From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web09.6498.1639363202522250471 for ; Sun, 12 Dec 2021 18:40:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=intel header.b=c9DJ1+Ed; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639363202; x=1670899202; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=IEnUTY9e4jQRGMRX/qf+2vieuDf/r2osjcgWwJqsSx8=; b=c9DJ1+Ed3CnzlHeLf8Sl01+hSCkIJOWUnDiQUfNKxp0FnP0Wg+tecDIs D5Rd0SgpZnhsN/keJpmW7jhXqP2yn4ieVh1qh0wACxY2bUy3IId/tT95M jVOem+jFWZ0P8t1diHoI+5HocD5xJ74aiQIzRUGpcbFA5Lrfh/aGhbWH5 E12NmGi/PB88x6u7r2hk9ofHOw38rfWiMuIHJdUbK0MJC3kYsudwXq2Mg fmuxo6HRr1xUIFsZA3nKzT5JaTEiwI2+Ov+P48nKCmLMBArx7crIAr9j9 bhJJVF1Psd5vtwYEvmKMwZjYaqlbQ+RExqLu4hbEn/xt+wPPf4sL7k8SX w==; X-IronPort-AV: E=McAfee;i="6200,9189,10196"; a="236181277" X-IronPort-AV: E=Sophos;i="5.88,201,1635231600"; d="scan'208";a="236181277" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2021 18:40:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,201,1635231600"; d="scan'208";a="518392548" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga007.fm.intel.com with ESMTP; 12 Dec 2021 18:40:01 -0800 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Sun, 12 Dec 2021 18:40:01 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Sun, 12 Dec 2021 18:40:01 -0800 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Sun, 12 Dec 2021 18:40:00 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QQUJu2j6/mNRb6xs+WV8crEUKz5aSwxODRa9bx82/9dh43lCAtErSVpRuc1VsGkIHq9uhdJ7kHz1/hNxCIB9IfXrQzNAn65yIaVPboHYw/HRX9ekSepkgFwXsVJf8r3IGyWNI1IVCeH5+H+W7OzXcHKQucpRvhLNQSS5Ns84M0kwMCKotFjD/0Txqq2eU/XGf6Plm9E7tpbr7K5n9prwWVqUC2sz/t2rTMvLH1UdKEMD9ECZXW9mqF9hKbnDoL4L0xCbsSKQy2pgUvi89Kg3mbTLwIGiRJrdR58C0CRollceHvhu34xwtppYM+uNedj6DNLRD3z/gfJ1/meFNCtslQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WlD9KIAqAtzC5MRt3mFf2J7qasJs1eVercHwwlh9EYA=; b=NAxbI7o0eY+mwUcvESIbmAajLrDguy9lxDrWGQ92Jy0oiUtri5gYDfH/2uCah5RQ/kDQZoRZq1fTpPuGjkq1Ptezn2zllEJgFwTUfIchDC0k0bbHKPLcX4K8Yp/Bxe2iVCfWKf2bVsnjm941KbbQxQeOwdr5a8jNVtjAPqtNwrIXPQzAFvESpVZQGY6aJpNoptQxRfm4ezrtMB2iJfJKznUs0/LSZnzT1fxvmp3XThXRN37A1LqaAdRQpwhI6nNDkb/ZLIArowH3BwGxYOVCBh0+OUvSCGdcXz5aNiC8SFx0jlH3EErYKGFSKs6zqnixnHtX3olQlrKLV+9FcrnJXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WlD9KIAqAtzC5MRt3mFf2J7qasJs1eVercHwwlh9EYA=; b=hd6Qj5rK1XPM+Ej/fiTOpt/V47cuipOG/PcOgMouNWQfLOSfjQsnm8PDU5LFaU1KJLO1eFnHDMy9WGrPdmV+ZdVj2DXzbAEfTIOIHAMbBcSE9wpRpUAykYefd7dFScDCRN11hJMR31Nfxm/UQuYLrrlWP8mZwrWRXf6266G6Qjs= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4807.namprd11.prod.outlook.com (2603:10b6:510:3a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.11; Mon, 13 Dec 2021 02:39:53 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d%6]) with mapi id 15.20.4778.017; Mon, 13 Dec 2021 02:39:53 +0000 From: "Min Xu" To: "devel@edk2.groups.io" , "kraxel@redhat.com" CC: Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V3 29/29] OvmfPkg: