From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.84]) by mx.groups.io with SMTP id smtpd.web09.2474.1615338482488654293 for ; Tue, 09 Mar 2021 17:08:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=vX2WKdwP; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.84, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rmzs8/K527X+NVeyYl4jxa53FrHaYekH/+esirCb0v7rasoUfakRxBwGxRJMSk4R48mck5mBhe9+cyyCrsUy3Fc6vhWqAd3aSs0g9oAjgRl0+NW0g+S5WukkVXXTVGDwUvUkEilbUTENWmimihbz1BITETUbl5fRfv0AdZ5Ca/DmO5GSwsV7++UNanP+pK7nV2M7ZWk3KO/UqHezctHle39LPxfcEt72hpndLEq05P2E3PZt1iKBL6aJBQeNq2+I5AwwMLJ/u31iN9UgkJbYy452Rt5zrVESnehNflQdW+yqy2li4unzSyLZ6JIWgUVjtScHJQXFEmU8HbrcnJFVsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6Kch0qS+qAzIvCHXsq2dmb0jYr+dXTmqcXN097Kb1e8=; b=grWmsd7/p3LGlyeeVvfWXqeel8L/q0WP6DYy4FKxmBaQDchoDhv1oZDlmaprge84+stOeIbP37WLxdBGIQkM44VMM1dxh9d5Dencg3AgcDmQbLhz6jfU8l39hBhFfjg8Lsn+Xd/BpWMhe4k4RxIZMLGZ7K6XYwpvlcKDTN86rtJDGnFAdDe5wEYzyeXf+S5S/JrVaEo0st6YGCn+6Yeeh5AXm7evkDzEgbbgIKXhGnlYXh+/mAmoV1IbXLtZX5bHx4Jsyj773MxLZmJTpNsB1z+bkhxqZJ19EmhOADSLvFZ7PwJm2TmuCCC3tX3NsJFCD2OygQkj5kDooif90Uv6IA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6Kch0qS+qAzIvCHXsq2dmb0jYr+dXTmqcXN097Kb1e8=; b=vX2WKdwPooWtYxTA/s3xnxMJmCWzoN6E1ZNWBeP/taksg42ZNVmzV4yGzZsz5tL66RO8U2uUUKkZc4F7hN7c1jDpSyK3qLiNWgPnwLGJgZP9ZoxO1NXfMFUwp/yI2hA6WblPzh58Eu5hFlPKY1VGQFxhPyOTV0ZwfhlYUFhw9so= Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Wed, 10 Mar 2021 01:08:00 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3890.038; Wed, 10 Mar 2021 01:08:00 +0000 Cc: brijesh.singh@amd.com, Liming Gao , "Liu, Zhiguang" , "Justen, Jordan L" , Tom Lendacky , James Bottomley , Tobin Feldman-Fitzthum , Dov Murik , "Dr. David Alan Gilbert" Subject: Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX To: "Yao, Jiewen" , Laszlo Ersek , "Xu, Min M" , "devel@edk2.groups.io" References: <2e6e8275-e5f2-c8f3-e30a-f1ee51d279fd@redhat.com> From: Brijesh Singh Message-ID: Date: Tue, 9 Mar 2021 19:07:59 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 In-Reply-To: X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SN4PR0701CA0010.namprd07.prod.outlook.com (2603:10b6:803:28::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN4PR0701CA0010.namprd07.prod.outlook.com (2603:10b6:803:28::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Wed, 10 Mar 2021 01:07:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: eea37a1b-3323-453e-6866-08d8e360f30b X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AbuLY7TrT+wZS1znHhKMpuzrP+V28zNVZ0NKgvSYCmOeYN8l0cvJ6OhEAijGkQpPCJSCi9FSmq16apDAslehfzRi7wUFRVIy/CjVJqGzW+XiA4o7vBctA8EI28IShWsWc6gnI2CvgZnbiNU7To0/92mKP7bj5sSQJ0yX+tVUa5AFaDSxFWCfLXWPDq5igrQFuiw+SddBLft2dwXT1XEccUikF4yGD0r2TPQolhOj7BF398YucuMg9qjAvvRPCqXJE5yB4gadUKcz2QK8Pw5zaAtDFP/MFbYk+hjWa9CvZUDjbJT0t7Y6N3NNJ6te2VFTDJ6fyS4/VyQcWTi+xHpjH14lPv50ISzKRQMsvUdF7er5YWYMbqfPN+Nj3xFXsf2bMb2oJIDdxMt2tsJ17+uat4N6aDnP5TMe9MzK04hDK5W0nE/e459sr8KQfxnusMPjE66QyP4lgmQwMtrFId6W98q82u4R+jM3r7n4vDwLJ2C/aCAGwJrGbY9iPGwyJcmfe3TqLgLIaCzkHxPhjrA1XjnIoX97Skv0XOWwdf+bPDNfAm8wsYB6i9JxXG8NablqIkvazruIr2vtNrsoWUu9MRXPQ6KcV81TIBH0Qh8/HuvIx3IWJ7gtU2Xfe3qROF07RQGC74/0hzFNuxeeCyIzVpBp/A+8dAk2ytyAi+noBYoLVP6H50pO0i+5BrMqOOGn