From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.6419.1624449374555879469 for ; Wed, 23 Jun 2021 04:56:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mciV1lW1; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: min.m.xu@intel.com) IronPort-SDR: 1SD/ZSmrF4FTlPkxp4BK9e5v4opz7iRjnmUqH3OULHTwpPKmtCi2oFxPHmXuxjBcrVRc24XX7F uVnxwjvBiMoQ== X-IronPort-AV: E=McAfee;i="6200,9189,10023"; a="268384925" X-IronPort-AV: E=Sophos;i="5.83,293,1616482800"; d="scan'208";a="268384925" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2021 04:56:13 -0700 IronPort-SDR: VhXbL+mxp4nOMs2IjeJ5lI+VBS1sGK0OELizPLptgJ2+eYOB2pNfoIFchZxYGnnzApkDwu8RHn OfPaDQHlfoBg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,293,1616482800"; d="scan'208";a="556943477" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga001.fm.intel.com with ESMTP; 23 Jun 2021 04:56:12 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 23 Jun 2021 04:56:12 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 23 Jun 2021 04:56:12 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4 via Frontend Transport; Wed, 23 Jun 2021 04:56:12 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.177) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.4; Wed, 23 Jun 2021 04:56:11 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZPAVUP1D1JNp29+tl9T5B2GA50nLFim39uTdr8g9iuJPxq3d/Fvb/1AVmdmI0RYwUdsCITg+W/Gp0Alx2NgzTAWbqpQm8yZ9oEk2M+d1T9HC4RxeK9Xyh3GFRXe1cJXoaYeh6nNaU9kMRcqxrvjKJtAoj3ulMxkLvF50F9is9JrOAbGFxomGyTQCnoiXzRQBYwE7T1+cw9Q8WhIT4zqeU+GZS+qAjl2WWpaWPeSdhdo0PlKD7KDNczAwhLZizCH4rPYR0vQltMZLVsXH5f1IGrOehstDMScatcFFpuPM+1MrVt5dvKbHldh1EJcJVn8nuixWd3to4L6NGhqyJIoKtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KlPuIs0Mt3jniFycjmnixNycOU7o7/Dufx/tBcWR2jA=; b=Gxw9JqL9ZYjJ7De/gWCMWiOMkHM+QlNrEKQptF9wuyv2DNVX+pu03vP3Gy99GxbY/BLwCsgYA1UzSUXLjVlZ88nq6nL5yHMV4El83yMQEuYI62P9FHPt5Fse2bHlBmHBcyjChEeVwj625/tf/JWz/SdGUn3R6I3ZG8Yt9z3n8FVonG3bNxZ7ZcoGayY9a273cp5ksRLZQiFqqfAXhzzqj7QfI4oV/zTgpqGM4bdjPFA6nup7e2f1j8Y/mawBnkFaUKvPd5hlRCVHgGLpvDt9gjrkI2a46iD3Qq/vTzgEAqn6VDnHWwIzo6YdSdtjk6DIhpTLVZRSxJva21QJxW9WqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KlPuIs0Mt3jniFycjmnixNycOU7o7/Dufx/tBcWR2jA=; b=mciV1lW1g7sR5cQqdJg1dwT9dDcyiXaf/pFK/y0n79/PkgEyT8iGweYIYEqefv4aUv5XrEapO1WZiBLYYbJiGoPR8TW+e1UTVNRYh/Aqi5OSvPlUVJjgqiVzalpnCfDIX1/RuY3sLkerqfNCmIkqgjIbIL4MeZYJqbxnZj0sC8o= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4807.namprd11.prod.outlook.com (2603:10b6:510:3a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Wed, 23 Jun 2021 11:56:10 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::b4be:3994:dd4d:7b9d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::b4be:3994:dd4d:7b9d%7]) with mapi id 15.20.4242.025; Wed, 23 Jun 2021 11:56:10 +0000 From: "Min Xu" To: "devel@edk2.groups.io" , "lersek@redhat.com" , "Yao, Jiewen" , "rfc@edk2.groups.io" CC: "jejb@linux.ibm.com" , Brijesh Singh , Tom Lendacky , "erdemaktas@google.com" , "cho@microsoft.com" , "bret.barkelew@microsoft.com" , Jon Lange , Karen Noel , Paolo Bonzini , Nathaniel McCallum , "Dr. David Alan Gilbert" , Ademar de Souza Reis Jr. Subject: Re: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF Thread-Topic: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF Thread-Index: AddYf4DUPECuZ9ubQaOwhq0M0PgYbAFyHmpgABBrYkACOGvAgAAuKnTw Date: Wed, 23 Jun 2021 11:56:09 +0000 Message-ID: References: <168759329436FBCF.5845@groups.io> <4d0fc023-6520-43f6-0b0e-9db7bf15a85c@redhat.com> In-Reply-To: <4d0fc023-6520-43f6-0b0e-9db7bf15a85c@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.142.0] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0e1ee4f8-8579-406a-7ae6-08d9363de453 x-ms-traffictypediagnostic: PH0PR11MB4807: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: urHtxhMCZ575GtFRxphQHlNyoMoqBxsYWRD/GLP+0vJ4NvsDwG+mp5H8wEKa1WEIEzVm+pzj70MYBfWcuYrV9vWR8T2TN78AW9ew82TB/MzBp1FiFsPUzPcT+e1funLhVB9sXJO1wzPLqyJ+5UlVfXCUjzraBBlXIteMaiL/sPWN0b/aYLfLDHHtIwXdW8a3GyFlVxOWUCymOJQF8HuqdxkV8UgM4JBEQrtw3t9i5XrUQQfuVNp1Te04h3PxJp3w4rOPTFu3UDSXlmRzCQUMOJr1MTbG17AE4L1GyoRf30wF8i55+U6B78No2pisJ1TWVLHBIr0H2JELRqe/59W05YN7p4d5eZkuOUWCos3sHR55p7B/idP/1hJQvz2yjuOqEHMkN7CHmsh/eJ0vTYk47eixWj51BockyJJ4rso1wqHusaeZ4g87wFdyMknT7NIo1GPe++g/xks/Pvh0mNgeeQbCN+vokqAPMMiFdOTBIXh8rIciN79WO2QV2JDYf3//raHdUAbZ1NDJh1l9OS/hjuvfrDDid/Rokc4C0WwKqHBJCh0UNgjqlskuNeeMRqcfxrr74PDNJCrmysHYdntpCCUKDmmCOm114GWMYWyKDE4= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(396003)(39860400002)(136003)(366004)(346002)(26005)(6506007)(53546011)(4326008)(33656002)(478600001)(55016002)(7696005)(66446008)(83380400001)(8676002)(186003)(8936002)(122000001)(38100700002)(9686003)(64756008)(5660300002)(66946007)(76116006)(66556008)(316002)(66476007)(7416002)(52536014)(2906002)(54906003)(110136005)(86362001)(71200400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?zLRFafbb754F+31BVEf245EGy5+EAojT0HRHzOfs2xhtMtqaf7KxQFxl/C1T?= =?us-ascii?Q?G8W6tmkBhWOmbL26eLxFAkUcvzH16lvHCO9LtDKVQjBU9VhUv1x7Gb8gGbhW?= =?us-ascii?Q?aGB6k3prNSBXKl33dhMdg6hj+QgyGporl0kkrvWUuDLsmBPsXacnTluSfyG/?= =?us-ascii?Q?rakUZnq1ZnbL/2zCltNRhkif00HD56v99b1IyPqpjjirqPdRvg2i/QlM8seV?= =?us-ascii?Q?0AKrisi4LwAKSnRA7MsZUaV3jT+XFwh9+TbMpc5v8og8VaiPRBBmseynPoLE?= =?us-ascii?Q?6KSI3yAkR2vit+vB58pxszPHS2AIEiqqZ4lCZdiqnrlXqnIW31y8tKC9GRN9?= =?us-ascii?Q?mj449qBo5ItEjo70DMFwiENV5pe2MykpGAj8Mwc9v8VRsqlsOdvkhTUWnAS7?= =?us-ascii?Q?vEwdQJpmDwbeJNwGPWP7rNTeM1lzXNPywqJQ2+m/YBBndTHl/SRpq8bUt+XR?= =?us-ascii?Q?vlwhAfGVU/hWg4LZdqbSHuQSfbYPvh/QgRO5XZAKrD70fJ+3owCKsY+8d4nf?= =?us-ascii?Q?qfP4j3g5NAwloXb6SFi/6nqY+C+JQHd2bnYBJrIWZcfh7O6nMUDKcf4kwXOj?= =?us-ascii?Q?7wWDkzDQeMNMaAt6Q/OGxDsd0dWYgX4LglKVALu+aJc7Z/uVp3Dznd6axTMs?= =?us-ascii?Q?Nz7pnjLhTaZxy0PQZ6TjQTzNSX7sFzt6APAS3RnfCO32lXd0xjtMNK+rf+WW?= =?us-ascii?Q?/Gh9IdZhNpYaoRPIH0fGtbnfr3hd2Ho+C3+lOFTCTXDkaZKaD7gZJ0BnZgAi?= =?us-ascii?Q?NbcYTWfRQvG+OKU9mF4tn6HK8BILLdLQlLduF36HfReFUoxyN+pcXhzw0JKC?= =?us-ascii?Q?mkL1FQO/FB4ceMe80W0m4X+fzGsPXpiYye+6o4j5KcgmMoN4/SqwDp650fqS?= =?us-ascii?Q?GLKxVm9oLXNafKRZgTVxvEW+jC7LzP+mRX1zZzReQjcr288T1mj/MzVH3gVM?= =?us-ascii?Q?GjJRS3n9EPWaYWaCTwGz1DEU7xs5E44UDNWGKNqmL3imWSPcGbXXFsx2rRZQ?= =?us-ascii?Q?eB3bEYnQDbPUNn0akuHaEeig3GurAHM4wAWTOObiEEemY8jEwMNGZ7ojcBob?= =?us-ascii?Q?SSLC3hnNUjcy3zdYwq5HlCHuZGvseV1ZQVHSu13UMfziBxbUUZeOmZlzC8oQ?= =?us-ascii?Q?poxHoVcFznG9R5GZTVC3A9xVSKZG5CddZ7U42DXFdISRWswKCcQs2Sk4tRQh?= =?us-ascii?Q?GmnfjITCl/BrMlAovuhZQqDnewWFIpfJdtPI+pIfgsxW7nIRSUXiDmgwW90K?= =?us-ascii?Q?l82wPqz8ZXQZG3JnzyRzv4ibRE+4oMsias1VBqO+0XdYp8CI8HPkrgYewRQ5?= =?us-ascii?Q?SMNbiWf7Y6EpRz7BKeD5pUPn?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0e1ee4f8-8579-406a-7ae6-08d9363de453 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2021 11:56:10.0012 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kDn7Xfa/VLhqtSPQYotxD1wzolIu/fKgr9uPGfTd9xiU2IBqQ18We3FfJ9mtcCBbN7DYdCOXnYX7N1pcIjabJQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4807 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On 06/22/2021 9:35 PM, Laszlo wrote: > Hi, >=20 > On 06/11/21 08:37, Xu, Min M wrote: > > In today's TianoCore Design Meeting we reviewed the Overview Section > (from slide 1 to 20). Thanks much for the valuable feedbacks and comments= . > The meeting minutes will be sent out soon. > > > > To address the concerns of the *one binary* solution in previous > > discussion, we propose 2 Configurations for TDVF to upstream. (slide 6 > > - 8) > > > > > > > > Config-A: > > > > * Merge the *basic* TDVF feature to existing OvmfX64Pkg.dsc. (Align > with existing SEV) > > * Threat model: VMM is NOT out of TCB. (We don't make things worse.