From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.67]) by mx.groups.io with SMTP id smtpd.web10.12671.1636036578759250501 for ; Thu, 04 Nov 2021 07:36:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=N0hiIw5Q; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.67, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KhJjO+/jRvhgccsmdYTiRl2UfGYMPDINO5gl1Xi4yLdc1u3VfZuxy+jHxYs+oooy6iY+ilW52GJsAg3iWqeEbmRiDqNB6aXYAEk5tkG1hlZO99LNSK9qTcY/4ySCx0ea2jkwfRQpLGfz4D2sRqbGYOQXP/6jgOJFduiaecv234hWe1rUcGxud7TDfXWYq3RMKCTwklyDSdT7MyP8guY/oGNYRVy20YaPVUL6SurSGHvfkMrdgQYntakV57W8PUFZFr5Zg4ynxG+8lWpqt/ecaETSz5cS0ot9BgtHSgDVf5brRKmy4l702KsTH4LXyVa+4Ao3XJSrlRNrS1db69BARw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mh/pa2IAz3nwOqJe2AIyp7ae52QTpL5Z3KioBj+qbSM=; b=MguSu5/8rDZtntMWvxae2P3+hTFesRlFTm8n2+Jb/PO3xrnJSU0nrP8PrhsRARJEfCuI/rLk47fZFrLbNQLQ8NbIi6GZOOFWiTvZRh5b7ooPmqZSUrbfIVpNDwsPQe7BIKEUlfE1Tg+xvyCE9VJsG7xnEu5Km33MD0JrE8OR4pLCHKobQfbrsyNPYEPC0JpxOAhcZDNg6V6rE9/lzzcwR8Dm1Wp6hWLQsz+LAdxoBuhecMwDKfEJo0+ezXYgqihJkn2pWzA3oS8HQEqkuJfGDOygpH5dME0q2yVX9LqcIsECScDJonAiTObhMeAh46Q0fhEufiiloR7fq9xh7tlBVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mh/pa2IAz3nwOqJe2AIyp7ae52QTpL5Z3KioBj+qbSM=; b=N0hiIw5QayZycA6RkJScvneu8+dsYVMYTZzNXZFsgj578UGrO5IxFnP23J1Y3AaIigK/yhJA0nv9ZG4El9bC31BzAXAxGoztxE/mGhhWI+UR4mbP4UElfWnAZdLLhzNjvhkfM0MNGMwAz8VnxjVRBaJZce99TW+5UCiJqOyWVoE= Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11; Thu, 4 Nov 2021 14:36:16 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::e4da:b3ea:a3ec:761c]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::e4da:b3ea:a3ec:761c%7]) with mapi id 15.20.4649.021; Thu, 4 Nov 2021 14:36:16 +0000 From: "Brijesh Singh" To: "Xu, Min M" , Gerd Hoffmann CC: "devel@edk2.groups.io" , Ard Biesheuvel , "Justen, Jordan L" , Erdem Aktas , James Bottomley , "Yao, Jiewen" , "Lendacky, Thomas" Subject: Re: [PATCH V3 20/29] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Thread-Topic: [PATCH V3 20/29] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation Thread-Index: AQHX0H8f+q9N5hE6AEehxuRK7NmiAKvxzmWAgAGi2G4= Date: Thu, 4 Nov 2021 14:36:16 +0000 Message-ID: References: <28b60881586486d571be0c489b60784954dc061f.1635769996.git.min.m.xu@intel.com> <20211103065031.kqufl5dzhg36yr2u@sirius.home.kraxel.org> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_88914ebd-7e6c-4e12-a031-a9906be2db14_Enabled=True;MSIP_Label_88914ebd-7e6c-4e12-a031-a9906be2db14_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d;MSIP_Label_88914ebd-7e6c-4e12-a031-a9906be2db14_SetDate=2021-11-04T14:36:16.102Z;MSIP_Label_88914ebd-7e6c-4e12-a031-a9906be2db14_Name=AMD Official Use Only;MSIP_Label_88914ebd-7e6c-4e12-a031-a9906be2db14_ContentBits=0;MSIP_Label_88914ebd-7e6c-4e12-a031-a9906be2db14_Method=Standard; suggested_attachment_session_id: d70de641-3f04-4153-9ec6-b9e799eb98ed authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 011d9827-5807-40dc-41cf-08d99fa0759a x-ms-traffictypediagnostic: SN6PR12MB4751: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 