From: "Min Xu" <min.m.xu@intel.com>
To: "kraxel@redhat.com" <kraxel@redhat.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
"Aktas, Erdem" <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B
Date: Tue, 11 Jan 2022 02:24:36 +0000 [thread overview]
Message-ID: <PH0PR11MB50648CA04308F0E7F135CB3DC5519@PH0PR11MB5064.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20220110075537.2dxghysjlz5rmwhm@sirius.home.kraxel.org>
On January 10, 2022 3:56 PM, Gerd Hoffmann wrote:
> On Fri, Jan 07, 2022 at 06:13:37AM +0000, Xu, Min M wrote:
> > On January 3, 2022 4:02 PM, Gerd Hoffmann wrote:
> > >
> > > > PCDs cannot be set in SEC phase, so the values should be saved in
> > > > a Hob (for example, PLATFORM_INFO_HOB). In early DXE phase these
> > > > values are set to the PCDs. This is how TdxDxe does today.
> > > >
> > > > Other tasks can be done in SEC phase. I think there should be a
> > > > lib (for example, PlatformPeiLib) to wrap these functions so that
> > > > they can be re-used by OvmfPkg/PlatformPei.
> > >
> > > Yes, I think we need a PlatformLib for the platform initialization
> > > code. With PEI we would simply link the lib into PlatformPei,
> > > without PEI we would link parts of the lib into SEC and parts of the lib into
> DXE.
>
> > After carefully study the PlatformPei code and a quick PoC
> > (PlatformInitLib which wraps the basic functions in PlatformPei), I
> > found it's not a easy task for such a lib which can be used in both
> > PlatformPei and Pei-less boot.
>
> > 1. PlatformInitLib should work both in SEC and PEI. So it cannot use
> > global variables between different functions. mHostBridgeDevId and
> > mPhysMemAddressWidth are the examples. So these variables must be
> > provided by the caller thru the input function parameters.
>
> > 2. PlatformInitLib cannot set PCDs in the code. So a Guid hob should
> > be created to store the PCDs and pass them to DXE phase. Then these
> > PCDs will be set at the very beginning of DXE phase.
>
> Yes. Your patches add a PlatformInitHob because of that. I think right now it
> only has some tdx-specific variables, but we can move more variables into the
> hob to allow platform init code run in both SEC and PEI phase. I think it makes
> sense to have the hob in both PEI and PEI-less mode to minimize the code
> differences.
Yes, we can use EFI_HOB_PLATFORM_INFO.
>
> > 4. In PlatformPei there are many if-else to check if it is
> > SMM/S3/Microvm/Cloud-Hypervisor/SEV/TDX. There are also Bhyve and
> Xen
> > PlatformPei variants. In the current PlatformPei those if-else check
> > depends on the PCDs and global variables. Because of (1) it needs
> > input parameters for all these if-else check. Maybe a big environment
> > variable data structure is needed.
>
> Use PlatformInitHob?
Yes, we can use this data structure.
>
> > But anyway a complete functional PlatformInitLib is a big task. My
> > suggestion is that in TDVF-Config-B we first propose a basic
> > functional PlatformInitLib. This lib can boot up Tdx guest and legacy
> > OVMF guest in TDVF-Config-B. OvmfPkg/PlatformPei is not refactored by
> > this basic PlatformInitLib this time.
>
> Well. The whole point of adding PlatformInitLib is to move over (and refactor if
> needed) existing code in PlatformPei so we can avoid code duplication. Now
> you want add PlatformInitLib without touching PlatformPei, probably by
> copying code. That doesn't make sense at all.
>
> > This is because PlatformPei serves
> > SMM/S3/Microvm/Cloud-Hypervisor/SEV/TDX. It is a big risk for such
> > refactor. We can revisit PlatformPei in the future.
>
> Well, if you want avoid the refactoring because of the risk there is still the
> option to have tdx config-b use the normal PEI boot flow.
