From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web09.7631.1635946785125647400 for ; Wed, 03 Nov 2021 06:39:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=a6sUFLoE; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10156"; a="231745596" X-IronPort-AV: E=Sophos;i="5.87,205,1631602800"; d="scan'208";a="231745596" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Nov 2021 06:35:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,205,1631602800"; d="scan'208";a="584597801" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga002.fm.intel.com with ESMTP; 03 Nov 2021 06:35:54 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 3 Nov 2021 06:35:54 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 3 Nov 2021 06:35:53 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 3 Nov 2021 06:35:53 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.107) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Wed, 3 Nov 2021 06:35:53 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gibeMFEP5iJewsz7Gk5Ms4zeGS91uZhuZQMWG/AxUkA3uEMyAh/6AKl9wxa9CP4oOcy6uDVeET/s3l8UcYjoXni/ElAYrDPLLBJpSB9ZKQiV2OZGAGYW1l/2iFNg36ku0eQRH0SMDM3tPfzZJlFHwfIFuYpY9K+0oXr4M+4BNp071+s6R+4O0OfWmdscdrapx9HrFgbE0XRgzlYBewZxCMPzCtuduDxBM64hBtVftQSMUAgEfTjVCCW8kbf5Gvklsccht3RLSbai5AyepiZTs+9G0DcSm/+fgGta0YoZx7iqSFJnO/le2VwjP9Fiv9g7nrjldskOZLySszveCIT22A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NZjVeUXl//0q20zW9ZTYkmROeTRy4xEm8jw9OSMikO0=; b=UYIl1CEABoeg+WZJ10ydPS5kd7q+Dv0tbjlEjoW57uunkewfIstHq8jzHuj8Ltuv5Liuw4ZpTlc/3K38Pq0iK+5YyCjnTspEhSUUk3FMmxJsjuXfPYlR8nML8930YyEnc7TEnwUx8u7p8aNI7TK8I+j15L+jYhvzrQNUfXxzT17Wo2Xd3E4HuMl3BL5iOsxQI2VSkuoeYkPQlH7QAWkGCTLDfjGnt01y44umSRfYteWr6rZvPRGBukpptRfDM5vEy6a5NsuIilU6WA6iJtnEWyAZKq2fNNmsfMgTSVJAPTxrql5Luxat7+j8kiCh/ZZ+PUWFAXCCfhc/W+uMpQAIpA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NZjVeUXl//0q20zW9ZTYkmROeTRy4xEm8jw9OSMikO0=; b=a6sUFLoEUCT6DBGfrPrr2xHoGV1Y5BDlh6LZqCPp/XIoeR96xGiqaNyxTyJFQ7dglrtclTQB/kW0fnkwAvi5hQhPBu1DdVSSBAhfETmSRNVs3v1WWoGmXqS61rzcy2laTBDJJE3kIugnGp7ZKqmq4zRGMlKs4Q3eHS9m2VMrxxo= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4856.namprd11.prod.outlook.com (2603:10b6:510:32::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11; Wed, 3 Nov 2021 13:35:42 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::7deb:6c36:73c2:f0d4]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::7deb:6c36:73c2:f0d4%3]) with mapi id 15.20.4669.011; Wed, 3 Nov 2021 13:35:41 +0000 From: "Min Xu" To: Gerd Hoffmann , Brijesh Singh CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Justen, Jordan L" , Brijesh Singh , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky Subject: Re: [PATCH V3 20/29] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Thread-Topic: [PATCH V3 20/29] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Thread-Index: AQHXzyL8Zs/zeNpkw0WJDVEQ32yyNKvxX+mAgABvVKA= Date: Wed, 3 Nov 2021 13:35:41 +0000 Message-ID: References: <28b60881586486d571be0c489b60784954dc061f.1635769996.git.min.m.xu@intel.com> <20211103065031.kqufl5dzhg36yr2u@sirius.home.kraxel.org> In-Reply-To: <20211103065031.kqufl5dzhg36yr2u@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0dcf6279-63ef-4b98-836d-08d99eced4c6 x-ms-traffictypediagnostic: PH0PR11MB4856: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ZUjtGnrbkAAjjf5TlyiqdMZmgZMfFK/iD0NdzPl3ShmUz7U9fnjOJ36dStclwSUe0eVEwGqxLmrPlgEaK/VwNlQQ4a6XDjp+FPFYkAyCNwqgre9DxmfHov4u5i3WvuUWiYk0ZExbn4wf2buVklTCeGbKpbAJZoHlF2VaZTw9uVxj7juEAJLPPCK+qk0UDYI8PGs+8m/QzLh0MaKbv1vmV928mof8G9dngy/FnNSQWNxL0XdIJpcfBX5XeGABv3UR/U93KyhNHNiXRjZzGxRjNeGtcrRKhTJBkpOW6S78XpYspkgAzQrBuNRRAcdSlc4jnWd/XvcGERXOwInoRfzuA5JIIXKJdQaZ7KX2EaTNmulf44Q4i9RxPRpSbdj+2qXdzgugDrVWaTqVSy1ahhY/U0BJqyQMHV4d3+ViyE9WzU51lPq9YEHrTh0NBhVHkUlHdd67A9hMlsRyTZhEWkSZqexhfv/kPnijQ5Yf/l1VhEJAbLkT89IdyGe8ZqxdXKdVHdyShWaGCqtLqqbO8q2M8M65n3yg6vHi4nHRI5p8i4iW1U/qsX1kNvCAdVLZ2v+6lqYc6fYvhBeoA0iJZh/hdWi78GQmXsE6WD2eNt/GdOnW5bGPrYKY6LuaV5f9JAO6VtheCkC464yYNGnj1HXFnuOlPHCOVUJG61ae2mpUvc9FLi89NMS8Q8/mrHXI4F4QOeY2DtbPGpHsJ4O5twJqJwLBMj5GMBuTKO0Ps/8YDqCcOS1ancNW8q3OpuZ5Bs0OCzFZ7u2+VfbZtCWSpzHuNC5qKYiKG8EH+yeCkgpwelM= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(66946007)(26005)(122000001)(316002)(66556008)(38100700002)(5660300002)(2906002)(71200400001)(66476007)(64756008)(66446008)(8676002)(52536014)(82960400001)(76116006)(7696005)(186003)(8936002)(9686003)(33656002)(6506007)(508600001)(54906003)(110136005)(966005)(38070700005)(55016002)(4326008)(86362001)(4744005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?A9tsqZVyXX0VsjswdtO//3UBOspecx187yp61BtLBLXYxoSay40Zniun5A5s?= =?us-ascii?Q?JZpD49I78GNAa60c7Dnx3Qo+E3bLzho3CZkubz89OWl9i21a0ZikRZ755TMo?= =?us-ascii?Q?VR/X4aw28ylmlYWbLkLd1lf7NFLxlmISAHTb5yrNOu99SLny5bOIFRtH5zDa?= =?us-ascii?Q?D3RbOK6fwaqWoUFD8uvI6rxYeqUULxn3h/KUc7wKUpKwoQmlTnD2cjJMfzdY?= =?us-ascii?Q?z4AT12dZ6sO/VJPVfiHdINPUapLi+OaAuueDZnwWFicQhhJhflT24T7avnW6?= =?us-ascii?Q?Gtbwmj/cvEA0r4BUw6dvZ9o2f8r7cDCRjaalSsHu4Trg6WhjyQ/Shb80OPOc?= =?us-ascii?Q?ROEnrvfoOGax+VDjWE1U/IOvQAGlCdxltFgx8dvmfaD08E6WY7zeXh7lrMaY?= =?us-ascii?Q?dzYDJP5BVoK4VrmT/uZeJ3U2bZAHg3D8mnpePmZxpYYN2xI6C5CyowJSh93O?= =?us-ascii?Q?H/rPMNHiVesNshMfJcQtQhydFs4hbjZhg/CDQYSRQjBUV6uoyc4Mzg0CEa9j?= =?us-ascii?Q?iCaKmB9cyBGCuoNG4NijPUhPgydRjhZXlPZs/rHg3EcNk52xgPw1ylFNeEQ9?