Update IoMmuDxe to support TDX Thread-Topic: [edk2-devel] [PATCH V3 29/29] OvmfPkg: Update IoMmuDxe to support TDX Thread-Index: AQHXzyMLbKH6YDbpZEmdvUhOqN07DavxZ2AAgD6H6VA= Date: Mon, 13 Dec 2021 02:39:53 +0000 Message-ID: References: <20211103071714.23p72ezydujhwfvy@sirius.home.kraxel.org> In-Reply-To: <20211103071714.23p72ezydujhwfvy@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: efde9a9b-11ad-4090-c5cb-08d9bde1d7dd x-ms-traffictypediagnostic: PH0PR11MB4807:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vqhFHCCj8XGqkbODk5SCOYziRUrIAAgOIVAYrKOWaNzVnI/d6TC6QVj75yLKwVzlRGy9hWPp1J9xAD24MGeBRq9M7N7geUGOEl+SPLkO9qz9e/PWH+hktVF0Tp7MEsclvoodJZA7yeV4Z05Y2O7IMT9TABjYNNOyTabkvlSLZDVBL6ssUYu0WEW1/xCrz485rX9wVis2B9zCo7b/k3qUZXRQn0rPEcV1oYrUe6efGJL4CAzbvkDU5fd5Ho7bHpXhq+IrnlGHdZHyNatHDoackqoDFaqGwr9W9JEVLGXJA0IFqfXf+hLMJldQv8PINUMagxslhrQvZQYxBUxIY5AMKT9OfhkB6Z6ybA3EFJrewqOy0TRgrrowGxNP517PZWXCNMAM8o4/tlL2z9EOGxv2wE/BQXYz6ik24j63fy9DTeo0drg5KQ1dNsvQN0MYIVz/onOkTQDYg4gxcPXoSw/8qV+mXbJ8Aj3p2tXOIjWV2GFspueaCCq/OmqV/oGWEjNnSQ+Qs4No8GKtYSAkfc6dDgHwKI6b88umeAPyLWge68Mjs1Qzhd6UJlSmbHTUZ3wz19/QkBGWv20jUeY15zxxatfvSzFHjkFq2vU1dZf7KpxA1pq64869/1nxLc6uZQnnUbA/4a7eoZIMXds6XFVIZcujJSNEXNu7az84ZEwKU30g1Rq+Sh5jzuzedu/P9Ulbiy3mvwAH0n28rbyjsdzpmw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(71200400001)(4326008)(110136005)(54906003)(64756008)(8676002)(82960400001)(7696005)(33656002)(8936002)(52536014)(26005)(86362001)(66946007)(55016003)(38070700005)(186003)(66476007)(76116006)(5660300002)(66556008)(9686003)(508600001)(66446008)(2906002)(6506007)(38100700002)(316002)(122000001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Aqmfc7k2Ud9FOzpXgzILBzNRtFApCDALuv6f0xcTujhw3z2ICLKo0rEb6kGj?= =?us-ascii?Q?uQRUGkGWZVx0P9qngKBwOkRpgnVKtfcUxpuv0pcjax5chSyo/HYNFknNzHgU?= =?us-ascii?Q?xboLNMID3jrA8ThBN62PdDAgVIgvmQkGLtQsEAJlkpb0EU4LpAbGr+8r/prf?= =?us-ascii?Q?zrUlfEQPQbf5CmrAwtngQhIDTCL5844kz6YNFnd4MToj8eFyUkXvu6rT+I5n?= =?us-ascii?Q?7j15sj7x/C3gsjwYYHUAFOarr3jqIBOR/CukEro2iOJjdZDNPSVBIJONFvi8?= =?us-ascii?Q?LJtSm8eaIBbkE6Ae+Ayf9nCEDBPLKdreuc4a5h8dWhZXwd2fHW0sMcnT3PJG?= =?us-ascii?Q?O4Ps1nwrBYr0AhP9aI3qW1rCgVcGwSKpQR2zvXn+1Ok/iYP0gl4JIK8oUUXr?= =?us-ascii?Q?lCRxPHZYid0n/CCe7czRQ7uE5cYX8f/l4FVG+pSCq/uHVsKPrvSrHiLE/XCk?= =?us-ascii?Q?yhdzEZqg5iupmbLJKVK9YAQtjmERLfGNHOtxIQiJo3NoakdHK7EkJ7Z2lPwc?= =?us-ascii?Q?oY1b5WZznNbWjrCmb5dAguxPmkUHSyTAnYgHHt63ubbGRouQfNFB2f0/1DNl?= =?us-ascii?Q?nsWMgSk5SqL05mUaDO18PBn0/EZc8CGzYMdLtdNNbDzmyIyr4cGhc+AhMhfH?= =?us-ascii?Q?mnDOhzBcP9Z4ref+Cgg5TI5U8fstMJa3kvaNvuJNjNEsPiGFCYFVT/1zSELb?= =?us-ascii?Q?bw7Qw4ANF/Xv7zn1uT5z9crVq15rkZBDb89gGbaQb/3OARbtmSvdC+n7tWXO?= =?us-ascii?Q?rGm5zvfThzJJkFDCzwzIe0a+NwuoP3xpv6TOhHy7I+j4SEJl/wa0r/95Hq1G?= =?us-ascii?Q?DKTtDblXfjEawbePhyIes/1hGdOAF8GvzBnGFRPV8rPTpxUFICrOeCk69cE0?= =?us-ascii?Q?3AuAr9MA3Qa85qRQblm0Cd7BU7h7WzJntHfymAxwi8aXLsjf0YYZwQwRJgjw?= =?us-ascii?Q?TOFNwsDMTkTnnPtbHu1yvtAtbI2EfhrgBYhRkiacTRtNdSF74ob9dSczQLHz?