From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 002C8AC0B54 for ; Tue, 27 Feb 2024 06:48:59 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ayH6ZOkh0+Lr9OhWXjAfzJkli3O2fDZji6Z6V9n3fEc=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1709016538; v=1; b=KCfE4d4x8NQUnGIKB865De+uGS1m6RKpkf9hcM5G2Eql1WCUkwgNwTfe5ZsjC+gQHKiRWpav oLZiQxYMjDwa94zJLKjNjTOCKc5JZx08WCnU3aqW/eEPbZb0mNniVIrnkTmUT35Vd5wOtdu7sLR WkzysF5ZGOzcbQv0XHSERl44= X-Received: by 127.0.0.2 with SMTP id IZCgYY7687511xOxtI8qRUPl; Mon, 26 Feb 2024 22:48:58 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) by mx.groups.io with SMTP id smtpd.web11.6879.1709016537755052521 for ; Mon, 26 Feb 2024 22:48:58 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10996"; a="20887114" X-IronPort-AV: E=Sophos;i="6.06,187,1705392000"; d="scan'208";a="20887114" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 22:48:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,187,1705392000"; d="scan'208";a="44432241" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 26 Feb 2024 22:48:48 -0800 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 22:48:47 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 26 Feb 2024 22:48:47 -0800 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 26 Feb 2024 22:48:47 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 26 Feb 2024 22:48:47 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KLIis6VoqnJ5wCPBws1BfnI5InpLz0UJG68cfUU9SdG9pjZ5OyNiCFlH2OH6ktwooLBd8d+pmD/4FRZbN01pwXHbAhnk6bjZccaaxktEh81TBPNuC2WeJkqXluw6fVLWUXIL6h1IJSOLHaLb3AF+Yhi8AFWVtB17CnTfpWb77mNm1GLl3NRODxLosv/kzb5XePHqE9osrV+kWAmowlaDzyvNqJjsX8UoCbUd6SglWjTqn6XbCx+0lIRaci/T/naPLEkhcpaxxxHxFQ9Z9PDUkbqXLy9qNtOQzs0JrpOvU5oKbDNu4NoPdufGGLXrLqnKMDP6FfEy62nD/vVdua5gNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GOmY8lKfoPyljpGXSlvz6VM7OeV/R/8uj+ZWRVtf6bw=; b=WBdeb2sTO/evcAXZEkaj8AS7GAXJjvTnvb8Ijn20Nbe5XjtL/RBKoWOlI4nU6iBakEwFBxVNinbiJzYrouZXvqj+wr7HUSRgskiJdUDLcZE8KSVFB0rHsvP5snMWmCPUdCDn0/vbqda9iPhMh+vRpKsPVc+GhenZn3TQYUi5e+8mgD16OHCWVCXk04vpS9yILv1QXUb9LcSR6FSjSA+s1L30hPqw5sLN3vPOn7IPA/YQ8w702SmpVBgUh/EbSUMgEuEY6BkqrX9IzmxdcIu7UrnlO+E33ZfQnJpeW5MoPdd3qOTWsTIMiloHMSERKBVSRBSPajzLPdxqcxwvYtFL5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by SN7PR11MB7417.namprd11.prod.outlook.com (2603:10b6:806:345::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.23; Tue, 27 Feb 2024 06:48:44 +0000 X-Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::d86c:2d20:296:2a47]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::d86c:2d20:296:2a47%2]) with mapi id 15.20.7339.024; Tue, 27 Feb 2024 06:48:44 +0000 From: "Min Xu" To: "Sun, CepingX" , "devel@edk2.groups.io" CC: Liming Gao , "Kinney, Michael D" , "Aktas, Erdem" , "James Bottomley" , "Yao, Jiewen" , "Tom Lendacky" , Michael Roth , Gerd Hoffmann , "Yamahata, Isaku" Subject: Re: [edk2-devel] [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM Thread-Topic: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets to the VMM Thread-Index: AQHaaHNQOvlSKmK/vE+jdLjtufUVkLEdvBmA Date: Tue, 27 Feb 2024 06:48:43 +0000 Message-ID: References: <20240226211833.3156606-1-cepingx.sun@intel.com> In-Reply-To: <20240226211833.3156606-1-cepingx.sun@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR11MB5064:EE_|SN7PR11MB7417:EE_ x-ms-office365-filtering-correlation-id: badc575a-df74-452d-ff97-08dc376023f8 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: dhaMA1VInVAe52v5DjQqqaNoM7xoHHA8a2sdO+zu3mC3bcW/rd5OQYjXsOpWe6xajeryDdxzp6M0pnDjxl/kz7h8X/uL5NOv/31mw8RYIZjTS/1vw1unp4DGI4ji8MGAcRPRy94KPIoUFfNU+aTwDVkBLwjw/4//qUDLlUL66IQ3mJIUZRye4wCfjFNqS6Fxo939pokATKKX5x/lWealY3xYfFJFD5f5S4xL7WfvjbWfi0mfZAXeNcMV/1KTSLvYQvKMI6Aen3DKuVkJLXUs0+DEB0zk6fAfI9x/lqE2GfFZ5jbBxipRS2mCXMgkR4MFZcGNVOqdhUdX84cYod0uH2MxmKFewOJ3cc1sLNmiY2AspT4MxwyNvoA+v97Q6wHTMIdpgYbuORtUHq1FugC5/nqTaMpWHM7WsMx85iyAjKyEZBtBgYSJ/qhVaXp4ZEO0XLY2B26razNqaN+w+Rhae8K0PwAGiPekB2YDXymjFIH4Kh5migMgI2OuuvNJc+NB8ABkmgjjDkHUYy4UVxr2FkiJm8IBrv6Hq7m3GVCSEpMbwyOOIVSYeb/mDTPKZZXCs0sFCtbx5xI5Sh66X/KtHvYyIQ638AZA8qYGZ19U0+YK0ac10D1RrvCzjHVqEbiS1ZZxwPAetp/UsHAXs6O8CAohMDwoepy3YKBr19w8UrnnJVcxvbcLlYMRDKlmLAfb7l/pZDtFpSMhZRlFUHq8wA== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?pnsw9flUVbT8OdLVGj9y0EMrq7Z1zFpz5ZFaJnElMZCC7KF23mkjHKMprFc0?= =?us-ascii?Q?xA7cssyeb3r4TPFDECTxI1+atp5wE11rVbqGQ2Ot+MNodDoTQ+/eDdqTnd0A?= =?us-ascii?Q?OVvhze+v/AY9khv12XbUluOCJ+tV4i2JtNgr+faO/8MjYpEurSQwvGz1vWGu?= =?us-ascii?Q?9zKZi5TbG5j6WObTezjYUR1tLqSxl4B3s/N8iJyUmdSulz+zPcvoisRgHze5?= =?us-ascii?Q?Svx7cRcYsrokwDLag9WdK/b44Gwf3g3exQ/kPDkVW8axjQaN7uPwoIEhEqJH?= =?us-ascii?Q?iY0q32c03K0Iii32tJ5fs/y8ZKuqAx6DOhRoLwk2qaufopR4YdNghHgEx9AA?= =?us-ascii?Q?SxrsRs1JfB0FHqQZ8StKGRsQBb9Ns2vWxkSmM0bBHPf0dJzmDhKBLLigfPTt?= =?us-ascii?Q?j2zHn/2/MzXbqUbdHjlYs/BYSww4kS0yBiBYGqdYWWoDMA04ehE9+iz6iPUk?= =?us-ascii?Q?81gmI0M5Xs6MS24hxMuGuKKBIROK1NmBQkPBVK0TuEUDf82q93NSglB9bVJU?= =?us-ascii?Q?zohGj8N4+CnesQWRV/NlQh10bBUlSBMvjHRZR3Blrc2REIiKfXNhVni9rMNj?= =?us-ascii?Q?gZDP8CYaaRMEp7eImvrc3eket7+ZuF3NCaOSUwJ9b3zhEeChbc249h2lTKa+?= =?us-ascii?Q?72ftYehmjlVfo1t4A26+jOdJYonL+iO7yjq4atr+/kyZS4UiIKFLU/ib9ZZI?= =?us-ascii?Q?IMwgtl1e8nSI2DtYMMmFxH4Xl7tN/6QtjyyfyHD4RavakWu5hI+yyx7F/rf9?= =?us-ascii?Q?+OaUOna0tcH4nAUsNWHFKDA+KaMn4T9aJ/ZJKhfHlQxBhvhQSP+w0h0Ll2Ux?= =?us-ascii?Q?9HU4U/lgiAh2BfsXGJhN9aIN9yRZg1IhMsure+nGAfofaNee8+c97fDVbWWU?= =?us-ascii?Q?v5rSkG65ddfMqGgRULYrDiQRpuVKM244j8Q0OzBzIyGoCoKsaNmosn0z3+1w?= =?us-ascii?Q?X9sIhBEoC5zN9Kfr8r2cuTzDKU1bCWzfxW+wFxbIzbooXFZZyS1b/XgKeyVA?= =?us-ascii?Q?wUz0UiQS8jC/meejBM+eOyKxnO/yxUXLuwROf1boNNsUnJDmRmVaihFWPSs0?= =?us-ascii?Q?SHrIH9mDPbgAd/0jqCVcRrDq9p4BeVQ7xwPzJfMjmHidx7wiGtd5f9ZKaMjX?