From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.83]) by mx.groups.io with SMTP id smtpd.web11.3589.1628018622076829046 for ; Tue, 03 Aug 2021 12:23:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=V66ONxAG; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.95.83, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hzVzVh2nI4/AuBwSUNurLzyJe18SWwqPY2w5bSwHvK4Hk55XbZFKuKRFeJyjX34kYlvmckr6qf3riCFeYluBUmXVNvra8AW6Qs4VkbmEg0ni6mEm4URqfVRW6oa9dClSSsX4KAwmG0i8XBUZKkFZeBGTUsQ8DbvkoWaYlysSBq6GAAOLUP2TT4IpO8unHUYQ8VzJZsTk22FMAb2DCv71Cc4w+RYpxOitfGFZkqt0nVW2Kb2c8Q8y3oJ2l+mh2tyhypqdpTcKcYBUe7/wL3G9RdSL0fkXPFWl6AuBo5MzyF0jJ/hmfuqPUer55rVlOzV1RVV6B2TZXoQ0bSVd2x0kkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4MOS8CD/IckGJVC2nqazxdSBARCktSOi+7WH2j90y+o=; b=g8CspejfoOZDfrsAn7Jy1BwpcCH4X6/USco+cutt7xzCYXxmsJw1Z1IlXt4Zybr3fUQzKLxEooCYsT1QSgcorQ+LamJKs0G63qy4u3IlZIbFL4sWZn18ihKySrqkBJ1Hd3R50oHhSSKlEIkH8VTcialqWajDJYK/kJUt+FDTUKIZNg7+Ve5n218lEa8tQ2jlrb84LbLshDySKJi3PX3Ysp+s9ASX8/Ue+znwa9Jhwl7bf9dAcMAoKxgoFnvhoGSkTAF/bnGtdjJEOPLAuKjN/dAupotby2vRLF/djN1rtMRAXJefGneKMceH9S62KsWGDw0eqIo+UQnLR8SRPk0HDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4MOS8CD/IckGJVC2nqazxdSBARCktSOi+7WH2j90y+o=; b=V66ONxAGD4yB8oQ1uKQID6N8M1aeRL7q00/lTvGdWfX4bI+2op6iBuMl/oHJsNkol7F9xBYk8OcY+jgyQ2PW73LCZRXD7U0h5XPFEpF+Vdm5H8itJ/RyA8uyanYFg4aQSQxwaz5BJKvbAyVuFJ9SpwHbL19XlZvUWjW3Ell79ds= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4413.namprd12.prod.outlook.com (2603:10b6:806:9e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Tue, 3 Aug 2021 19:23:40 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4373.026; Tue, 3 Aug 2021 19:23:40 +0000 Cc: brijesh.singh@amd.com, Ard Biesheuvel , Jordan Justen , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: Re: [PATCH V4 2/3] OvmfPkg/Sec: Update the check logic in SevEsIsEnabled To: Min Xu , devel@edk2.groups.io References: From: "Brijesh Singh" Message-ID: Date: Tue, 3 Aug 2021 14:23:39 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: X-ClientProxiedBy: SN7PR04CA0210.namprd04.prod.outlook.com (2603:10b6:806:126::35) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.31.95] (165.204.77.1) by SN7PR04CA0210.namprd04.prod.outlook.com (2603:10b6:806:126::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Tue, 3 Aug 2021 19:23:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0c2fd463-8cfe-466c-f789-08d956b4331c X-MS-TrafficTypeDiagnostic: SA0PR12MB4413: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Bcuyh96viqDMPGayZrpqdVbWzK1MO9jKkAFu0oaIHqmfrvOvx10W+03H006eP0YkRvhRQiXwSV9P9R90TLemoKqgsoIxFtB2cKaTTCZiZhbB7t+p/1F23BqYDwSWYnk2um36mJiVFRrMQtsfKBvXfVyObcC1VtqmuoILII0Ul0Nb2ZWlGQM34FBtNXd/watJ1Xj1WzcY3PPE37mpIJaEf0OYTc0dR1CuKR7Fx1ExY0KX40KkQA7gyN74N+JqIRw8CH3vmx9wmsvAqLMXBGr6im/D7MInGOGujumEPuIPndKwUPFbnTJoLkvu9Jg3GDsovIbZK2QNzbjvLGsGSs/9J7ZLg4HZqqbo5iuS1jhNZaBo8CndbPGntxR3bRuJrZIfY3HAhg0VqpBPYXeRiZgxlRIAC58oMb3j3O7IBUhjKJkoTKKR2A5BehqzWDm+BC7LBlObgZNkIEfLAYs8dpYa7Xd1biOyjLDE6E/mU3AyaF446TgRnvm+U63kAFdfnE7bxJBNQbD6H2CtcDYs2Aw3ItWU/S55/Ew25O+mOIXAKN+iaRxIxBTH/nf8PERoTIPIVZjgZtzB/WXvH2yB2ip6mZEALCeRL4nT01KkDBopoUbCCAUBI2ZmzvY12QxAx90qBvJmQ3gw4FW49gzszM/SM+WtpLq/qD0f+NJJjGVofrCmRKHN+yPnBWAE7UKOVACvkj1awjq6GrsUIy42JH3+O11Lqu/uJBk+ccidX8KGMEX0eci5Sq0nuhOqkNl9yDPHevA249hypvskI8ic2DtWVAu91s2jLa+rno11e8klT5ry6XFpnWmL9Li2EVrTqaGyzVscOQzyr6Qo5vdueuAmtcduDnaxCxCJL7ADCLujSgs= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(396003)(39860400002)(366004)(346002)(376002)(136003)(31686004)(26005)(15650500001)(31696002)(83380400001)(16576012)(186003)(8936002)(66476007)(2616005)(54906003)(66556008)(66946007)(4326008)(956004)(966005)(316002)(6486002)(38350700002)(36756003)(53546011)(2906002)(52116002)(44832011)(5660300002)(38100700002)(478600001)(86362001)(8676002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cHFKWG00VTdnZE5mY2VpY2tVNVFVc3QwYldWNXhhY0pCditMaVBBdTBBZXJG?= =?utf-8?B?Uks2TmJQWmVlS2VaZXJ2enYzcHVJWW42QWxMdFdiVTdNUThjQTBQejdMdlcy?= =?utf-8?B?S0tGbng1aU9qaUc0K0JWdFVLeEQraVIxOVhXWGM4b2tlQ20zaCt0dFdCeFVi?= =?utf-8?B?dUpGc0FGekx5NjI4SVc1U3Y3LzlTSEE5RENHbzRaaUlJcS9BdG44dUJPTEFn?= =?utf-8?B?KzNEN2M2eWwxTU1kWWNJdUFlbDdOLzRmMC8xMnVLZkxuQ3VQbEtJOWlQUXVG?= =?utf-8?B?QXRGN3ZaUldkNmlhNmZUVzlvWjlQOVVrYUxpVzBialpKVlNTOEV3bEpiT1gz?= =?utf-8?B?V3duUzIrWVJZYUs2RnJ3MTJQZ2tJZmZ1Yi9MbFNMUThMZFdZdGpTclJOMHN5?= =?utf-8?B?WkZ2MVBmTDJJZU52VTVIdWlvK2NRc09FNWhwc2JZUHMzckprY09pT2g0OGQw?= =?utf-8?B?WnA4ekpWRjFRTG94cTVrM21oSGxBM2hSTE5mNVcvZzBrVSt4WjkzNjhHdUxt?= =?utf-8?B?RlpDdHc2THJncjE5b1NtZ1JUMFJpbENrc1Z0bjMzeWdYME82aVJqRk1HZDdl?= =?utf-8?B?cUdMVCtHZm9rL24vTjF6OXJtT1BTK3FvQnFXQkhjcWh5SERYVGhrWHJSam4w?= =?utf-8?B?SC91LzFvU2ZRV3pweDVsdCtDcUxLWWQzYnNuUnZpMUU0RzZaRzJEMUNWbDFw?= =?utf-8?B?V1Q3WmZlWU9wdWJKSXhqRWs3bnE1ajBjdkdQVlorQ1R1WEVoNVY4MkZtWkd0?= =?utf-8?B?RkpINXl0T1NFbUpETjZqVEdyMVpaaUNqZjJVMGlvYWxxNFhwbEZqQk1FSFh4?= =?utf-8?B?Q0NaUGdpZTV0WmhDd2ZtS0lCalBaZ0FQdmswWTBtOWc2ZjU2aW41TENsVWJu?= =?utf-8?B?TVpac041azJreU8wSGMrN3NYcTBKb3U3aVI2cXBubGxqbnBJL1YweDkyaFI1?= =?utf-8?B?VEZjMERORkMwN0wxRjBPczJieFZnb2wzbGNrY3M2ckNaTjZYQkRjTjh0SHpn?= =?utf-8?B?NXVEY3haMlZPUnhqWi81eHVIeUthcHlYVzlCYXpZVmMvdzl6M3lUVVlQZVBn?= =?utf-8?B?R3Njanh3aEFmT3V4bnExQnpGdytsNjQzcDljS2hKUG1TU1dmVVRBbFVya29N?