4syK8fCbgS1wDws+aXv8EkEi4Kna5zCmOPAGZ/Q84LEI5Ry2rXOzkk5VXmVoCBWheCtQZipfNW/P/7XXkP653tzY8doHgR9cX1ukBviCqiGnw3yGSktK2/V5ZhWXkKWRASpA2nlRC5t5cUQoClIJ4qbV/LMg0/+D+7gN5u5KUtRrRb5SYLg0Z28CNxcLshxHLA9hO/kAIrGypRoZsJOKq3TZ1oVwEPV/w/xLU8ULDd1tgCaLfoti68JUEGC1k8qbyzZ7X19EOAm7K4lGOLyJGcsrUtwirRtrItDr0DS9COtP4UzyBnm2GwEFY1nKaqMX6LuTv5jeSztSLhqRIIqy3gHqya7/NA1G/Pv4wIClRviBzcah5fD3GMdRg2ESbpJPhFKYCNYN0WWL8sAmuvfD/pTdCRsULDXsrGRGnf72pZykyjpyyO9cg32LGupTokfhLGGrhq+pRC6EBpFKhAY+X/KqsU54lcSglFASt6C9Ihh1wIoUc0Sztfn1qb1wIdpo1GksNdgWGHsIAEX3/zuT1LEo+clSSSaYQcXQv59Tl0gkV3UeXt4dzPhtraudNJcngS+WQ3g567goiL2X0sUz5iMUixydBQMN+HQMf6ruuzKUow5a80bQDbKTQ9LOuseoT5Z2H+miy2PxS0iWDzs1vezEEJZBu8v1zrPpxBsmV8QQaWozavUlCjCkkBpG5DPkKYO/zECvuFm8TEb/d85umey0UtgUIBrgXBlwv61y1vaX3VinskLUI02OOAoHB1NBihN0uxAH1Wcz6VSV2fVK6QGeoWkvnqXqFeCKWmixckY= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(122000001)(38100700002)(71200400001)(19627405001)(54906003)(966005)(45080400002)(508600001)(86362001)(91956017)(5660300002)(76116006)(110136005)(8676002)(8936002)(26005)(4326008)(6506007)(33656002)(53546011)(66446008)(64756008)(7696005)(66476007)(66556008)(66946007)(186003)(52536014)(2906002)(316002)(38070700005)(55016002)(166002)(9686003);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?5VCrbV9vnm9AAbJg4v1p6eeETm4Wvu4QMnCA+0h3yy4I6Syqb/vlBCM5YA?= =?iso-8859-1?Q?mqSkrDz9TD0Qg+HcQ2+rdVqXWVZEGQQeddu7o1oaYhLXM/9d97Lwdp8lhS?= =?iso-8859-1?Q?olnwW/y6lyTO/DcahdDYC9QT5eJC17uGkCDdEXs3aWy8pMkV/chpspWJ02?= =?iso-8859-1?Q?gX/i2uf51fYjyCeX2oKvXn251+b7gwN3pfHTxtvVES/kzqHghe8BFMEk81?= =?iso-8859-1?Q?Dmk5j4j7wvslUqAKnjWSNZOMAcjvGLpaIoOnBazmNCzDY0BIpQiMbe/o96?= =?iso-8859-1?Q?FXOJmYLb1jD0NmyjfdTP3zrRmb6GdO9xvC0RW1rjWiNuD6V1r1b9M28/oF?= =?iso-8859-1?Q?3zAh9kj/IIH9Sp9AdtgbXN+YdoR2qjuHL7oMOEc8hddfnG6lSMC4NC7F1/?= =?iso-8859-1?Q?oYOPYc8P+H2wgDHRzL5iDKQ29ItBHQ4BpS2mWiWLpsyoyBy3qbxUVkaJcA?= =?iso-8859-1?Q?UbpwiJ1kuLWBCpM8bBRaXTaiKekFXiXf7l2+IFpB+cQbMQ1MJGzKMXUA+R?= =?iso-8859-1?Q?OMVsR5E/LxD5MsEwUPCkRPg9KNGezk3P/Dx4lOFSE84a1lgCMPLkiWrLoQ?= =?iso-8859-1?Q?L0X1+PhRkUh9rW+S3DAoAos+BgjxBZp2R10riaVIZutUX1PFSPPBgfIWy+?= =?iso-8859-1?Q?Ah3yJTb83d09YXm/cJR7SfrPONm2F42Y9bOEZbzAoN4ZTq0FD8LGgu6/7b?= =?iso-8859-1?Q?wZvTUkfeJBaj3k/T+mDM5HeCoExpEvSgjJlo0XJnpej6fg7reAWip2ED+l?= =?iso-8859-1?Q?iRfN+7cSQZfWX8qbfLR1cDaEXvuIQWtXTRvC9UrlkRB0EhrGh7ibvWy8NO?= =?iso-8859-1?Q?t2/VVJNC1YwTzc13VfGw5SrWtsBy8VBAg1HEs9xSKltfOaF/XvyW/7G7TI?= =?iso-8859-1?Q?pKuvQeGhsgm3G+3sAcgZs95jh00iDukU24sDEJGmuQoFu8w9SEYRqQKMDq?= =?iso-8859-1?Q?KK/nCZ7ItYoIFZsIEXgBVoyBajWb769Pxm0RlYCwNdNfTlnXBMCDRRkIGb?= =?iso-8859-1?Q?B3JeB8d9SdLExYHDE19X0n2eKmv+/5+t3u2kL8WbO1EbZG4PwYLCCcLRVK?= =?iso-8859-1?Q?dak9wWeOwcvdY3rvKjbh7v9YvI2VkGd9bjwo3FeYPmnFBphJlX2PisICiE?= =?iso-8859-1?Q?LKVLhyJ/QBx1w4ZOSCs1wbSLs5hd0OXwJRDiH5K+7GA+v4+Auw5nXYhp7i?= =?iso-8859-1?Q?UlsfvNljlp12C/owGJ9q1Cok8JBhBdWJgjuaop3fowfRUl1iztfPqGd040?= =?iso-8859-1?Q?ZI3KYTsPOrxc27Qz2T5pljZNPLLgUxB38u6GBUPIVbLNmpEcX8ukS7+fnp?= =?iso-8859-1?Q?8QDYhhX0JPGjrXaJYBfRwjmpPig2afCivvhu4NmgK8sVxFSffFNHYJVQWq?