> Then revisit refactoring and adding support for PEI-less boot later.
>
I think it still makes sense (Adding a basic PlatformInitLib which brings up tdx guest and legacy guest in Pei-less boot, but not touch PlatformPei).
1. The goal of TDVF-Config-B is to bring up tdx guest and legacy guest without PEI. So that attack surface can be reduced.
2. There are common functions when bring up tdx guest and legacy guest in Config-B. So PlatformInitLib is necessary.
3. As I explained there are many if-else checks in PlatformPei and the logics are rather complicated (because PlatformPei serves S3/SMM/SEV/TDX/Legacy/Microvm/CloudHypervisor, etc). To be honest I have not so much confidence to abstract PlatformPei's common function to PlatformInitLib.
4. But a basic version of PlatformInitLib is a good start. During the development and community review, we can understand better what functions should be wrapped into PlatformInitLib. After that PlatformInitLib can be evolved for OvmfPkg/PlatformPei, Bhyve/PlatformPei, XenPlatformPei.
Thanks
Min
next prev parent reply other threads:[~2022-01-11 2:24 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-14 13:41 [PATCH 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Min Xu
2021-12-14 13:41 ` [PATCH 01/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B Min Xu
2021-12-15 9:32 ` Gerd Hoffmann
2021-12-14 13:41 ` [PATCH 02/10] EmbeddedPkg/PrePiLib: Update PrePiLib Min Xu
2021-12-14 14:00 ` [edk2-devel] " Ard Biesheuvel
2021-12-16 4:48 ` Min Xu
2021-12-14 13:41 ` [PATCH 03/10] EmbeddedPkg/MemoryAllocationLib: Add null stub for AllocateCopyPool Min Xu
2021-12-14 13:59 ` [edk2-devel] " Ard Biesheuvel
2021-12-16 3:08 ` Min Xu
2021-12-14 13:41 ` [PATCH 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx Min Xu
2021-12-14 13:41 ` [PATCH 05/10] OvmfPkg: Add SecPlatformLibQemuTdx Min Xu
2021-12-15 9:48 ` Gerd Hoffmann
2022-01-07 6:29 ` Min Xu
2021-12-14 13:41 ` [PATCH 06/10] OvmfPkg: Add TdxStartupLib Min Xu
2021-12-15 10:09 ` Gerd Hoffmann
2021-12-16 11:56 ` Min Xu
2022-01-12 1:55 ` Min Xu
2021-12-14 13:41 ` [PATCH 07/10] OvmfPkg: Update TdxDxe to set TDX PCDs Min Xu
2021-12-14 13:41 ` [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B Min Xu
2021-12-15 10:27 ` Gerd Hoffmann
2021-12-16 12:21 ` [edk2-devel] " Min Xu
2021-12-16 14:25 ` Gerd Hoffmann
2021-12-19 2:49 ` Min Xu
2021-12-20 12:11 ` Gerd Hoffmann
2021-12-24 3:02 ` Min Xu
2022-01-03 8:02 ` Gerd Hoffmann
2022-01-07 6:13 ` Min Xu
2022-01-10 7:55 ` Gerd Hoffmann
2022-01-11 2:24 ` Min Xu [this message]
2022-01-11 9:23 ` Gerd Hoffmann
2022-01-14 2:17 ` Min Xu
2022-01-14 8:32 ` Gerd Hoffmann
2022-01-16 0:55 ` Min Xu
2021-12-14 13:41 ` [PATCH 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Min Xu
2021-12-14 13:41 ` [PATCH 10/10] OvmfPkg: Add Tdx libs to prevent building broken Min Xu
2021-12-15 10:41 ` [PATCH 00/10] Introduce TDVF Config-B (basic) in OvmfPkg Gerd Hoffmann
2021-12-16 12:36 ` Min Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB50648CA04308F0E7F135CB3DC5519@PH0PR11MB5064.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox