F0K/AArhOZCxAiZnDO4W46UOuQjVdVvwsXXhjiCkt7v7lHa0uWm/N1PUj7DLzM6MtVBCLDqpn5Rk9F5r7iXW2PQsntZkLwmbCF7MId2AN4EvK+q4YyJqrt7V8afaZb1y223omW49NITcYrRMq+SNl+zY7ew9yPq4UMupaN5OfHcBVDu3DayPobpCVPCWH2WlZvaMpZ95xzxomuiudzkh43YFeNOmSMZWiVABY3FvZMeVc391NFOy//2e4SirgDRECKJtqB76gDDzusm1S7glfZLP1daxFkR1De8r7Ha6xQH/+x57Ncsi1C5ox3bYNudcNE7MqNMcgQCZg5z5jKncoiX0Q5p1Dhq6mlrB+ld+VeY0Xi0/GLaoO19UZM3rCk5Ue73Z08qYTChrAYWwHpdHgLqx+iyc0bnwEjEuVURWsS3l2GzMToYL8zAzpvo5nKARMmWLRQavtQQYOWReBwUJ/yOa9wPZ2ivn7wxuXkyD/FsS7w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(26005)(8936002)(7696005)(83380400001)(52536014)(86362001)(55016003)(508600001)(2906002)(6916009)(316002)(38100700002)(54906003)(186003)(66946007)(76116006)(66476007)(71200400001)(122000001)(6506007)(66556008)(64756008)(66446008)(19627235002)(9686003)(33656002)(8676002)(82960400001)(38070700005)(5660300002)(4326008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?uREkM823/P0CQdcUsBZZA6wrgYyEfs5FruNl2iZ70yyucX1s3nbUvXeDTdZI?= =?us-ascii?Q?TC8NmBmLz3bFb/j/7weYENIr/om5b4XmBNXqm89H3UX5Y8gcfWYqDwT9XSPI?= =?us-ascii?Q?GCVbR7uJd99qEMDY/qF70seVwKPzYHxcMQ2OijGWThHwTfo/m0aw2NsMmkjC?= =?us-ascii?Q?JcoyasCmFV840bSsI+xKemYYUjVYhpsyIlkofaCMDatEya6ZBGQSzfro316W?= =?us-ascii?Q?g6c0xyqmv4336YSNuodUqchfwGwvLivnNSWbNJCi7lPJtPyL/xTCuK4DzlL2?= =?us-ascii?Q?vmYH7tt5AKEO4nrGGILFTAH8gOljvOpls0sZS6l510CTkxlV0aPOnwnG9+f1?= =?us-ascii?Q?dbIj6glWu+Tti0qDtpZfy9M6v1/On5RdNYQWMiU8Qu85XDC0zLyoW5Wcl8zN?= =?us-ascii?Q?RyBwz23D2vr504IWCa0FUDCdDkrwrMK6TwbfzX5hfDX1OxKCrp25vYAuzbtf?= =?us-ascii?Q?m7SuFlWxTuVUNqv8kW0ERXzAlS8jF7SZ+9o9vbNH/LNJOxcdbYt6ULuVqFVp?= =?us-ascii?Q?TJSfJeWFjyoMUDVR7C9kp6ZV0rCQ8qiBcWGxzuYR+VpU6GXVEe757Jtx384Z?= =?us-ascii?Q?lysAakgUr5WJ9p6LsEMTwDSuPulbCWCqhFOinhb8tTWkUBMF9ox6HLWe56b2?= =?us-ascii?Q?xBzUrbzZmYbWnDl+8rf1T6zCP+afoV5jp5uvk8HjdjcIFLCtHK4sZ74I1uFI?= =?us-ascii?Q?2LYnoaegFlA/apHJQyUz7oZ4H/eT0ltVgEYR9J1pijrfiKS7kYtmFigHEr5Z?= =?us-ascii?Q?Vk/utlUBj7CWMPNWjLtYI6KjbRMo+IQCIxEldNb+FtuJnf/vOAygxHI95RGU?= =?us-ascii?Q?TW/BypN7S+Wp3vI2d/Tyt7QAph7VHRvdTlfCZd5yMqvpF2ip8U6/sJ74oVKh?= =?us-ascii?Q?MyzcDwkUUyJcPiBUGcOrOFhZ4XrcW+3dhq6RZoOVXcoEHHyOOxZ85U/3Arvk?= =?us-ascii?Q?4sg0lZUiLLVir7hUDvBuLxtwEueN9BtsvzzINvyB/cpIejvqMCrrlsi00w94?= =?us-ascii?Q?McvmIP/pjQpilLdbeuby1dqaVhMOlsO5QaIgic8FpGa7wSQ9d3A8JvvlLvAu?= =?us-ascii?Q?xDvoC/ESo6Y53KTJ4eCP+qGdS3FrUyfDYfIB7R3kyNKMEbmE8gFQ3jUn8RPR?= =?us-ascii?Q?SbCjI9MByBoHbMGZlXN5ejCAbV6CNp7G9TqUndJYiwxvkeLEO2dzSZcfnvfF?= =?us-ascii?Q?7FoVEtCQWAoTM1OUr8xT8z6z0xlPZDL3JpQ6Bcdi6RQR3d59Q7MFinq/HV+r?= =?us-ascii?Q?x3qJkABvmT3ZjDi2pZ/UaCDOZvYsfUkxmoqimNXIRcnJ6NwTC279XbvajZkB?= =?us-ascii?Q?hoIGw9wRFdGIvrcr9tD5svkgsOcLrOhlVEWY/52FTvsW9wkJRqRr/WBh2R+j?= =?us-ascii?Q?HeMVRkJyr8kUvNkexj2fFtLnvvNtXIdFNGhrrWcRDKZlhS4AvI1TMsdBZp9Z?= =?us-ascii?Q?UNhSVHaKKOGhnZnP/9fXFv3wbi03vmjfbuWiqKLMUkSC2LoZiqNg05/GCvNo?= =?us-ascii?Q?N0Nt+OFYUfMxREhSk2T13Q350TvvjLRMz7Luo6d3E2U2W4LIqsddluV2Q921?= =?us-ascii?Q?YjBJbYBEZnxbNuwJvAZNr3Pt0X3tXHHT9P8qlORxQapk1M1fp6xLRkEh4ob8?