= =?iso-8859-1?Q?XUi4x/B9yDIyuA2Sz+ZWuXeV2DV+3IT9CxNkpCxQhORA8cDOBC8ocmhdcV?= =?iso-8859-1?Q?+PlRj7aicPSJeETxZ8RtY9hdSuLiS4wS0rYALngjoOCQxlRm5p7cfuL7ni?= =?iso-8859-1?Q?zJEN2mEIypbOdUFL6RoJ44OMNsNDBwlXagoy5WepYEzDbda7D+sQ5F/WbN?= =?iso-8859-1?Q?CIP7C2thRBdfjbn9WE7EEx7Y+BvsuPmAm0pX8nfBccFPYNb3+P0tWuTJiP?= =?iso-8859-1?Q?McHEjIGU2Tlu3zA9sNaZdFLTMsj4VRZJOLnsVRlEwIjU8aG2qg2FQRNA?= =?iso-8859-1?Q?=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 011d9827-5807-40dc-41cf-08d99fa0759a X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2021 14:36:16.5833 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8xzFuNfgBcX4yM7MH+NZxZMz2n16/dOcwgTTsFNNOOYThLqXV9AhsUrnNeqyN1SfGANeFtf9tSn4AvTWWEX+pQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751 Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_SN6PR12MB27189063878F3995C68CF5E0E58D9SN6PR12MB2718namp_" --_000_SN6PR12MB27189063878F3995C68CF5E0E58D9SN6PR12MB2718namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable [AMD Official Use Only] Hi Min, I am good with Gerd suggestion. Now that we have workarea containing the gu= est type, I can sure summit a patch to simplify the checks greatly. I am wa= iting for the UefiCpuPkg maintainers to ack our SNP series so that I can st= art building/cleaning other stuff. Thanks Brijesh ________________________________ From: Xu, Min M Sent: Wednesday, November 3, 2021 8:35 AM To: Gerd Hoffmann ; Singh, Brijesh Cc: devel@edk2.groups.io ; Ard Biesheuvel ; Justen, Jordan L ; Singh, Brij= esh ; Erdem Aktas ; James Bot= tomley ; Yao, Jiewen ; Lendacky, = Thomas Subject: RE: [PATCH V3 20/29] OvmfPkg: Check Tdx in QemuFwCfgPei to avoid D= MA operation On November 3, 2021 2:51 PM, Gerd Hoffmann wrote: > > +/** > > + Check if it is Tdx guest > > + > > + @retval TRUE It is Tdx guest > > + @retval FALSE It is not Tdx guest > > +**/ > > +BOOLEAN > > +QemuFwCfgIsTdxGuest ( > > QemuFwCfgIsCC() > > > + return (CcWorkAreaHeader !=3D NULL && CcWorkAreaHeader- > >GuestType =3D=3D GUEST_TYPE_INTEL_TDX); > > GuestType !=3D GUEST_TYPE_NON_ENCRYPTED > > > if (MemEncryptSevIsEnabled ()) { > > DEBUG ((DEBUG_INFO, "SEV: QemuFwCfg fallback to IO Port > interface.\n")); > > + } else if (QemuFwCfgIsTdxGuest ()) { > > if (QemuFwCfgIsCC() > Hi, Gerd I re-check the MemEncryptSevIsEnabled() and it doesn't simply check the Gue= stType. Instead it does more checking. See https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgit= hub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FOvmfPkg%2FLibrary%2FBaseMemEnc= ryptSevLib%2FPeiMemEncryptSevLibInternal.c%23L34-L88&data=3D04%7C01%7Cb= rijesh.singh%40amd.com%7Ce9ff44a121444737aa8d08d99ecedcd6%7C3dd8961fe4884e6= 08e11a82d994e183d%7C0%7C0%7C637715433574095127%7CUnknown%7CTWFpbGZsb3d8eyJW= IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&s= data=3Dh2q2P79zm%2FfF44q35%2FGFmVI%2BOShQGwdNIUEZZSToM%2FQ%3D&reserved= =3D0 Brijesh, what's your thought about Gerd's suggestion? Thanks Min --_000_SN6PR12MB27189063878F3995C68CF5E0E58D9SN6PR12MB2718namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

