From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
by mx.groups.io with SMTP id smtpd.web10.6419.1624449374555879469
for <devel@edk2.groups.io>;
Wed, 23 Jun 2021 04:56:14 -0700
Authentication-Results: mx.groups.io;
dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mciV1lW1;
spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: min.m.xu@intel.com)
IronPort-SDR: 1SD/ZSmrF4FTlPkxp4BK9e5v4opz7iRjnmUqH3OULHTwpPKmtCi2oFxPHmXuxjBcrVRc24XX7F
uVnxwjvBiMoQ==
X-IronPort-AV: E=McAfee;i="6200,9189,10023"; a="268384925"
X-IronPort-AV: E=Sophos;i="5.83,293,1616482800";
d="scan'208";a="268384925"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2021 04:56:13 -0700
IronPort-SDR: VhXbL+mxp4nOMs2IjeJ5lI+VBS1sGK0OELizPLptgJ2+eYOB2pNfoIFchZxYGnnzApkDwu8RHn
OfPaDQHlfoBg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.83,293,1616482800";
d="scan'208";a="556943477"
Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85])
by fmsmga001.fm.intel.com with ESMTP; 23 Jun 2021 04:56:12 -0700
Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by
fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2242.4; Wed, 23 Jun 2021 04:56:12 -0700
Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by
fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2242.4; Wed, 23 Jun 2021 04:56:12 -0700
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by
fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4
via Frontend Transport; Wed, 23 Jun 2021 04:56:12 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.177)
by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.1.2242.4; Wed, 23 Jun 2021 04:56:11 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ZPAVUP1D1JNp29+tl9T5B2GA50nLFim39uTdr8g9iuJPxq3d/Fvb/1AVmdmI0RYwUdsCITg+W/Gp0Alx2NgzTAWbqpQm8yZ9oEk2M+d1T9HC4RxeK9Xyh3GFRXe1cJXoaYeh6nNaU9kMRcqxrvjKJtAoj3ulMxkLvF50F9is9JrOAbGFxomGyTQCnoiXzRQBYwE7T1+cw9Q8WhIT4zqeU+GZS+qAjl2WWpaWPeSdhdo0PlKD7KDNczAwhLZizCH4rPYR0vQltMZLVsXH5f1IGrOehstDMScatcFFpuPM+1MrVt5dvKbHldh1EJcJVn8nuixWd3to4L6NGhqyJIoKtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=KlPuIs0Mt3jniFycjmnixNycOU7o7/Dufx/tBcWR2jA=;
b=Gxw9JqL9ZYjJ7De/gWCMWiOMkHM+QlNrEKQptF9wuyv2DNVX+pu03vP3Gy99GxbY/BLwCsgYA1UzSUXLjVlZ88nq6nL5yHMV4El83yMQEuYI62P9FHPt5Fse2bHlBmHBcyjChEeVwj625/tf/JWz/SdGUn3R6I3ZG8Yt9z3n8FVonG3bNxZ7ZcoGayY9a273cp5ksRLZQiFqqfAXhzzqj7QfI4oV/zTgpqGM4bdjPFA6nup7e2f1j8Y/mawBnkFaUKvPd5hlRCVHgGLpvDt9gjrkI2a46iD3Qq/vTzgEAqn6VDnHWwIzo6YdSdtjk6DIhpTLVZRSxJva21QJxW9WqQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
s=selector2-intel-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=KlPuIs0Mt3jniFycjmnixNycOU7o7/Dufx/tBcWR2jA=;
b=mciV1lW1g7sR5cQqdJg1dwT9dDcyiXaf/pFK/y0n79/PkgEyT8iGweYIYEqefv4aUv5XrEapO1WZiBLYYbJiGoPR8TW+e1UTVNRYh/Aqi5OSvPlUVJjgqiVzalpnCfDIX1/RuY3sLkerqfNCmIkqgjIbIL4MeZYJqbxnZj0sC8o=
Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15)