X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(346002)(366004)(396003)(39860400002)(186003)(7416002)(8676002)(16526019)(31696002)(52116002)(66946007)(66476007)(6512007)(53546011)(83380400001)(66556008)(316002)(110136005)(4326008)(36756003)(31686004)(8936002)(54906003)(2616005)(26005)(5660300002)(966005)(6486002)(86362001)(956004)(44832011)(2906002)(6506007)(478600001)(45080400002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?RU9saEFYMjBNYjZGUXVDWXFEZGJnaVd1akFqUmIwVXZMbFhEUjFjTEY1aVpt?= =?utf-8?B?bXowNTloZVRVRk15SjJ0M0tSSENndjBJK2JMN1RHVTlKRCtGeHJIY2s1eEFq?= =?utf-8?B?RkFCVmNXcWJEVzBXL3lIRVUvTVo0Skc4UncveHpvS1M2SGtiY0NDdE5Ickw2?= =?utf-8?B?Qyt3M005UEVXeVNpUjNTQTFRdXgrS2VONEFzSUU5bG0xWU5aVTdKdWVES1Vp?= =?utf-8?B?eFh5VkUrdXp6ZGdwSkh3WEFQaHlvMEpxeWNuM21wNm1xalV5VWt2a3V5U2N1?= =?utf-8?B?Umh4VUk2dlJTWCtSZnRxaWFWMG9PRHQ1dlRmcnA3bFBrS1BBZ2k1a2lQMTI1?= =?utf-8?B?QWdiWVBKNlB6U0hWNVYzem9QSGNvRHk2WVR3RzdTVkZPQWIzZ29MdzEra0Ny?= =?utf-8?B?NjVCWllHMzNnOHNMcWYxU0pZY1F4eGxOYkEzODVkQzA5Z2M2TkdFY014MmJn?= =?utf-8?B?UGM4clpwSUQvK25lOEU1enpNblB4ZFEvRmUvb1FwRjJWdEFYWXIxbkNKTHFX?= =?utf-8?B?UzNsbHVaSlluU2RvUzNVUU9yV2JxOFE1d2RXVFFxeDF2cGpJZTRFVCtHSFNq?= =?utf-8?B?K2lMZUxMWXpoNXNjVTIzL1FRTTVpQytkU25wRjI3Q1BhUFQ1VXdsWkZwQ0dL?= =?utf-8?B?aWFoWkFuZ0FsdU82elFFOUJQbURpOHpSTTNkSmpwcGQwK2lTU0g5S200NldO?= =?utf-8?B?N2h5c1RndTh1Sk9LUjFMNndZK1J1Z0FVdWZUcm9iQ2VKeTdMV1czTlNoQ0Zl?= =?utf-8?B?djYyL1VSbkxYVVFHZWd2YkdZN2UzeXBkZ2tUNXc3eHo1bng2dmZvTnhmdVpG?= =?utf-8?B?R1JrbHloS0hFZ3ljZVN4WXAwN3FDdDkycFVJSzEyVXN3Qkw1NXNZSDF0VDFh?= =?utf-8?B?TzBGOU1rOW03K25BNm9oM0lVZDVXeXo1enM0b0FSYUhnaWlQZWg2OEtpUXZx?= =?utf-8?B?VnljZFNYNE55RHdNL2ViVTZZY1ZxRm5YbUgwM0VBVFlidTRmMlBHWHZhQ0tv?= =?utf-8?B?T1JVbVV3MHhiaiswanRNNGo4c0FjaU5VYUpHSlJYY1FUNWpQOVU1OGdJZURx?= =?utf-8?B?MWVWUDR4cTVzQU51cWo0eTFicjdiYW4rWDgwRHVlUVlOM05mZCtUWktITUR4?= =?utf-8?B?aWYvNEg1R1p5YmIxUDRRb2VUdXI4WnFyeGNLWTRvQTFoalhtdUlxaFJ6T1B2?= =?utf-8?B?NUdsZmVDSWNlOWNQb2JYL1RrcGRSNTJTaUkyaXladE9XdzV2OFdDbmRhTVlS?= =?utf-8?B?UkQ4b1JEUE11TWJoREtKUFp0YnBrZW43b0YzNDMyMkU1Y0tKd1ByOFNPTGE2?= =?utf-8?B?SVFTTGRzL1k3SmVpeW0zZGRIdFg3YnlxTm5nb0JDR0Y5TEprOXNaYStkQ2x4?= =?utf-8?B?dHRmVVdqMHE1TVRXcDlBcUd5V2QzRkQvWmNUbWFXUnlwRXl3cTZiSWQ1Tmhs?= =?utf-8?B?RmxBbjJmdE1VR1oyK1VKdEo4NGpKMlVzKzhXYVd5amF5dXZFMkZITWxBQzRz?= =?utf-8?B?WmREV3paL0hmaFRBMmZwbFhnODJNYU5FaE5mWkxYRmhmeTBseTRHVDl4NzEr?= =?utf-8?B?SExwNndxTVE2QVRZUW43SlVhMm01QjhQenFGVisvblpMekZPZ283UnNlZks2?= =?utf-8?B?RkNwTmxhTEliZXpyN0ZkaXN5OUpKcElmSmRFWU1vdjhqL1Y4WEhSWVd4eFJt?= =?utf-8?B?QU5VZUJXRHJpajlDdzJTb3ZTQ094UHMxYjBSUzZtV2R4Mk9UWmRoOEo4TXRV?= =?utf-8?Q?xBVCQ7Ku5IXL46RqyaAuvbkTzkZsf2dkr5UEUU6?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: eea37a1b-3323-453e-6866-08d8e360f30b X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2021 01:08:00.8239 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RAo/7QghYq4v3LAdTW5tYhls/le0RXrWztou6dmkw/P3kFcSYGEvoODVVxm7ulGhYn4Bmtl65srXcC4rDuQyWQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Thanks Laszlo for copying me. From AMD, I will be soon start submitting the SNP support in the OMVF. I look forward collaborating