From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web10.5030.1632469201732847196 for ; Fri, 24 Sep 2021 00:40:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=eRC4VPHL; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10116"; a="220820948" X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="220820948" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Sep 2021 00:39:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="485302103" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga008.jf.intel.com with ESMTP; 24 Sep 2021 00:39:59 -0700 Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Fri, 24 Sep 2021 00:39:59 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Fri, 24 Sep 2021 00:39:59 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.102) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Fri, 24 Sep 2021 00:39:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jVkNITzQ5eaQx1NpsEqVfCMHeaPTCgoifdBBUOWUZQZM2qkxgoLRTpP2OEvAoPDg/zFvOwFoRDgKrXYvG52VD4QQQ23cJb8lSK+aIRURbTL9pkr8QBYoib12FavcrY2pQ0C8IPT4VYG0zkqkdUhBNI15b4ST6ge39r1hnYcBoxaWpErY5qWBgFpNs1hKhiqDwFpuuc/hAkrJbB8VzD0fBHvO1Wwtm5roETaF6udv0K3zIOuk6p1abxaY92BRMn8l1OJNOsbWskGU+j76vwuk9wcuQugeLSeoVcT1rhXcQ/wNvUJW74CxEI5WLK14tgmHoWtA4HlVjR04ltzm2eyQbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Gpy6vKgjFS4JmJnbJbMamar/9LUIOkeDhUtTbRvAuMQ=; b=mL1wxGWQXtfPOPQXmSAdOgFu32vnFHGJp+JSqfVnC+hiX7hpP74cck3d3A9dRwL8aBVmiWYSgiz/aAtGSS074ScGLUas2fdprinE/6kf3e43EM+uj2Pw3kpu9kRxJyQIvvzL3Z/s3aI97wBo5G0zqxnN3F7MmeCH4aQnyMIU5E3fCkzv+UtVBqj4kBo+wI8x/i7JlOqAjKovwLI/19Y9K01Nud95cTpiigBadPQxEKIeI9GI0Yvb5QQK1Z3H9bb7lNaGMft7Uwa3OXaF+wONeYFH0azvbGaN3JREVi0vfd3yqhInPQcUbr+PZ5RwvVgP5EC/wxSYrmY3F6I3Ya/H/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Gpy6vKgjFS4JmJnbJbMamar/9LUIOkeDhUtTbRvAuMQ=; b=eRC4VPHLf+ab3enM0H/rIb7lGLWGo2Q6qqFKxpltW8oFfH+O85zMI5QYKDF0LsrG3LiZcmlE25hdIFCyRNI9aDX9B/YxXWZlQLgbYuSLkisC+f/OjgrezUJegFWmxfb9QjB2HfJmK41AjLuyyuxUHq3YAKuqBPIvXquD6wlUllk= Received: from SJ0PR11MB4894.namprd11.prod.outlook.com (2603:10b6:a03:2d4::5) by SJ0PR11MB4909.namprd11.prod.outlook.com (2603:10b6:a03:2af::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Fri, 24 Sep 2021 07:39:56 +0000 Received: from SJ0PR11MB4894.namprd11.prod.outlook.com ([fe80::f54c:e846:c8a8:9dc4]) by SJ0PR11MB4894.namprd11.prod.outlook.com ([fe80::f54c:e846:c8a8:9dc4%8]) with mapi id 15.20.4544.015; Fri, 24 Sep 2021 07:39:57 +0000 From: "Yao, Jiewen" To: Gerd Hoffmann CC: "Xu, Min M" , "devel@edk2.groups.io" , "brijesh.singh@amd.com" , "Ard Biesheuvel" , "Justen, Jordan L" , Erdem Aktas , "James Bottomley" , Tom Lendacky Subject: Re: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector Thread-Topic: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector Thread-Index: AQHXrsfv6qwUC8Li5kiwlPdQeu+jg6uvry6AgAEZ5ACAAIjkgIAALkqAgAAWigCAAAcDAIAAA09wgAEBxwCAAC1eAA== Date: Fri, 24 Sep 2021 07:39:56 +0000 Message-ID: References: <12721dade1f2f9905cc34271d9abec24650442ff.1632214561.git.min.m.xu@intel.com> <20210922074929.e5iwf24t6wyndgbu@sirius.home.kraxel.org> <20210923084821.yxizus3loa2p6hms@sirius.home.kraxel.org> <7c9aeb95-5c33-bd8d-4f0c-40133f4c7c3d@amd.com> <20210924045416.3vb7qxcetgtdggbs@sirius.home.kraxel.org> In-Reply-To: <20210924045416.3vb7qxcetgtdggbs@sirius.home.kraxel.