by PH0PR11MB4807.namprd11.prod.outlook.com (2603:10b6:510:3a::6) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Wed, 23 Jun
2021 11:56:10 +0000
Received: from PH0PR11MB5064.namprd11.prod.outlook.com
([fe80::b4be:3994:dd4d:7b9d]) by PH0PR11MB5064.namprd11.prod.outlook.com
([fe80::b4be:3994:dd4d:7b9d%7]) with mapi id 15.20.4242.025; Wed, 23 Jun 2021
11:56:10 +0000
From: "Min Xu" <min.m.xu@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "lersek@redhat.com"
<lersek@redhat.com>, "Yao, Jiewen" <jiewen.yao@intel.com>,
"rfc@edk2.groups.io" <rfc@edk2.groups.io>
CC: "jejb@linux.ibm.com" <jejb@linux.ibm.com>, Brijesh Singh
<brijesh.singh@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>,
"erdemaktas@google.com" <erdemaktas@google.com>, "cho@microsoft.com"
<cho@microsoft.com>, "bret.barkelew@microsoft.com"
<bret.barkelew@microsoft.com>, Jon Lange <jlange@microsoft.com>, Karen Noel
<knoel@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Nathaniel McCallum
<npmccallum@redhat.com>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Ademar de Souza Reis Jr. <areis@redhat.com>
Subject: Re: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF
Thread-Topic: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF
Thread-Index: AddYf4DUPECuZ9ubQaOwhq0M0PgYbAFyHmpgABBrYkACOGvAgAAuKnTw
Date: Wed, 23 Jun 2021 11:56:09 +0000
Message-ID: <PH0PR11MB50647245A457486875900FEEC5089@PH0PR11MB5064.namprd11.prod.outlook.com>
References: <SA2PR11MB489293010F788D305B7A98AD8C3C9@SA2PR11MB4892.namprd11.prod.outlook.com>
<168759329436FBCF.5845@groups.io>
<PH0PR11MB506473EFD3D5FF95ADD6CC1CC5349@PH0PR11MB5064.namprd11.prod.outlook.com>
<4d0fc023-6520-43f6-0b0e-9db7bf15a85c@redhat.com>
In-Reply-To: <4d0fc023-6520-43f6-0b0e-9db7bf15a85c@redhat.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: edk2.groups.io; dkim=none (message not signed)
header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.198.142.0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0e1ee4f8-8579-406a-7ae6-08d9363de453
x-ms-traffictypediagnostic: PH0PR11MB4807:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB48074C84BBC011D7CF16DFE7C5089@PH0PR11MB4807.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: urHtxhMCZ575GtFRxphQHlNyoMoqBxsYWRD/GLP+0vJ4NvsDwG+mp5H8wEKa1WEIEzVm+pzj70MYBfWcuYrV9vWR8T2TN78AW9ew82TB/MzBp1FiFsPUzPcT+e1funLhVB9sXJO1wzPLqyJ+5UlVfXCUjzraBBlXIteMaiL/sPWN0b/aYLfLDHHtIwXdW8a3GyFlVxOWUCymOJQF8HuqdxkV8UgM4JBEQrtw3t9i5XrUQQfuVNp1Te04h3PxJp3w4rOPTFu3UDSXlmRzCQUMOJr1MTbG17AE4L1GyoRf30wF8i55+U6B78No2pisJ1TWVLHBIr0H2JELRqe/59W05YN7p4d5eZkuOUWCos3sHR55p7B/idP/1hJQvz2yjuOqEHMkN7CHmsh/eJ0vTYk47eixWj51BockyJJ4rso1wqHusaeZ4g87wFdyMknT7NIo1GPe++g/xks/Pvh0mNgeeQbCN+vokqAPMMiFdOTBIXh8rIciN79WO2QV2JDYf3//raHdUAbZ1NDJh1l9OS/hjuvfrDDid/Rokc4C0WwKqHBJCh0UNgjqlskuNeeMRqcfxrr74PDNJCrmysHYdntpCCUKDmmCOm