From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web09.9871.1623253684659293894
 for <devel@edk2.groups.io>;
 Wed, 09 Jun 2021 08:48:05 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Bup3kQtk;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: pbonzini@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1623253683;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=gZ2keqI2/VvsAc6f1EV/AROHYG0WlrpLCycSSUxnOPI=;
	b=Bup3kQtkusYG+iKuU34gj8gLxpCWibJnCqcfgqsfJjl7h4LG0MTpOpgt5VmLrFmgUvFw0P
	kT+JAlWYYgG9Jp0OOkbPmT+5kyc4vCeEzT+miD5idoTJstmTn+pBsgwCR7lpXbmj8eedok
	vV/0qU2P+s2fioopL7iPaJxTp5rhFIk=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-290-g3KWzRR5P2uECV4cRpHA0Q-1; Wed, 09 Jun 2021 11:48:02 -0400
X-MC-Unique: g3KWzRR5P2uECV4cRpHA0Q-1
Received: by mail-wr1-f71.google.com with SMTP id l13-20020adfe9cd0000b0290119a0645c8fso7972853wrn.8
        for <devel@edk2.groups.io>; Wed, 09 Jun 2021 08:48:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=gZ2keqI2/VvsAc6f1EV/AROHYG0WlrpLCycSSUxnOPI=;
        b=Jihpt0eyb3dopUSLLoYwbMDKqIxNZ/fgMzUw6XWZsfrGbj8AKwmY1l37nXQi4kdmtT
         2oI515iq6KE3utMaHmAsqS1KDOgFSFt20I3D1FTftI+dc8MULkWokjsQ8TUcYOSSo6XL
         DrzxaGwnZdxuBqeCYDC+Hf0vLvxF/aKA8k/E2fGuYKyEnIcmRgtCa1N+Iw0VHHya7I6Q
         bnDQ9e+JteHJ3B9TanraX/tIaoGlYNs+aekjrmqTJgWv0BFpHVRcBQYw9K3IMlPFxBsP
         x1kMoBqizGi5ShnF2J+nnOTvx0bRjzcqJhw2svfwxJwhUyy5XK+r5Gc4890QYr1u7U/l
         IMYw==
X-Gm-Message-State: AOAM531skyjupV0tTnK5iYeyaAX0r6T5J9/71Fts3Yf/X/MpDDX6xCEb
	fm63wg21ng4ZrqgXeBbbaq9KXI3qhOrbOPqg04bsipRVMFJNz0LTYoFUEnSL0QZQyvtTpNR/AQc
	kq9D7mzLVvDo5zw==
X-Received: by 2002:adf:f305:: with SMTP id i5mr515591wro.29.1623253681327;
        Wed, 09 Jun 2021 08:48:01 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwaX/U792Jw9U5F0QKyyIm53skWCRUImoqOuV2GaYniNRJj8nTMPy3UFJqMlglnFz5j7SDrjA==
X-Received: by 2002:adf:f305:: with SMTP id i5mr515551wro.29.1623253680992;
        Wed, 09 Jun 2021 08:48:00 -0700 (PDT)
Return-Path: <pbonzini@redhat.com>
Received: from ?IPv6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a])
        by smtp.gmail.com with ESMTPSA id k5sm332808wrv.85.2021.06.09.08.47.59
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 09 Jun 2021 08:48:00 -0700 (PDT)
Subject: Re: [edk2-rfc] [edk2-devel] RFC: design review for TDVF in OVMF
To: jejb@linux.ibm.com, "Xu, Min M" <min.m.xu@intel.com>,
 "devel@edk2.groups.io" <devel@edk2.groups.io>,
 "Yao, Jiewen" <jiewen.yao@intel.com>, "rfc@edk2.groups.io"
 <rfc@edk2.groups.io>
Cc: Laszlo Ersek <lersek@redhat.com>, Brijesh Singh <brijesh.singh@amd.com>,
 Tom Lendacky <thomas.lendacky@amd.com>,
 "erdemaktas@google.com" <erdemaktas@google.com>,
 "cho@microsoft.com" <cho@microsoft.com>,
 "bret.barkelew@microsoft.com" <bret.barkelew@microsoft.com>,
 Jon Lange <jlange@microsoft.com>, Karen Noel <knoel@redhat.com>,
 Nathaniel McCallum <npmccallum@redhat.com>,
 "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
 "Ademar de Souza Reis Jr." <areis@redhat.com>
References: <SA2PR11MB489293010F788D305B7A98AD8C3C9@SA2PR11MB4892.namprd11.prod.outlook.com>
 <e2e49061917477ca0e49988f69e9d352e668a42b.camel@linux.ibm.com>
 <PH0PR11MB5064C22E2D56BDB815FAF0E7C5369@PH0PR11MB5064.namprd11.prod.outlook.com>
 <d3d23deb0ba5c9bd6e89b86f1034f5c62c192ea0.camel@linux.ibm.com>
From: "Paolo Bonzini" <pbonzini@redhat.com>
Message-ID: <b9f473da-3a93-1e97-490d-d855696366b9@redhat.com>
Date: Wed, 9 Jun 2021 17:47:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <d3d23deb0ba5c9bd6e89b86f1034f5c62c192ea0.camel@linux.ibm.com>
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 09/06/21 16:28, James Bottomley wrote:
> That would cut across the ApEntrypoint and the guidedStructureEnd.
> However, nothing says anything in the reset vector guided structure has
> to be data ... so it could equally well be code.  That means we can do
> guid based entries that contain the 32 bit real and 64 bit entry
> points.  This would also come with the added advantage that we can scan
> the OVMF binary to see what entry points it supports.

Isn't the initial state included in the save area just like for SEV-ES? 
  So it's not even QEMU, but rather some external tool that builds the 
encrypted image, that needs to understand that GUIDed structure.

The GUIDed structure can either include the entry point code; or it 
could have room for a couple 8-byte pointers since any fixed-size area 
in the GUIDed structure would be just a jump anyway.

Paolo