= ) > > * The OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot > capability. The final binary can run on SEV/TDX/normal OVMF > > * No changes to existing OvmfPkgX64 image layout. > > * No need to add additional security features if they do not exist = today > > * No need to remove features if they exist today. > > * RTMR is not supported > > * PEI phase is NOT skipped in either Td or Non-Td >=20 > (so this is "Config-A / Option B", per slide 9 in the v0.9 slide deck) > Yes, in Config-A we chose to follow the standard EDK2 flow (SEC -> PEI -> = DXE -> BDS) So that the changes in Config-A is not too intrusive. > >=20 > > > > > > > > Config-B: > > > > * Add a standalone IntelTdx.dsc to a TDX specific directory for a *= full* > feature TDVF. (Align with existing SEV) > > * Threat model: VMM is out of TCB. (We need necessary change to > prevent attack from VMM) > > * IntelTdx.dsc includes TDX/normal OVMF basic boot capability. The = final > binary can run on TDX/normal OVMF > > * It might eventually merge with AmdSev.dsc, but NOT at this point = of > time. And we don't know when it will happen. We need sync with AMD in > the community, after both of us think the solutions are mature to merge. > > * Need to add necessary security feature as mandatory requirement, > such as RTMR based Trusted Boot support > > * Need to remove unnecessary attack surfaces, such as network stack= . >=20 > After reading the above, and checking slides 6 through 10 of the v0.9 sli= de > deck: >=20 > - I prefer Config-B (IntelTdx.dsc). >=20 > This is in accordance with what I wrote earlier about "OvmfPkgX64.dsc" > maintainability and regressions. >=20 > Additionally (given that a full-featured TDVF is the ultimate goal), I se= e the > advance from "Config-A / option B" to "Config-B" a lot less > *incremental* than the step from "OvmfPkgX64.dsc" to "AmdSev.dsc" was. >=20 > Put differently, I think that any TDX work targeted at "OvmfPkgX64.dsc" > is going to prove less useful for the final "IntelTdx.dsc" than how reusa= ble > SEV work from "OvmfPkgX64.dsc" did for "AmdSev.dsc". > > Put yet differently, I'm concerned that a part of the TDX work for > "OvmfPkgX64.dsc" might be a waste, with an eye towards the ultimate TDVF > feature set ("IntelTdx.dsc"). >=20 Actually Config-A and Config-B share some common (or basic) TDX features, for example, the ResetVector, Memory Accept in SEC phase, IoMMU/DMA in DXE phase, and the base IoLib, etc. Config-A supports the basic Tdx features (except the security features). Config-B supports the full set of Tdx features. > >=20 > - I could (very cautiously) live with "Config-A / option B" as the initia= l > approach. However, we'de have to be ready to make the full split (the > switch-over to "IntelTdx.dsc") at *any point* during development, in case > something turns out to be too intrusive. (And yes, "too intrusive" is > subjective.) > Yes, we will always keep in mind the maintainability and regressions about "OvmfPkgX64.dsc". So as the initial approach, only the basic Tdx features w= ill be included in Config-A. > > By this I mean that any particular patch towards "Config-A / option B" > could cause me to ask, "please create IntelTdx.dsc now". Note that the la= ter > we make the switch the more painful it could be (=3D the more invested in > "OvmfPkgX64.dsc" we could be, at that point). > Yes we will submit the patch for Config-B when any particular patch towards "Config-A", so that we will not have a big surprise in the future. > Thanks! Min