From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web12.8313.1607047282952925474 for ; Thu, 03 Dec 2020 18:01:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IR5IHcrd; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607047282; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RKt4jid8yU89TpCm6aOkFtmVaaV3ZQaJlBW1Bi22qM8=; b=IR5IHcrdlPNjn4JZ+Pql70nfAjzoLz3Idj2gZ3eQ6YR+3/S/gI4buAWPOo6O3orZ/Y9s52 SKfre+0l5n+IJuwfovkwYoVqdGNLfsrNUT0V7Gws0fHkrrhHqY6XJavubBDEKjZtt5L8d2 bNTL5ecwBZjVt8fT3/XGOYHxoHpyeeU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-463-jz4bn65-MEKIAC7AEO0fcQ-1; Thu, 03 Dec 2020 21:01:17 -0500 X-MC-Unique: jz4bn65-MEKIAC7AEO0fcQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 91F0B10054FF; Fri, 4 Dec 2020 02:01:15 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-157.ams2.redhat.com [10.36.114.157]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8DC531001901; Fri, 4 Dec 2020 02:01:12 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v3 0/6] SEV Encrypted Boot for Ovmf From: "Laszlo Ersek" To: jejb@linux.ibm.com, devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Jordan Justen , Ard Biesheuvel References: <20201130202819.3910-1-jejb@linux.ibm.com> <0805f171-b5c2-a556-3e64-c700aaf06d85@redhat.com> <762be18c6132f0f55e029879931ba6bca79323cd.camel@linux.ibm.com> <18bbe7d1-a51a-647e-d05a-73e5465d31cc@redhat.com> Message-ID: Date: Fri, 4 Dec 2020 03:01:11 +0100 MIME-Version: 1.0 In-Reply-To: <18bbe7d1-a51a-647e-d05a-73e5465d31cc@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/04/20 02:55, Laszlo Ersek wrote: > I will send a short patch series to add the exceptions, and once > that's upstream, we *will* merge this (v3) series. BTW the tweaks I added on top of your v3, in , are as follows (git range-diff output): > 1: 4020c20b2342 ! 1: b96494ad75db OvmfPkg/ResetVector: convert SEV-ES Reset Block structure to be GUIDed > @@ -8,8 +8,9 @@ > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 > Signed-off-by: James Bottomley > - > Message-Id: <20201130202819.3910-2-jejb@linux.ibm.com> > + Acked-by: Ard Biesheuvel > + Reviewed-by: Laszlo Ersek > > diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm > 2: 488fbdbe7689 ! 2: acc8cb13da8d OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF > @@ -11,8 +11,9 @@ > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 > Signed-off-by: James Bottomley > - > Message-Id: <20201130202819.3910-3-jejb@linux.ibm.com> > + Acked-by: Ard Biesheuvel > + Reviewed-by: Laszlo Ersek > > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc > new file mode 100644 > 3: 796ec96e3414 ! 3: b80ce0838781 OvmfPkg/AmdSev: add Grub Firmware Volume Package > @@ -19,8 +19,10 @@ > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 > Signed-off-by: James Bottomley > - > Message-Id: <20201130202819.3910-4-jejb@linux.ibm.com> > + Acked-by: Ard Biesheuvel > + [lersek@redhat.com: replace local variable initialization with assignment] > + Reviewed-by: Laszlo Ersek > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > --- a/OvmfPkg/OvmfPkg.dec > @@ -779,7 +781,9 @@ > +{ > + EFI_HANDLE Handle; > + EFI_STATUS Status; > -+ UINT16 FrontPageTimeout = 0; > ++ UINT16 FrontPageTimeout; > ++ > ++ FrontPageTimeout = 0; > + > + DEBUG ((DEBUG_INFO, "PlatformBootManagerBeforeConsole\n")); > + InstallDevicePathCallback (); > 4: d954947f8d14 ! 4: f3cda3cadde4 OvmfPkg: create a SEV secret area in the AmdSev memfd > @@ -10,8 +10,9 @@ > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 > Signed-off-by: James Bottomley > Reviewed-by: Laszlo Ersek > - > Message-Id: <20201130202819.3910-5-jejb@linux.ibm.com> > + Acked-by: Ard Biesheuvel > + [lersek@redhat.com: fix typo in "ResetVectorVtf0.asm" comments] > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > --- a/OvmfPkg/OvmfPkg.dec > @@ -52,7 +53,7 @@ > +; > +; SEV Secret block > +; > -+; This describes the guest ram area where the hypervisor may should > ++; This describes the guest ram area where the hypervisor should > +; inject the secret. The data format is: > +; > +; base physical address (32 bit word) > 5: 1a18c4921cdf ! 5: c38b3caf22ad OvmfPkg/AmdSev: assign and protect the Sev Secret area > @@ -1,14 +1,17 @@ > Author: James Bottomley > > - OvmfPkg/AmdSev: assign and protect the Sev Secret area > + OvmfPkg/AmdSev: assign and reserve the Sev Secret area > > - Create a one page secret area in the MEMFD and protect the area with a > + Create a one page secret area in the MEMFD and reserve the area with a > boot time HOB. > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 > Signed-off-by: James Bottomley > Reviewed-by: Laszlo Ersek > Message-Id: <20201130202819.3910-6-jejb@linux.ibm.com> > + Acked-by: Ard Biesheuvel > + [lersek@redhat.com: s/protect/reserve/g in the commit message, at Ard's > + and James's suggestion] > > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc > 6: 6970b9413c93 ! 6: ea823d078162 OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table > @@ -11,6 +11,8 @@ > Signed-off-by: James Bottomley > Reviewed-by: Laszlo Ersek > Message-Id: <20201130202819.3910-7-jejb@linux.ibm.com> > + Acked-by: Ard Biesheuvel > + [lersek@redhat.com: fix indentation of InstallConfigurationTable() args] > > diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec > --- a/OvmfPkg/OvmfPkg.dec > @@ -152,7 +154,8 @@ > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > -+ return gBS->InstallConfigurationTable (&gSevLaunchSecretGuid, > -+ &mSecretDxeTable > -+ ); > ++ return gBS->InstallConfigurationTable ( > ++ &gSevLaunchSecretGuid, > ++ &mSecretDxeTable > ++ ); > +} I meant to include this range-diff in the email where I'd confirm the merge and the commit range; too bad I got distracted with this ECC mess. Laszlo