114GWMYWyKDE4=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(396003)(39860400002)(136003)(366004)(346002)(26005)(6506007)(53546011)(4326008)(33656002)(478600001)(55016002)(7696005)(66446008)(83380400001)(8676002)(186003)(8936002)(122000001)(38100700002)(9686003)(64756008)(5660300002)(66946007)(76116006)(66556008)(316002)(66476007)(7416002)(52536014)(2906002)(54906003)(110136005)(86362001)(71200400001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?zLRFafbb754F+31BVEf245EGy5+EAojT0HRHzOfs2xhtMtqaf7KxQFxl/C1T?=
=?us-ascii?Q?G8W6tmkBhWOmbL26eLxFAkUcvzH16lvHCO9LtDKVQjBU9VhUv1x7Gb8gGbhW?=
=?us-ascii?Q?aGB6k3prNSBXKl33dhMdg6hj+QgyGporl0kkrvWUuDLsmBPsXacnTluSfyG/?=
=?us-ascii?Q?rakUZnq1ZnbL/2zCltNRhkif00HD56v99b1IyPqpjjirqPdRvg2i/QlM8seV?=
=?us-ascii?Q?0AKrisi4LwAKSnRA7MsZUaV3jT+XFwh9+TbMpc5v8og8VaiPRBBmseynPoLE?=
=?us-ascii?Q?6KSI3yAkR2vit+vB58pxszPHS2AIEiqqZ4lCZdiqnrlXqnIW31y8tKC9GRN9?=
=?us-ascii?Q?mj449qBo5ItEjo70DMFwiENV5pe2MykpGAj8Mwc9v8VRsqlsOdvkhTUWnAS7?=
=?us-ascii?Q?vEwdQJpmDwbeJNwGPWP7rNTeM1lzXNPywqJQ2+m/YBBndTHl/SRpq8bUt+XR?=
=?us-ascii?Q?vlwhAfGVU/hWg4LZdqbSHuQSfbYPvh/QgRO5XZAKrD70fJ+3owCKsY+8d4nf?=
=?us-ascii?Q?qfP4j3g5NAwloXb6SFi/6nqY+C+JQHd2bnYBJrIWZcfh7O6nMUDKcf4kwXOj?=
=?us-ascii?Q?7wWDkzDQeMNMaAt6Q/OGxDsd0dWYgX4LglKVALu+aJc7Z/uVp3Dznd6axTMs?=
=?us-ascii?Q?Nz7pnjLhTaZxy0PQZ6TjQTzNSX7sFzt6APAS3RnfCO32lXd0xjtMNK+rf+WW?=
=?us-ascii?Q?/Gh9IdZhNpYaoRPIH0fGtbnfr3hd2Ho+C3+lOFTCTXDkaZKaD7gZJ0BnZgAi?=
=?us-ascii?Q?NbcYTWfRQvG+OKU9mF4tn6HK8BILLdLQlLduF36HfReFUoxyN+pcXhzw0JKC?=
=?us-ascii?Q?mkL1FQO/FB4ceMe80W0m4X+fzGsPXpiYye+6o4j5KcgmMoN4/SqwDp650fqS?=
=?us-ascii?Q?GLKxVm9oLXNafKRZgTVxvEW+jC7LzP+mRX1zZzReQjcr288T1mj/MzVH3gVM?=
=?us-ascii?Q?GjJRS3n9EPWaYWaCTwGz1DEU7xs5E44UDNWGKNqmL3imWSPcGbXXFsx2rRZQ?=
=?us-ascii?Q?eB3bEYnQDbPUNn0akuHaEeig3GurAHM4wAWTOObiEEemY8jEwMNGZ7ojcBob?=
=?us-ascii?Q?SSLC3hnNUjcy3zdYwq5HlCHuZGvseV1ZQVHSu13UMfziBxbUUZeOmZlzC8oQ?=
=?us-ascii?Q?poxHoVcFznG9R5GZTVC3A9xVSKZG5CddZ7U42DXFdISRWswKCcQs2Sk4tRQh?=
=?us-ascii?Q?GmnfjITCl/BrMlAovuhZQqDnewWFIpfJdtPI+pIfgsxW7nIRSUXiDmgwW90K?=
=?us-ascii?Q?l82wPqz8ZXQZG3JnzyRzv4ibRE+4oMsias1VBqO+0XdYp8CI8HPkrgYewRQ5?=
=?us-ascii?Q?SMNbiWf7Y6EpRz7BKeD5pUPn?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e1ee4f8-8579-406a-7ae6-08d9363de453
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2021 11:56:10.0012
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kDn7Xfa/VLhqtSPQYotxD1wzolIu/fKgr9uPGfTd9xiU2IBqQ18We3FfJ9mtcCBbN7DYdCOXnYX7N1pcIjabJQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4807
Return-Path: min.m.xu@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On 06/22/2021 9:35 PM, Laszlo wrote:
> Hi,
>=20
> On 06/11/21 08:37, Xu, Min M wrote:
> > In today's TianoCore Design Meeting we reviewed the Overview Section
> (from slide 1 to 20). Thanks much for the valuable feedbacks and comments=
.