with Yao and Min on software architecture. On 3/9/21 6:25 PM, Yao, Jiewen wrote: > Very good suggestion. Thanks Laszlo. > > For 3), Min Xu and I will be the reviewer for Intel TDX change for OVMF. > > For 6), agree. Although there is some architecture difference, e.g, AMD using PSP - a co-processor while Intel using TDX module - a new CPU execution mode, we should align as much as possible between Intel TDX and AMD SEV, especially for pure software architecture. > I will be the Intel reviewer for confidential computing topic. > Welcome AMD/IBM/... having a representative too. > > Min and I will sync and submit the patch for maintainer.txt > > > Thank you > Yao Jiewen > > >> -----Original Message----- >> From: Laszlo Ersek >> Sent: Tuesday, March 9, 2021 9:06 PM >> To: Xu, Min M ; devel@edk2.groups.io >> Cc: Liming Gao ; Liu, Zhiguang >> ; Justen, Jordan L ; Yao, >> Jiewen ; Tom Lendacky ; >> Brijesh Singh ; James Bottomley >> ; Tobin Feldman-Fitzthum ; Dov Murik >> ; Dr. David Alan Gilbert >> Subject: Re: [PATCH V3 0/3] Add TdxLib support for Intel TDX >> >> On 03/09/21 13:57, Laszlo Ersek wrote: >>> On 03/09/21 07:12, Min Xu wrote: >>>> REF: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3249&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cd28ff222c8714f55263008d8e35af722%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637509327122407224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lvpMxaXmLtXn8cn%2BLx2MMU9blA0kJrEyQe5IbOW4YJg%3D&reserved=0 >>>> >>>> The patch series provides lib support for Intel Trust Domain Extensions >>>> (Intel TDX). >>>> >>>> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology >>>> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory >>>> Encryption (MKTME) with a new kind of virutal machines guest called a >>>> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the >>>> confidentiality of TD memory contents and the TD's CPU state from other >>>> software, including the hosting Virtual-Machine Monitor (VMM), unless >>>> explicitly shared by the TD itself. >>>> >>>> The Intel TDX module uses the instruction-set architecture for Intel TDX >>>> and the MKTME engine in the SOC to help serve as an intermediary between >>>> the host VMM and the guest TD. TDCALL is the instruction which allows TD >>>> guest privileged software to make a call for service into an underlying >>>> TDX-module. >>>> >>>> TdxLib is created with functions to perform the related Tdx operation. >>>> This includes functions for: >>>> - TdCall : to cause a VM exit to the Intel TDX module >>>> - TdVmCall : it is a leaf function 0 for TDCALL >>>> - TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID >>>> - TdReport : to retrieve TDREPORT_STRUCT >>>> - TdAcceptPages : to accept pending private pages >>>> - TdExtendRtmr : to extend one of the RTMR registers >>>> >>>> The base function in MdePkg will not do anything and will return an error >>>> if a return value is required. It is expected that other packages >>>> (like OvmfPkg) will create a version of the library to fully support a TD >>>> guest. >>>> >>>> We create an OVMF version of this library to begin the process