= =?utf-8?B?bXZOZUZEc1BDZUp4WnNPbUNhVXlUajYrU3RqUDBucmcvU3V2ZVVNc2pvZUcw?= =?utf-8?B?NzI3dnB2a0liQmNudjJNWXNLNXJzcEVkaDZBYkNiMHc1djJGQTB5aDdEN3N3?= =?utf-8?B?aTlkLzVoRVhBdDZiekI5UFcyNk5WT2Y5WnVUN29mTGVxWnpmUWVBTnVISnBt?= =?utf-8?B?ODdvSE9UdWxLczhxY3MxN3czcVdOZnhVdHZBWlpPNkxVeE9rcFFPTnQ3QUlI?= =?utf-8?B?cERiVHhJUnhKV2U0aUdRMmhsckY0aXFHaHN0d0F4OVZaTFRHdmN2OXBUUVY0?= =?utf-8?B?eDcyMTVNekhERlJZeFZBNlVDeGtKWU9DTUlHdFRVdVM1WXpMTUEwYVR6Z1Bu?= =?utf-8?B?Vy9xMFhBVVRiV3FMcmdZUWtIemp3UERUQW1PMkx3NFVYcnZVMlZQM3YvZ09R?= =?utf-8?B?T1VrVDloZ2VOcG1jbkwvc2V6eHU2dTk2aFh2NDduL29rV2ZiUmRiRXZRYVFN?= =?utf-8?B?K3l4OUlQSkVnaU1JYVY0dEl2eE1FK09TaXpBdFFTdDRiM2IrT2lNcVNOMndE?= =?utf-8?B?R3JOWG1pdTR3TGk2M0psdGpJeWRqc2djTm4zL050aUNWbVJXSmpiL0xST1Rx?= =?utf-8?Q?DO5+Gbn/EXz3qmnKxAdIgesT/djXSvwNF6QjWAN?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0c2fd463-8cfe-466c-f789-08d956b4331c X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2021 19:23:40.3482 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Kram6MqssLw/sA5+c7qlVcFQJ98/+4LswpLY/GiBg4qOEhwNEperyHLuS/VKJV167MswXMHHUJCuOV/uwRijDA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4413 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Min, On 8/2/21 8:18 PM, Min Xu wrote: > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 > > SevEsIsEnabled return TRUE if SevEsWorkArea->SevEsEnabled is non-zero. > It is correct when SevEsWorkArea is only used by SEV. After Intel TDX > is enabled in Ovmf, the SevEsWorkArea is shared by TDX and SEV. (This > is to avoid the waist of memory region in MEMFD). The value of > SevEsWorkArea->SevEsEnabled now is : > 0 if in Legacy guest > 1 if in SEV > 2 if in Tdx guest > That's why the changes is made. > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Signed-off-by: Min Xu > --- > OvmfPkg/Sec/SecMain.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c > index 9db67e17b2aa..e166a9389a1a 100644 > --- a/OvmfPkg/Sec/SecMain.c > +++ b/OvmfPkg/Sec/SecMain.c > @@ -828,7 +828,7 @@ SevEsIsEnabled ( > > SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase); > > - return ((SevEsWorkArea != NULL) && (SevEsWorkArea->SevEsEnabled != 0)); > + return ((SevEsWorkArea != NULL) && (SevEsWorkArea->SevEsEnabled == 1)); > } This is wrong, we need to check the SevEs sub type and not the global Sev enable. This also need to be broken into at least two commits 1. introduce the updated CcWorkArea structure 2. update the existing code to use the CcWorkArea layout If you are okay then I can rework and send the patch so that you can add the TDX on top of it. thanks > > VOID >