> The meeting minutes will be sent out soon.
> >
> > To address the concerns of the *one binary* solution in previous
> > discussion, we propose 2 Configurations for TDVF to upstream. (slide 6
> > - 8)
> >
> >
> >
> > Config-A:
> >
> > * Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align
> with existing SEV)
> > * Threat model: VMM is NOT out of TCB. (We don't make things worse.=
)
> > * The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot
> capability. The final binary can run on SEV/TDX/normal OVMF
> > * No changes to existing OvmfPkgX64 image layout.
> > * No need to add additional security features if they do not exist =
today
> > * No need to remove features if they exist today.
> > * RTMR is not supported
> > * PEI phase is NOT skipped in either Td or Non-Td
>=20
> (so this is "Config-A / Option B", per slide 9 in the v0.9 slide deck)
>
Yes, in Config-A we chose to follow the standard EDK2 flow (SEC -> PEI -> =
DXE -> BDS)
So that the changes in Config-A is not too intrusive.
>
>=20
> >
> >
> >
> > Config-B:
> >
> > * Add a standalone IntelTdx.dsc to a TDX specific directory for a *=
full*
> feature TDVF. (Align with existing SEV)
> > * Threat model: VMM is out of TCB. (We need necessary change to
> prevent attack from VMM)
> > * IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The =
final
> binary can run on TDX/normal OVMF
> > * It might eventually merge with AmdSev.dsc, but NOT at this point =
of
> time. And we don't know when it will happen. We need sync with AMD in
> the community, after both of us think the solutions are mature to merge.
> > * Need to add necessary security feature as mandatory requirement,
> such as RTMR based Trusted Boot support
> > * Need to remove unnecessary attack surfaces, such as network stack=
.
>=20
> After reading the above, and checking slides 6 through 10 of the v0.9 sli=
de
> deck:
>=20
> - I prefer Config-B (IntelTdx.dsc).
>=20
> This is in accordance with what I wrote earlier about "OvmfPkgX64.dsc"
> maintainability and regressions.
>=20
> Additionally (given that a full-featured TDVF is the ultimate goal), I se=
e the
> advance from "Config-A / option B" to "Config-B" a lot less
> *incremental* than the step from "OvmfPkgX64.dsc" to "AmdSev.dsc" was.
>=20
> Put differently, I think that any TDX work targeted at "OvmfPkgX64.dsc"
> is going to prove less useful for the final "IntelTdx.dsc" than how reusa=
ble
> SEV work from "OvmfPkgX64.dsc" did for "AmdSev.dsc".
>
> Put yet differently, I'm concerned that a part of the TDX work for
> "OvmfPkgX64.dsc" might be a waste, with an eye towards the ultimate TDVF
> feature set ("IntelTdx.dsc").
>=20
Actually Config-A and Config-B share some common (or basic) TDX features,
for example, the ResetVector, Memory Accept in SEC phase, IoMMU/DMA in
DXE phase, and the base IoLib, etc.
Config-A supports the basic Tdx features (except the security features).
Config-B supports the full set of Tdx features.
>
>=20
> - I could (very cautiously) live with "Config-A / option B" as the initia=
l
> approach. However, we'de have to be ready to make the full split (the
> switch-over to "IntelTdx.dsc") at *any point* during development, in case
> something turns out to be too intrusive. (And yes, "too intrusive" is
> subjective.)
>
Yes, we will always keep in mind the maintainability and regressions about
"OvmfPkgX64.dsc". So as the initial approach, only the basic Tdx features w=
ill
be included in Config-A.
>
> By this I mean that any particular patch towards "Config-A / option B"
> could cause me to ask, "please create IntelTdx.dsc now". Note that the la=
ter
> we make the switch the more painful it could be (=3D the more invested in
> "OvmfPkgX64.dsc" we could be, at that point).
>
Yes we will submit the patch for Config-B when any particular patch towards
"Config-A", so that we will not have a big surprise in the future.
>
Thanks!
Min