of providing >>>> full support of TDX in OVMF. >>>> >>>> To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec >>>> - PcdUseTdxAcceptPage >>>> Indicate whether TdCall(AcceptPage) is used. >>>> - PcdUseTdxEmulation >>>> Indicate whether TdxEmulation is used. >>> (1) per Jiewen's feedback, please drop these PCDs -- importantly, please >>> drop DB-encoded instructions in assembly source code >>> >>> (2) It's not really helpful to post three versions of a patch set over >>> the course of a few hours. I don't suggest posting more frequently than >>> once per day, unless agreed otherwise. >>> >>> (3) Please add a new section to Maintainers.txt for TDX content in >>> OvmfPkg. At least two Intel developers should be listed there as >>> Reviewers. I'd like to permanently delegate TDX reviews to Intel >>> contributors. >>> >>> See also the "OvmfPkg: SEV-related modules" section in "Maintainers.txt". >>> >>> (4) The patches contain numerous style issues: >>> >>> - overlong lines, >>> >>> - incomplete "@retval" comments, >>> >>> - Library #include directives mixed with non-library #include directives, >>> >>> - variables that should be STATIC but are not declared like that, >>> >>> - whitespace errors: missing space character between function designator >>> (or macro name) and opening paren >>> >>> - more whitespace errors: missing space characters around "if" and >>> "else" keywords >>> >>> (5) Some of the source files have outdated license blocks (e.g., >>> open-coding the 2-clause BSDL and stating a copyright year of 2020, >>> rather than stating 2021 and using "SPDX-License-Identifier: >>> BSD-2-Clause-Patent") >>> >>> Please go over the patches with a fine-toothed comb and refresh them. >>> >>> (6) It would be nice if SEV-related patch sets and TDX-related patch >>> sets were cross-CC'd between AMD and Intel contributors. (With the >>> intent being code reuse, and perhaps "design reuse".) >>> >>> Maybe we should have an additional "confidential computing" reviewers >>> section in "Maintainers.txt", covering both SEV and TDX modules. This >>> would allow for a wider set of CC's, without obscuring who should review >>> TDX vs. who should review SEV. I think this unified section should list >>> a number of IBM developers too. >> (7) Some more admin stuff: >> >> (7a) every patch in this series should carry the following line in the >> commit message: >> >> Ref: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3249&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cd28ff222c8714f55263008d8e35af722%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637509327122407224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lvpMxaXmLtXn8cn%2BLx2MMU9blA0kJrEyQe5IbOW4YJg%3D&reserved=0 >> >> (7b) whenever you post a new version of the patch set, please add a new >> comment to , >> linking the just-posted version (the cover letter email) from the >> mailing list archive. >> >> This is important in case we want to review the evolution of the patch >> series later. It's more difficult to find relevant email threads later >> than to link each posting immediately in the bugzilla ticket. >> >> Thanks >> Laszlo