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.200.16 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ece9f384-b41e-4f6f-15a2-08d97f2e81ab x-ms-traffictypediagnostic: SJ0PR11MB4909: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 905AejINau09EW88HLCqQWUpsilqDp+djHuy1Mm+odQC2VZuoW2ev3zEP05RwujbGv2qp3Q7cbVB57wvrZsfyOpAXknWcTgeI1nFG8UxDo4PZwzLu07pXqS6JIYaw2KBeo5sadFukd/80rSAAECRYufm0Q4APHpgEUu2nxXQy/7J0BEK3tgPNt1RkWe+u3hg/2L7oOC6lARg9swBN8R0BqdX8TcGqXk1KmZ0EZlTa/EU89tglqJlSi8CfbCidnikPpIMElKl5sJIJ8FUn+h7sXA/nvalgKjIOZ8eN9wjZnoZQnXBPegm7TdnyE6UqDw272r4mLIIcMpP6lizXEjiWJfKRLGVRE5cE7/gr5A4UDD2QyEfnQzBZWv8vCFaxoWagKUeq8eU/RSMJ6J7ebAZkN7+Q+nI/Wq7ZPTbSCzJ6/2nAV8TjA4WNcdcbr1CXO2KwniXQJk+fOeNoQHnOdVHdSiHeeLzwTyaakEMBGp/xEwdHHrINaHpu89P1k+bl2q96xlGrLP0yK5kabBW3CzFJ+ZiuXfcsw4zQIUFMrY78b5AS22DNsPmt3nhLyO3d+tzXUW8kXhPuoKY5dcrGtMBMh3MpdsuCydPBiJkrWFcGZZ5F8PEhKsUwOYi2qYUvGporZYe9X4GDlHsIdxTY26UqZFCmVP8BcDIf4DEDRDc0qTw1oshsJBwaio9iKYmo0of6IvdETP3RYBZooOmH/VuDrHPTnEvvTBBzte1UD904XZAMbHpPrV9eNZS+wFiwoW6DoAGVsl7VpNc/PpQTnF+4WW6XWB8F0wkL3IDhwSkLfA= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR11MB4894.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(71200400001)(2906002)(52536014)(55016002)(4326008)(316002)(7696005)(33656002)(38100700002)(8936002)(8676002)(186003)(5660300002)(6506007)(53546011)(26005)(9686003)(19627235002)(54906003)(66556008)(66446008)(66476007)(64756008)(83380400001)(508600001)(66946007)(76116006)(966005)(86362001)(38070700005)(6916009)(122000001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?KUhnDx+VJx/u6AwYeF86nTa8Y3EdPi5tlAFd5C8gqv8uJr3J1AFUYvbjcwm4?= =?us-ascii?Q?teLAFYk9TK7dRGdsqGrYcgMvKZ8B5TzJHAFm6BuC3TLFzF7yAHo9Be9HoeK+?= =?us-ascii?Q?dxbjHQ4/rCaw/vCBlw2kLTM20/vCFAc8VLUF22q9bZHngex3KiSoMFwMtJKp?= =?us-ascii?Q?U7whmZ9RJaAmDZLM0UDtYisHqfOgufwWcBlg3BOMMARw05fMUHtXDdIVAnO2?= =?us-ascii?Q?uDZiqqcp/V0hpRqMg7Vvn6zNW1fvQv69QxnVRdArSvyTZhbyswXIc+mCmcJC?= =?us-ascii?Q?nZxATWs+yd1JHWsmWjY+aNOxSP973IeISbD6EpKgMC4dM6ATMQ+HtkYu48SU?= =?us-ascii?Q?Ojm6i/b7MbkZBlbsn72rVDfi0TfGHUZiiQzldKb7bEIiB0Uo6aaG7TJPkWOm?= =?us-ascii?Q?/dzRket4oW/Kd+uGSrC0ewxWkjiQvPemUU7L49D/l7P2CiZOHsW0ZBxviR8b?= =?us-ascii?Q?Y8Ga4NI54CG0L+ZZEQoOTv3639JfHuJDCSCzKndjtCucoyKDy81bo3gZDBPr?= =?us-ascii?Q?YjH4HgdDD9dIBZn9k1e8BNPVbo4mvSNX29a0kFWveMZDp9z/lMXPJr8ffm0/?= =?us-ascii?Q?K/+zV/vo9ry0dpvtbLKxZwUHrJD1pmG20tAdvqmjRMlshamD3DVpWKGlGMiw?= =?us-ascii?Q?4uWaqMQsXZZK3RgCF07kdJDi0piYLBWAaIQb98/Xe+sH14O98wfTgD7CoVor?= =?us-ascii?Q?+BvRBj4L2wTNqKmLQOCt09C1qgmSndsRXmmvCClEPgbQR4qhgCURbiCW/Y0e?= =?us-ascii?Q?dTk1iAPK5c69dHaYeIEJVF4WIkbaYlaLNjU/yNA6i0tUffEmgqvmw0gZVj+R?= =?us-ascii?Q?2uIG+Zz22R6zreLUKT7NnCx2lzu7dY0VANt/HECvQWo+/M7V6+yHoWs0Jkbw?= =?us-ascii?Q?MfSdYID1B4sQHE9OTch+7mfeHc6pTwap5JmRbpl/RHdp7m6Qvsdcp7JPL8UE?= =?us-ascii?Q?WppzFfeaUR16WlGWLkX5W/olL+C2gpCN1ND1nmlEQwEvJo6aY0Zczn7B+cUi?= =?us-ascii?Q?K2EOXQa3Ir26T7MgUikL9tbGw1aoQQr4R32dR//T1E2eNKFrzbnGSeS+WNQU?= =?us-ascii?Q?fZQ82v6ek8R/SZg4mmeBKVP0mAZrxbxXva63MfeBOJzfzsAqxwuNn/85x9J9?