From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.75]) by mx.groups.io with SMTP id smtpd.web11.1585.1618868549651503881 for ; Mon, 19 Apr 2021 14:42:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=A9P1mgaT; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.75, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SHsYwyB4E3pyckdO66Lmd42BRzv4GcLcH/k//P6kwBD6MEGk8pMe8Vjsrykn19fH34Npd677ScCOALRCU4DqX32WwZOwE5geqde5v8XxN7BtYE+nw+g7eIDftM/ip0WlRXikoyQXur8obo8O0bh5LgMukHIoR0K7raUjKIYzLAPwOxlcTmyCCbrEDoaZ8b01GmnHFBOd1DiCuOd8owlw8+ppUV9H2ams67KL/GpY4z1zjbMJXQElnfY6UWAACTR7ebMA0ljOnHzHqgTKDr5Xydz4yabAgQCVBWR8NRUMJyWedf2E4Os9Ckw5uK2fe8Nde8sWiq8YSldh9x4uy08XEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BcZem9uVAuiXYjX1U+vaFu+ieJO1oI9Lw6/8HnH9t/o=; b=dEdZqbp0Pw2eJY7bO/M0JCt56kdc8hXWj4Da1UJtKz9C6cZAxtznn2QAvZm+aRXRn75P9f40ZFhjt0hUXMTT3321g5aI0H4U1Cj703JYdXxS7d4Af1R3myQLE+B/NJX1wZhIjGoc91++b2HQVrGDJJVW14esnwzr73aEiRil1t+5Av221DdvXmr7EV/zwlrQa1tlp1WhM5+qIORqddSw+95BDI6WKCgwh/Q31iXIJ8gwXyJvxBJIXQkgT/mwiqsB4fEDjwAgwzR/EJxbMy0dbXJoT0V2pwPK/Lyc3m8wCI3SfdxYACOrwrAofORVZQ+oV+cwwWWeXev9L93FRcN8rg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BcZem9uVAuiXYjX1U+vaFu+ieJO1oI9Lw6/8HnH9t/o=; b=A9P1mgaTJ651qRtYwuEmwMNqYbP3TFW0tqBy3vfAsiM224fsTLiTDynlAquD9qFi+yqV9spBy5Tn6vXDJp/fR+FGh79kKcLxTaaxD0aaXXqRb36ySC7EM21ss1Hn1miGWWTbpIKE1xIq0vfAsZ/1f5Hrz9u3ccyKfrBaMhjXYbc= Authentication-Results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4590.namprd12.prod.outlook.com (2603:10b6:806:93::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Mon, 19 Apr 2021 21:42:28 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4042.024; Mon, 19 Apr 2021 21:42:28 +0000 Cc: brijesh.singh@amd.com, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel Subject: Re: [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest To: Laszlo Ersek , devel@edk2.groups.io References: <20210324153215.17971-1-brijesh.singh@amd.com> <20210324153215.17971-2-brijesh.singh@amd.com> <6bfc9b77-57ae-02ea-5be1-eeb15eab446b@amd.com> <778bc927-94b0-56cb-708b-612d2498dc4b@redhat.com> From: "Brijesh Singh" Message-ID: Date: Mon, 19 Apr 2021 16:42:18 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.1 In-Reply-To: <778bc927-94b0-56cb-708b-612d2498dc4b@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SN7PR04CA0191.namprd04.prod.outlook.com (2603:10b6:806:126::16) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN7PR04CA0191.namprd04.prod.outlook.com (2603:10b6:806:126::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Mon, 19 Apr 2021 21:42:21 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e2835caf-77b9-4441-3c68-08d9037c0341 X-MS-TrafficTypeDiagnostic: SA0PR12MB4590: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vwA4qtGRxF0c3+j27TjARQ39T/JryFCnREF7vl39kgTAc85qKSjRlHtzt7W1IucXCsCkvxMfswTqIN7wNLTzPRUkZJODtxJs24Uguq9EIlHN3k0+ITt2j/NMNNUtpYXUcrdGJRwUmndRibcHdqX3FZTzdAoe3eW8jFsBfDWNCScdgTJQbqB0su0aQpRwuPcJHob9VnKwBCadjUAS2tey4CWtCh162sveaZK7w0LI2K5mktBPzfpW3ZdBTmOdB+3JRUnBfWH75AG4MCn519Ut/3L0+JPrlkgLN2oqMhrkWIvtwB4W0vdFPHYVvrvOkZssPnmb2LWEqivhIyRSdbOLtbrIzH//O8ZVgs3ObsOGSgK/qDwbxhmPB33VbSfocpHkmlhBukZrJfBPWs9FyP9dec3sGy5WgsnPZ2ydqQtGo/N732QRnsSgQ/SdvTKeXzRGvOybwh3ogEeCSzF8YrOgGtw5LT0knnFmNkyaEKPGTScVFVq6xEAPsH7DZQSb0ihvMy3xS/6F8k0fXXXXx+0LJ1tdSUSpuRlTLsv1ggSnl9yeiAXM2UcxUhsVQ0iE6WXUwN99T0PMLGa4wux6IcTrKxiQ/hvg6lOSBeBOKjiWPeRXGOhXa8OFV3y2NZOYhLjKEURqnf/EbVPVsv/EJmCS+BBgstYY1aucEU9Dx/mJEgscuXTbXRf01GmFYx18DHPwnZvE7u7MGVL3pSah4zMyh3st7SvTGxLJFqxf6tErrxQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39860400002)(396003)(376002)(136003)(346002)(2616005)(66476007)(66556008)(31686004)(8676002)(956004)(44832011)(6486002)(478600001)(31696002)(54906003)(38350700002)(66946007)(316002)(6512007)(4326008)(2906002)(5660300002)(36756003)(8936002)(52116002)(38100700002)(16526019)(186003)(26005)(6506007)(86362001)(6666004)(83380400001)(53546011)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?WTFvOUZGY1NwRkRyWXg0NlR5ais1MDZmNU43NnljYUowMmhCUnJZSnZCWkRX?= =?utf-8?B?MWxSOU8xTmFSbmI5MU9yeTlDTGsvQklnSS82Y21lcUNpNHZGeUUvakdEa3dm?= =?utf-8?B?Mmc0bVFla25kY2VJV0ZDL2tOZytGa3prTVNITHF1VjdQWEpPb242SVFHQ3Fa?= =?utf-8?B?T2VWSUk5QUs2Q3ZFYWVIak9YbTlDaUV6M1NCS2V6ckk2dDM1dytvNXUrKzFr?= =?utf-8?B?SE5tMVpzUVBMYWZKNGN1K1A1eS9HbXQ0alR6ajlOOEVuU3o4ZVM1eGcwblFx?= =?utf-8?B?ZnVoODdjK1o5bHNMb3hUZjJTWTR3NWFTV0lCVlB4QnpMVldncVljYTBKa1l5?= =?utf-8?B?UDlWZFdidEM5NmNzRlp3dlZod0wyMkJDS3NaaW5ZYTNURE5WdExmb2wveWZs?= =?utf-8?B?MjhxOUQxbWJUbEpvU2N4RXhYaldyOGZWRUh3Y29YTXpGQ3YxQ1AzbXlkbjM2?= =?utf-8?B?VisyQlU0KzdudW1uRnp4V2ZDUi8vSXNtaS9rUFdsYTdSWE1CV2IrNVlQS21S?= =?utf-8?B?QjFwL0prM05FOHRqYTNKbFBHb2RPVWhqU3RBS1dsVi94TzN5VUJOTldFQWdn?= =?utf-8?B?RTBKeitTNlV2eTlVM3dNcklZTlYwSUZ2TWJjWno1aUhtUlhPdlZhZGFYZDVX?= =?utf-8?B?VTdFcHdSWm9XY0hiMXhONHlqdExueDRJOVpuYyt4bkltU1JSSVhSeDkzc2dk?= =?utf-8?B?U2hPQmpTZDZTSHNnT0ZWWVlhMXNhZmFSNTNRY0c5djZ2VFNCelFGYit6dEpq?= =?utf-8?B?Wlp0ckRDTXlCK1dCNHZrTHhyVFVVSzNoRkxrM3JzdXRxSlRQNFpTZHhjUGFE?= =?utf-8?B?NmFiY2liRzhscUZpY0d0UWdqdDRoQjNsVWNobHdIVGY4Q2ZrQTJzcUxwN1Vs?= =?utf-8?B?ZHZ2MWtFVVk2cnZGV2RwWXBDTGxlaW9sSUordHVGWHVOYUlGUDJQQ25Yd3M5?= =?utf-8?B?ZU1yS2hTRncwSnNTSi9YV3VWL1I1a2tzYzhxT3NYVGNXTlVlSnVnNVY5Q2x3?= =?utf-8?B?cm13dkFQaGRFRGF1eXJoUE5aVUdocHZsdVpLeGRPQVVNcE9MREVWTnYrUmhF?= =?utf-8?B?dmtZdVAvbHV0dXdjQjB3SmpKQVNHSDdUVHk1ak5zU2tHRDdWbkZHU0ZqMGJP?= =?utf-8?B?TDRDSC92Tm9jTUdjMDlJcGNjQ1IzckEvN2swWmlvWkN4Y3Fqam4vZnVIUDhr?= =?utf-8?B?a0x0RlBGY2I2OXV5U1pKTEJDOUlrVzdOdmg4aXFzUjF3K1Uwc3J3ZWlyR1p0?= =?utf-8?B?S2FJNjhZSkRnWmcwbFFqTjgzWHhvUExWak1yUjRrbHpXVm1VMFYxTGFjQi9r?= =?utf-8?B?WjVTRU9WYlZ4UU5RSVZQRDRMTndWZlRxcnN2YmFYWXoyN1d6ZW1SN2F3WUtp?= =?utf-8?B?Z0lTby9QbllzVGZYY09hZWY0c2Z1OW9NYS85L3grVzFIb2t6MDhnRHZmNDdH?= =?utf-8?B?UE1vK0VqbjB6ZG5rT2RIYXcxalVJcFgvMis0QkRUU2VxaDZpSDA4RkdJZXRq?= =?utf-8?B?QXBDakVQOWYrL3RZakd4bG5DQXlMQXF6aUtOZXRLOUwzYi93bU96aExXSzVI?= =?utf-8?B?UDZiTzN4eFB5TlprSnlzL3JWQnNUNEFtZzFDT1M4V1g5US9ieFlZcnY2d0li?= =?utf-8?B?R3NpbWJhQ3g2K2krdE1tZ0FmQ25LbVlJVXA3RUQ0L2REc09wRXcxRElVclhJ?= =?utf-8?B?WGJhd1BiVFJGbDVPeDZocHB0WWV1bHdsOGZMS212a1VSRXVQOVRTREdCcDl0?= =?utf-8?Q?BMTgVbekiXACAirV/7ZVv6oOknQOjls0YVxC3p0?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e2835caf-77b9-4441-3c68-08d9037c0341 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2021 21:42:21.6170 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: p5B8zzAC/Zdyo8WkotD1+q4Uchx4Y8iqA0gtcwKcBGz+fLQuhpIRG2ho6zRbeuupLKJo1TYIYxyBMTsAooeRRw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4590 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 4/13/21 4:49 AM, Laszlo Ersek wrote: > On 04/12/21 16:52, Brijesh Singh wrote: >> Hi James and Laszlo, >> >> I was planning to work to add the support to reserve the Secrets and >> CPUID page in E820 map and then create the EFI configuration table entry >> for it so that guest OS can reach to it. We have two packages >> "SecretDxe" and "SecretPei" in OvmfPkg/AmdSev. Any issues if I use them >> in the OvmfPkg.dsc ? Here is what I was thinking: >> >> 1) Rename the PcdSevLaunchSecretBase -> PcdSevSecretsBase >> >> 2) When SNP is enabled then VMM use this page as secrets page for the SNP >> >> 3) When SEV or SEV-ES is enabled then VMM uses this page as a launch >> secret page >> >> This will allow me to drop PcdOvmfSnpSecretsBase. This will not just >> save 4-bytes but also minimize the code duplication. > I'm pretty unhappy about needing a separate page for each such purpose. > We're wasting room in MEMFD. The GUIDed structs that we expose to QEMU > seem to be flexible enough to describe non-page-aligned addresses, > right? Can we pack larger amounts of cruft into MEMFD pages? > > I'm not looking forward to the day when we run out of slack in MEMFD and > we get to shift PEIFV / DXEFV. (Every time we need to increase the DXEFV > size, the same risk exists -- which is why I've been thinking for a > while now that OVMF includes too many features already.) This can > introduce obscure changes to the UEFI memory map, which has caused > compat problems in the past, for example with the "crash" utility. What's your take to move all SEV-specific reserved pages at the end of PcdOvmfDecompressionScratchEnd ? I have not tried yet, but I can give try to make sure the ES works after such moves. What is a general rule of thump to what goes in MEMFD ? Is this all the data pages accessed during the SEC phase ? If so, then we probably can't do everything after the PcdOvmfDecompressionScratchEnd. The only thing which we can quickly move out is a secret page. > The feature creep in OVMF has gone off the rails in the last few years, > really. (Not that I'm not guilty myself.) > > Thanks, > Laszlo >