= =?us-ascii?Q?RCsxAD8FExyPSj0OIUmc1f1m/wUCd+ZZ+KFA4qmFxZ4A4zycz4gJJUpBYhm+?= =?us-ascii?Q?/XJ+1+ODJPyja/6Swm+NTioPoXHBZ6AlNNFP2D2t3hCNiDnpu/vsj5c0goAW?= =?us-ascii?Q?rn1LVP84UvTzxQiHdGRsQ1nxjmlHwuESEHsh1fWDWgs6rHqndjOFcAArUS/B?= =?us-ascii?Q?Dn78DH3dlOJPXBSUMFN9d1o2NzY1ALfFGKR37ZhiNk4XGtvaOctdPWToKXTv?= =?us-ascii?Q?JEmEVO5ZR5zCSJpoX3K/CEz63lf1Y8DmlJqDMoFrnJjdb0cqsMw9UrsjsPjB?= =?us-ascii?Q?BoTF4WKFzRSDc4CDAxkzuDOOdxRIgiSEUVHsljOkHOQlB+na5V1UECr+O2pD?= =?us-ascii?Q?2RYIESf5x935oXAwqhWm+YKmgYEgNWyNDJuULIgmt7GXoGd1pop0WcUS45wh?= =?us-ascii?Q?Y78tlLbqpq+1daOOChpPLWGUhuHdnygRStU8qrHu?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: badc575a-df74-452d-ff97-08dc376023f8 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2024 06:48:43.9174 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AmKxGPhrgPhHO0m7VBniOmADlG2Yc9vNTF9C1qenYO5ONDEfGxdR0hBlJ1x9lBwNKc1og1XkLBuLmaotwVIssA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB7417 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: G0q6nO6axxcoGbAaA36xr1iLx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=KCfE4d4x; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Min Xu > -----Original Message----- > From: Sun, CepingX > Sent: Tuesday, February 27, 2024 5:19 AM > To: devel@edk2.groups.io > Cc: Sun, CepingX ; Liming Gao > ; Kinney, Michael D > ; Aktas, Erdem ; > James Bottomley ; Yao, Jiewen > ; Xu, Min M ; Tom Lendacky > ; Michael Roth ; > Gerd Hoffmann ; Yamahata, Isaku > > Subject: [PATCH V1 0/3] OvmfPkg: Update TDVMCALL to avoid leaking secrets > to the VMM >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4696 >=20 > According to section 2.4.1 of [GHCI] spec, RBP register is usually used a= s a > frame pointer according to the C language calling convention. > The software should not use RBP as an input/output parameter and should > clear BIT5 (RBP) in the GPR mask in RCX. >=20 > Reference: > [GHCI]: TDX Guest-Host-Communication Interface v1.5 > https://cdrdv2.intel.com/v1/dl/getContent/726792 >=20 >=20 > Cc: Liming Gao > Cc: Michael D Kinney > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Cc: Michael Roth > Cc: Gerd Hoffmann > Cc: Isaku Yamahata > Signed-off-by: Ceping Sun >=20 > Ceping Sun (3): > MdePkg/BaseLib: Update TDVMCALL_EXPOSE_REGS_MASK > OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK > OvmfPkg/TdxDxe: Clear the registers before tdcall >=20 > MdePkg/Library/BaseLib/X64/TdVmcall.nasm | 2 +- > .../Library/CcExitLib/X64/TdVmcallCpuid.nasm | 2 +- > OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 ++++++++++++++++--- > 3 files changed, 28 insertions(+), 6 deletions(-) >=20 > -- > 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116006): https://edk2.groups.io/g/devel/message/116006 Mute This Topic: https://groups.io/mt/104577516/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-