= =?us-ascii?Q?NkdPshSG2rncYXqtvO/b5T4XMhenmxu/iSjVoydOu+4N5oA5P7hJHy+ivGon?= =?us-ascii?Q?M20pfgrP9EO/0TaIf4jVSnCz/Hb+SnD7id//vDppQ+iJJBxJGQ4IE7VrBPXz?= =?us-ascii?Q?20av634IKeKloWV/2CrPSv15UBV1zOA3cgwUHnIxReOo223tz1JG5J6CTvPC?= =?us-ascii?Q?/hrdfqDfLoBMpVeTcQbjtIPN?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ0PR11MB4894.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ece9f384-b41e-4f6f-15a2-08d97f2e81ab X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 07:39:56.8898 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JbQAXdAFo2vKjmOy69i075NBoPx4x/WU65gIQMV25U+TteEYfmvJx3q3jjhSFptyt96ScFxn+O5cVkq1+KBrzQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB4909 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Comment below: > -----Original Message----- > From: Gerd Hoffmann > Sent: Friday, September 24, 2021 12:54 PM > To: Yao, Jiewen > Cc: Xu, Min M ; devel@edk2.groups.io; > brijesh.singh@amd.com; Ard Biesheuvel ; Justen= , > Jordan L ; Erdem Aktas = ; > James Bottomley ; Tom Lendacky > > Subject: Re: [edk2-devel] [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVect= or >=20 > On Thu, Sep 23, 2021 at 01:38:52PM +0000, Yao, Jiewen wrote: > > Good point, Min. > > > > If https://github.com/AMDESE/ovmf/blob/snp- > v8/OvmfPkg/ResetVector/X64/OvmfMetadata.asm is the proposal, then I have > more comment: > > > > Type: OVMF_SECTION_TYPE_CODE, OVMF_SECTION_TYPE_VARS are NOT > used for SEV. I am not sure why they are there. >=20 > tdx needs them (for measurement). It's not a tdx-specific concept, > possibly sev-snp wants use that too in the future. That means this is only for TDX. SEV does not need this type. Then this is = TDX specific. >=20 > > Type: OVMF_SECTION_TYPE_CPUID should be SEV specific. TDX does not need > CPUID page. >=20 > A cpuid page can be used without sev too. I don't think TDX need this field. This is SEV specific. >=20 > > Type: OVMF_SECTION_TYPE_SEC_MEM also seems for SEV. TDX does not > need this special memory, such as Page table. It is already covered by co= de. >=20 > These are "needs pre-validation / pre-acceptance" regions. > TDX surely needs that too. I don't think TDX need this. The page table should be covered by CODE alrea= dy. >=20 > > Type: OVMF_SECTION_TYPE_SNP_SECRETS / > OVMF_SECTION_TYPE_SNP_SEC_MEM is SEV specific. >=20 > Yes. >=20 > > The SEV table is totally different with TDX metadata table. >=20 > I can't see a fundamental difference. In both cases the VMM needs > to know the firmware memory layout for (a) attestation, and (b) > pre-validating/pre-acceptance of memory, and (c) some > hardware-specific ranges such as snp secrets page. >=20 > > I really cannot see the benefit to merge into one table. >=20 > Keep reset vector small? > Have common parser structs and code? I think it is opposite. This proposal makes reset vector larger, if we need= define more structure to satisfy TDX, but it is not needed by SEV. Or Defi= ne something purely for SEV, but not useful for TDX. I don't treat it as benefit. Instead I think it is big burden. >=20 > take care, > Gerd