= =?us-ascii?Q?1klFAAahqeAF4heRiVCTXUF+ng1/wVq4/Kih6VcyCABEg8cKMqqjtkpciE1z?= =?us-ascii?Q?YszJatQbtMadMtWihIQi89e9LzJolvx/KhQn8AZ+u2R/JWsxTbYEMbuhSmXG?= =?us-ascii?Q?xIEmTCrvebLDde0ivjDlRjejzgaoDvy4TxkPb8oR4kTyfmeS7VrQ2AzEJkbt?= =?us-ascii?Q?p7+kxHlctPwIrmWP3udx6SbxvGr26ujaIY3aEXOQ5+W/+s6lieiMAeZQCP2/?= =?us-ascii?Q?TNDR0QHnIRSVmWPgcF/Uu2z6xUOAPfo65bJPmW0v9RggUZPwQliwhQn02cSh?= =?us-ascii?Q?56N0QVOYAtAmxhOAzyKBhxy6jDq1JLdF5uX03xZgs77j8dkYGFqFNrhxTaa4?= =?us-ascii?Q?HLVevRAfck6jfAFRIHzxhVwo3a2BoxYFy8kiPJPsK5XIt6ttp9yDO4HT/YiA?= =?us-ascii?Q?yjAl1Mra91Cy9Yzm4NNm3WlaSnpd2RAZUz7mcd5+nFifLyTOkaoj0gAlWPBk?= =?us-ascii?Q?5uBRg4dl6dgZMFWjVUlgnUdVM5a/zQC33xePuyE07wNi5Qu8TiVa0BL1vzs5?= =?us-ascii?Q?biKF50LCQMh1Kam3m4bA+pMS7gAUzQn9YzbKHIxX38Ho6yYb7E7aG4ofXJIl?= =?us-ascii?Q?SQ=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: efde9a9b-11ad-4090-c5cb-08d9bde1d7dd X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2021 02:39:53.4909 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SJ+LW/AWCKCwkr0mCU/0tQKCv+EfwmDM+pneNyD7Cu38u/qqlxYGMVvzrMai8sx8vke/kUuSEhPN00HMKtDkAg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4807 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi >=20 > > + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) = { > > + // > > + // Clear the memory encryption mask on the plaintext buffer. > > + // > > + Status =3D MemEncryptSevClearPageEncMask ( > > + 0, > > + MapInfo->PlainTextAddress, > > + MapInfo->NumberOfPages > > + ); > > + } else if (CC_GUEST_IS_TDX (PcdGet64 > (PcdConfidentialComputingGuestAttr))) { > > + // > > + // Set the memory shared bit. > > + // > > + Status =3D MemEncryptTdxSetPageSharedBit ( > > + 0, > > + MapInfo->PlainTextAddress, > > + MapInfo->NumberOfPages > > + ); >=20 > Again, this looks very simliar and like a great opportunity to share code= . >=20 MemEncryptSevClearPageEncMask () is implemented in MemEncryptSevLib. MemEncryptTdxSetPageSharedBit () is implemented in MemEncryptTdxlib.=20 Yes, we have considered to merge these 2 EncryptLib into one lib (for examp= le: MemoryEncryptCcLib). But after investigation and some PoC, we find it w= ill make the code complicated and hard to maintain. (many if-else checking = in the code) 1. From the naming perspective (in SEV/TDX documentation), SEV's bit is Enc= bit, but TDX's bit is shared bit. 2. In SEV's SetMemoryEncDec () it handles differently for the different ver= sion of SEV (for example, Sev-Snp). I am not sure if there will be more sp= ecific process will be added in the future. 3. In TDX's SetMemorySharedOrPrivate, currently it is simple and clean. But= there maybe some new features added in the future. I am thinking if it is a better choice that every vendor takes their respon= sibility to maintain their own lib/code?=20 In the current EDK2 CI there is no test case for SEV or TDX, I am a little = nervous if some changes will impact the existing feature.=20 Thanks Min