= =?us-ascii?Q?zeYkHTXr0dQ53WJsE+s9vHA=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 673f972b-7760-4798-015a-08d9d1a4d7dc X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2022 06:13:37.4593 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: N1CuXhMd5XONohJsEnuUbCOqtyIDULl2GJvhWmIrsGlS2ZswclsIWDv/lzXo8V2lGsFRLVoIstLFuWghdmrwMw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5174 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On January 3, 2022 4:02 PM, Gerd Hoffmann wrote: >=20 > > PCDs cannot be set in SEC phase, so the values should be saved in a > > Hob (for example, PLATFORM_INFO_HOB). In early DXE phase these values > > are set to the PCDs. This is how TdxDxe does today. > > > > Other tasks can be done in SEC phase. I think there should be a lib > > (for example, PlatformPeiLib) to wrap these functions so that they can > > be re-used by OvmfPkg/PlatformPei. >=20 > Yes, I think we need a PlatformLib for the platform initialization code. = With > PEI we would simply link the lib into PlatformPei, without PEI we would l= ink > parts of the lib into SEC and parts of the lib into DXE. After carefully study the PlatformPei code and a quick PoC (PlatformInitLib= which wraps the basic functions in PlatformPei), I found it's not a easy t= ask for such a lib which can be used in both PlatformPei and Pei-less boot. 1. PlatformInitLib should work both in SEC and PEI. So it cannot use global= variables between different functions. mHostBridgeDevId and mPhysMemAddres= sWidth are the examples. So these variables must be provided by the caller = thru the input function parameters. 2. PlatformInitLib cannot set PCDs in the code. So a Guid hob should be cre= ated to store the PCDs and pass them to DXE phase. Then these PCDs will be = set at the very beginning of DXE phase. 3. The pointer to the HobList should be saved somewhere so that HobLib func= tions can be called in SEC phase. In my PoC it is saved in OVMF_WORK_AREA. 4. In PlatformPei there are many if-else to check if it is SMM/S3/Microvm/C= loud-Hypervisor/SEV/TDX. There are also Bhyve and Xen PlatformPei variants.= In the current PlatformPei those if-else check depends on the PCDs and glo= bal variables. Because of (1) it needs input parameters for all these if-el= se check. Maybe a big environment variable data structure is needed. But anyway a complete functional PlatformInitLib is a big task. My suggesti= on is that in TDVF-Config-B we first propose a basic functional PlatformIni= tLib. This lib can boot up Tdx guest and legacy OVMF guest in TDVF-Config-B= . OvmfPkg/PlatformPei is not refactored by this basic PlatformInitLib this = time. This is because PlatformPei serves SMM/S3/Microvm/Cloud-Hypervisor/SE= V/TDX. It is a big risk for such refactor. We can revisit PlatformPei in th= e future. >=20 > > PEI-less booting up legacy guest doesn't support TPM. > > > > So to boot up