From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web09.9871.1623253684659293894 for ; Wed, 09 Jun 2021 08:48:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Bup3kQtk; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: pbonzini@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623253683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gZ2keqI2/VvsAc6f1EV/AROHYG0WlrpLCycSSUxnOPI=; b=Bup3kQtkusYG+iKuU34gj8gLxpCWibJnCqcfgqsfJjl7h4LG0MTpOpgt5VmLrFmgUvFw0P kT+JAlWYYgG9Jp0OOkbPmT+5kyc4vCeEzT+miD5idoTJstmTn+pBsgwCR7lpXbmj8eedok vV/0qU2P+s2fioopL7iPaJxTp5rhFIk= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-290-g3KWzRR5P2uECV4cRpHA0Q-1; Wed, 09 Jun 2021 11:48:02 -0400 X-MC-Unique: g3KWzRR5P2uECV4cRpHA0Q-1 Received: by mail-wr1-f71.google.com with SMTP id l13-20020adfe9cd0000b0290119a0645c8fso7972853wrn.8 for ; Wed, 09 Jun 2021 08:48:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=gZ2keqI2/VvsAc6f1EV/AROHYG0WlrpLCycSSUxnOPI=; b=Jihpt0eyb3dopUSLLoYwbMDKqIxNZ/fgMzUw6XWZsfrGbj8AKwmY1l37nXQi4kdmtT 2oI515iq6KE3utMaHmAsqS1KDOgFSFt20I3D1FTftI+dc8MULkWokjsQ8TUcYOSSo6XL DrzxaGwnZdxuBqeCYDC+Hf0vLvxF/aKA8k/E2fGuYKyEnIcmRgtCa1N+Iw0VHHya7I6Q bnDQ9e+JteHJ3B9TanraX/tIaoGlYNs+aekjrmqTJgWv0BFpHVRcBQYw9K3IMlPFxBsP x1kMoBqizGi5ShnF2J+nnOTvx0bRjzcqJhw2svfwxJwhUyy5XK+r5Gc4890QYr1u7U/l IMYw== X-Gm-Message-State: AOAM531skyjupV0tTnK5iYeyaAX0r6T5J9/71Fts3Yf/X/MpDDX6xCEb fm63wg21ng4ZrqgXeBbbaq9KXI3qhOrbOPqg04bsipRVMFJNz0LTYoFUEnSL0QZQyvtTpNR/AQc kq9D7mzLVvDo5zw== X-Received: by 2002:adf:f305:: with SMTP id i5mr515591wro.29.1623253681327; Wed, 09 Jun 2021 08:48:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwaX/U792Jw9U5F0QKyyIm53skWCRUImoqOuV2GaYniNRJj8nTMPy3UFJqMlglnFz5j7SDrjA== X-Received: by 2002:adf:f305:: with SMTP id i5mr515551wro.29.1623253680992; Wed, 09 Jun 2021 08:48:00 -0700 (PDT) Return-Path: Received: from ?IPv6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id k5sm332808wrv.85.2021.06.09.08.47.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 09 Jun 2021 08:48:00 -0700 (PDT) Subject: Re: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF To: jejb@linux.ibm.com, "Xu, Min M" , "devel@edk2.groups.io" , "Yao, Jiewen" , "rfc@edk2.groups.io" Cc: Laszlo Ersek , Brijesh Singh , Tom Lendacky , "erdemaktas@google.com" , "cho@microsoft.com" , "bret.barkelew@microsoft.com" , Jon Lange , Karen Noel , Nathaniel McCallum , "Dr. David Alan Gilbert" , "Ademar de Souza Reis Jr." References: From: "Paolo Bonzini" Message-ID: Date: Wed, 9 Jun 2021 17:47:58 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 09/06/21 16:28, James Bottomley wrote: > That would cut across the ApEntrypoint and the guidedStructureEnd. > However, nothing says anything in the reset vector guided structure has > to be data ... so it could equally well be code. That means we can do > guid based entries that contain the 32 bit real and 64 bit entry > points. This would also come with the added advantage that we can scan > the OVMF binary to see what entry points it supports. Isn't the initial state included in the save area just like for SEV-ES? So it's not even QEMU, but rather some external tool that builds the encrypted image, that needs to understand that GUIDed structure. The GUIDed structure can either include the entry point code; or it could have room for a couple 8-byte pointers since any fixed-size area in the GUIDed structure would be just a jump anyway. Paolo