[AMD Official Use Only]


Hi Min,

I am good with Gerd suggestion. Now that we have workarea containing the gu= est type, I can sure summit a patch to simplify the checks greatly. I am wa= iting for the UefiCpuPkg maintainers to ack our SNP series so that I can st= art building/cleaning other stuff.

Thanks
Brijesh


From: Xu, Min M <min.m.x= u@intel.com>
Sent: Wednesday, November 3, 2021 8:35 AM
To: Gerd Hoffmann <kraxel@redhat.com>; Singh, Brijesh <brij= esh.singh@amd.com>
Cc: devel@edk2.groups.io <devel@edk2.groups.io>; Ard Biesheuve= l <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@i= ntel.com>; Singh, Brijesh <brijesh.singh@amd.com>; Erdem Aktas <= ;erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Lendacky, Thomas <Thomas.Lend= acky@amd.com>
Subject: RE: [PATCH V3 20/29] OvmfPkg: Check Tdx in QemuFwCfgPei to = avoid DMA operation
 
On November 3, 2021 2:51 PM, Gerd Hoffmann wrote:<= br> > > +/**
> > +  Check if it is Tdx guest
> > +
> > +  @retval    TRUE   It is Tdx gues= t
> > +  @retval    FALSE  It is not Tdx guest=
> > +**/
> > +BOOLEAN
> > +QemuFwCfgIsTdxGuest (
>
> QemuFwCfgIsCC()
>
> > +  return (CcWorkAreaHeader !=3D NULL && CcWorkAreaH= eader-
> >GuestType =3D=3D GUEST_TYPE_INTEL_TDX);
>
> GuestType !=3D GUEST_TYPE_NON_ENCRYPTED
>
> >      if (MemEncryptSevIsEnabled ()) { > >        DEBUG ((DEBUG_INFO, &qu= ot;SEV: QemuFwCfg fallback to IO Port
> interface.\n"));
> > +    } else if (QemuFwCfgIsTdxGuest ()) {
>
> if (QemuFwCfgIsCC()
>
Hi, Gerd
I re-check the MemEncryptSevIsEnabled() and it doesn't simply check the Gue= stType. Instead it does more checking.
See https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub.= com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FOvmfPkg%2FLibrary%2FBaseMemEncrypt= SevLib%2FPeiMemEncryptSevLibInternal.c%23L34-L88&amp;data=3D04%7C01%7Cb= rijesh.singh%40amd.com%7Ce9ff44a121444737aa8d08d99ecedcd6%7C3dd8961fe4884e6= 08e11a82d994e183d%7C0%7C0%7C637715433574095127%7CUnknown%7CTWFpbGZsb3d8eyJW= IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&a= mp;sdata=3Dh2q2P79zm%2FfF44q35%2FGFmVI%2BOShQGwdNIUEZZSToM%2FQ%3D&amp;r= eserved=3D0

Brijesh, what's your thought about Gerd's suggestion?

Thanks
Min
--_000_SN6PR12MB27189063878F3995C68CF5E0E58D9SN6PR12MB2718namp_--