legacy guest without PEI phase, there will be below chang= es. > > 1. OvmfStartupLib: (like TdxStartupLib) > > - Decompress DxeFv, locate DxeCore, create IdentityMappingPageTable= s, > then jump to DxeCore. >=20 > Yes. Basically rename TdxStartupLib to OvmfStartupLib and add some > IfTdx() checks. Yes, agree. >=20 > > 2. PlatformPeiLib: > > - Wrap the functions to do memory initialization, etc. (see tasks > > 1-5) >=20 > Yes. Move code from PlatformPei to PlatformLib. Might also need some > reorganization due to SEC restrictions. As I explained above, a basic PlatformInitLib is the first stage and some r= eorganization is needed. >=20 > > 3. OvmfLegacyDxe > > - Set the PCDs (see task 6) >=20 > Well, in Tdx mode you have to set some PCDs too ... TdxDxe.inf can set the PCDs. >=20 > Also not sure we actually need a new Dxe. Can't we just handle that in > PlatformDxe in case of a PEI-less boot? Do you mean "OvmfPkg/PlatformDxe/Platform.inf"? I am afraid PlatformDxe can= not do this task.=20 It is not in APRIORI DXE list so it cannot be guaranteed to be loaded at th= e very beginning of DXE phase. While some PCDs are required in the very ear= ly stage of DXE phase. >=20 > > I know there are many discussions in above options. Can we follow below > road map so that we can discuss 3 (How to achieve ONE Binary) in more > details? > > 1. Basic Config-B (PEI-less and only Tdx guest) 2. Advanced Config-B > > (RTMR based measurement) 3. One Binary Config-B (support legacy guest) >=20 > IMHO step #1 must be reorganizing the platform initialization code for PE= I- > less boot (create PlatformLib as discussed above). >=20 > This patch series side-steps that by simply duplicating the code. PCI > initialization for example. Also setting the tdx PCDs. Having two (or e= ven > more) copies of the same code in the tree is a bad idea though. > It makes long-term maintenance harder for various reasons. As I explained above, a basic PlatformInitLib is the first stage. There wil= l be an advanced PlatformInitLib in the future which implements more compli= cated functions. >=20 > > > ... and given that TDX-capable > > > hardware is not yet production ready I find it rather important that > > > testing the PEI-less boot workflow does not require TDX. > > > > > > It'll also make it much easier to add CI coverage. > > I am thinking if SEV features are covered in CI? > > Because I want to make sure our changes don't impact SEV. >=20 > AmdSevX64.dsc has build-test coverage. There is no qemu boot test > because FlashRomImage() (in OvmfPkg/PlatformCI/PlatformBuildLib.py) > is not flexible enough for that. Fixing that and adding a boot test (in = non-sev > mode) shouldn't be that difficult though. >=20 > Same for IntelTdx.dsc: adding a CI boot test (in non-tdx mode) should be > easy, and it should help preventing regressions in PEI-less boot flow. Agree. We will add a CI boot test (in non-tdx mode). Thanks Min