= =?us-ascii?Q?qLMZD92a5/Jebx0bui5mEJhaM8BrLea5f47R6Bo9lmIZeAjPni+aAXaq+6G2?= =?us-ascii?Q?lIx3arh6iuoMWbu8J8OPkDZTazaN2DiSNbbpf2rhDNZ9Ajlb3l+5jeyCdWs7?= =?us-ascii?Q?xl5LpqnQ646j4w/ZSMpsUZoNxy9zFTQVQV0R6dsi4Ns/byg/NUZoBdI0+2xg?= =?us-ascii?Q?cSUJeJTnhlDYH3Smf33+EVNoulbFmRp+FMb7rGcMP3W78SIe84t9IZT4WtA/?= =?us-ascii?Q?WDLAwRuySEyHyj3se3Qc+02sntRh0jKRLO+/dpScGZIpMJ5s8XQGqGuCZvHg?= =?us-ascii?Q?+9Kv2Na3wFGShOZI58vFxJymEovclNyxdBS+oa1EdPl3CPBfM0Cgbs3TCa8c?= =?us-ascii?Q?Eka/eSo+BRtQA6z6ceECSDhliVWWD83a/9D0qV87VNpe2Rdx5p+IIkoA/XlE?= =?us-ascii?Q?Hw9Dknu0AjVozy/x6z7iShSYhvBPiq95hoLGQOUEH24CyCCBu9sFQUPR94nk?= =?us-ascii?Q?Qu+5b9ocAymgmF9DL6L9t15NEunQ0oDCi8r93k5ceyFn8bDBpVB5Zvd4Sb6N?= =?us-ascii?Q?hVLecYJUSuf5kMzQ+73h8NQTivxjiu/I6GDzeqepsyiicI5C/t4dRZgK75+a?= =?us-ascii?Q?xf95jLWUxy2xZE2yATqBzSp00KzGHkEu3SHPHtbX8pRv+H3qDPgGyYayQGIY?= =?us-ascii?Q?mtq1hW3/4wo+2+TXPzXOAXv9KKEDnnIPO1YSDZSsFI6LDHARZ0wKkqUFhIGP?= =?us-ascii?Q?IZOFlHJXIpWWVp2euIjQ4pct7gAzqZndcA2Yn0NmX/3wNeIuaJ41d/I7UoC0?= =?us-ascii?Q?9RRwmrde2tIOswSykDt11HXl++fjs2QMAkd5PW3sE6hJtj1aOVTx22zDDH17?= =?us-ascii?Q?FlyCe02GHenLGt3H1RHfzIjaAB3H9W/2yvkzB++UiAjlJ+Pkg6jZJhst+yw5?= =?us-ascii?Q?BI3g2TVXKhp3hfJ4LkMZ5o7qARMBj+uIXC4VXD/6Bhr/EJ5Nd+nsAxPv0Und?= =?us-ascii?Q?QFvUlWNV501+dX+v/j9+LoAUziHfdb5SPcNMxKlJIojWxD8p37sHpC5GvWl+?= =?us-ascii?Q?ulrcJS2fz/ryt0xx/mvZUjY=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0dcf6279-63ef-4b98-836d-08d99eced4c6 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2021 13:35:41.8602 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dKAMOkq0C29cyAViNE8ZeXOoCm+hSdPL01YHJzxJg02o2aW0LH6vPqIcc9WddOeLPYJa9Z9aMq7y1y3nClggsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4856 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On November 3, 2021 2:51 PM, Gerd Hoffmann wrote: > > +/** > > + Check if it is Tdx guest > > + > > + @retval TRUE It is Tdx guest > > + @retval FALSE It is not Tdx guest > > +**/ > > +BOOLEAN > > +QemuFwCfgIsTdxGuest ( >=20 > QemuFwCfgIsCC() >=20 > > + return (CcWorkAreaHeader !=3D NULL && CcWorkAreaHeader- > >GuestType =3D=3D GUEST_TYPE_INTEL_TDX); >=20 > GuestType !=3D GUEST_TYPE_NON_ENCRYPTED >=20 > > if (MemEncryptSevIsEnabled ()) { > > DEBUG ((DEBUG_INFO, "SEV: QemuFwCfg fallback to IO Port > interface.\n")); > > + } else if (QemuFwCfgIsTdxGuest ()) { >=20 > if (QemuFwCfgIsCC() >=20 Hi, Gerd I re-check the MemEncryptSevIsEnabled() and it doesn't simply check the Gue= stType. Instead it does more checking.=20 See https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/BaseMemEn= cryptSevLib/PeiMemEncryptSevLibInternal.c#L34-L88 Brijesh, what's your thought about Gerd's suggestion? Thanks=20 Min