From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web08.3064.1627501352038598904 for ; Wed, 28 Jul 2021 12:42:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@newmexicoconsortium-org.20150623.gappssmtp.com header.s=20150623 header.b=BhQH5B2t; spf=none, err=SPF record not found (domain: newmexicoconsortium.org, ip: 209.85.216.52, mailfrom: dbautista@newmexicoconsortium.org) Received: by mail-pj1-f52.google.com with SMTP id e2-20020a17090a4a02b029016f3020d867so5689775pjh.3 for ; Wed, 28 Jul 2021 12:42:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newmexicoconsortium-org.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=NN6MEYa2jagUwwgAIos+4pUDpywcne0Dv7Azw+90d0o=; b=BhQH5B2tEd/OoWFwga7CXRHzTI//S6VZqH+mBExaHtLDKf1z4V+h4K1sPAPGF2GrRe pA78khN2hRLTTpQzxkrN1oG5zJZstXeLxf+FXFBk0Bz5/2JW/15ADicyYZyesemzefv0 hky1jW8e4icp2tbL26xYgAHAr8gYnk5Qz0yMgi7LDoQnYK9L+G2Sl49OSHXB1zYBHoau ERN4WGx18NIcjc3DCMoP/flMUjRsOTGLyvlGUXqkOvHZpDHb28gz9Yb208N1jAdjpmDY D1OdYXFRsFx5NL/77T9YGJiMFHqsXYLUrHK5N9St4UrszIEVQR1B3KeggsLEtgHc+u17 s+Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=NN6MEYa2jagUwwgAIos+4pUDpywcne0Dv7Azw+90d0o=; b=QHxXi0XQ9KF4kWPkY67CvoICcmdUjZ3ujYPMD8S8j4g3QfiqRgMlZzfIVwf+xtEldw JY4r3EbpuCwTGoGXQLWYJYL1v/q2BIadb/XMKZqu4mx7nhPBgZp2ZY+ZkY6d0YVJhUyL 2nhIcINqiDC1oQFy3fFpmxqU8UbONL1vAhZ/86CmF6tTBeX6zG7bjn9883KYvVJ3TwCV WeGcu4IeYDAKIDeZ81dz0C5BmWO6FFCt9PXzkCtpzA2O40oesll2ptg7ewbSgZXv4NnI NLQm0sdKEWq8/AkRfqXzyDYXghYrJu0Jz3c+pCzk24ijXkVr3cqV4YOOz9Odq8q4xOi1 T/lw== X-Gm-Message-State: AOAM532V2fB3NVIzsAGvmbBMUxqKeqRgAKtTzK+Z+El6drdl+117/8T5 hM/5JzyQA+prixes2WoDuAMAtA== X-Google-Smtp-Source: ABdhPJxPB+iIkRxmhWISiYcbujnfsy2TB+lIA/l2nTk+6OsTUWzTpIl4RJmf7bYgS1O0s00pB4ru9w== X-Received: by 2002:aa7:95a1:0:b029:359:ca4e:d25d with SMTP id a1-20020aa795a10000b0290359ca4ed25dmr1429946pfk.51.1627501351573; Wed, 28 Jul 2021 12:42:31 -0700 (PDT) Return-Path: Received: from [192.168.3.111] (c-73-48-255-158.hsd1.ca.comcast.net. [73.48.255.158]) by smtp.gmail.com with ESMTPSA id a13sm854140pfl.92.2021.07.28.12.42.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 28 Jul 2021 12:42:31 -0700 (PDT) Subject: Re: [edk2-devel] [PATCH v1] OvmfPkg: Add build options for 8MB and 16MB X64 OVMF images To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Tom Lendacky References: <7bfd4b82fc725302beb37e13c4a89d389c34ec34.1622048433.git.dbautista@newmexicoconsortium.org> From: "Devon Bautista" Message-ID: Date: Wed, 28 Jul 2021 12:43:08 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------FAD4CBDEFACD221575EE70E2" Content-Language: en-US --------------FAD4CBDEFACD221575EE70E2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Laszlo, I apologize for the delay. I've been heavily preoccupied in another work program I am involved in. On 5/27/21 3:12 AM, Laszlo Ersek wrote: > On 05/26/21 19:08, Devon Bautista wrote: >> Currently, the largest volume size for building OVMF images is 4MB. With >> the growth of the Linuxboot project, maintainers have had to maintain a >> fork containing this patch which allows larger image sizes in order for >> Linuxboot developers/users to have enough space to experiment with >> and test including their own Linux kernel in the DXE section of OVMF >> firmware. Testing using OVMF is valuable since it allows testing in QEMU >> and thus does not require any hardware to do so. >> >> This patch allows specifying '-D FD_SIZE_8MB' or '-D FD_SIZE_16MB' to >> the OVMF build script in order to add the ability to build 8MB or 16MB >> x86_64 (X64) OVMF images, respectively. >> >> Signed-off-by: Devon Bautista >> --- >> OvmfPkg/OvmfPkgDefines.fdf.inc | 34 ++++++++++++++++++++++++++++++++++ >> OvmfPkg/OvmfPkgX64.dsc | 10 +++++++++- >> OvmfPkg/VarStore.fdf.inc | 16 ++++++++-------- >> 3 files changed, 51 insertions(+), 9 deletions(-) >> >> diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.inc >> index 35fd454b97..da37758934 100644 >> --- a/OvmfPkg/OvmfPkgDefines.fdf.inc >> +++ b/OvmfPkg/OvmfPkgDefines.fdf.inc >> @@ -66,6 +66,40 @@ DEFINE SECFV_OFFSET = 0x003CC000 >> DEFINE SECFV_SIZE = 0x34000 >> !endif >> >> +!if $(FD_SIZE_IN_KB) == 8192 >> +DEFINE VARS_SIZE = 0x84000 >> +DEFINE VARS_BLOCKS = 0x84 >> +DEFINE VARS_LIVE_SIZE = 0x40000 >> +DEFINE VARS_SPARE_SIZE = 0x42000 >> + >> +DEFINE FW_BASE_ADDRESS = 0xFF800000 >> +DEFINE FW_SIZE = 0x00800000 >> +DEFINE FW_BLOCKS = 0x800 >> +DEFINE CODE_BASE_ADDRESS = 0xFF884000 >> +DEFINE CODE_SIZE = 0x0077C000 >> +DEFINE CODE_BLOCKS = 0x77C >> +DEFINE FVMAIN_SIZE = 0x00748000 >> +DEFINE SECFV_OFFSET = 0x007CC000 >> +DEFINE SECFV_SIZE = 0x34000 >> +!endif >> + >> +!if $(FD_SIZE_IN_KB) == 16384 >> +DEFINE VARS_SIZE = 0x84000 >> +DEFINE VARS_BLOCKS = 0x84 >> +DEFINE VARS_LIVE_SIZE = 0x40000 >> +DEFINE VARS_SPARE_SIZE = 0x42000 >> + >> +DEFINE FW_BASE_ADDRESS = 0xFF000000 >> +DEFINE FW_SIZE = 0x01000000 >> +DEFINE FW_BLOCKS = 0x1000 >> +DEFINE CODE_BASE_ADDRESS = 0xFF084000 >> +DEFINE CODE_SIZE = 0x00F7C000 >> +DEFINE CODE_BLOCKS = 0xF7C >> +DEFINE FVMAIN_SIZE = 0x00F48000 >> +DEFINE SECFV_OFFSET = 0x00FCC000 >> +DEFINE SECFV_SIZE = 0x34000 >> +!endif >> + >> SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress = $(FW_BASE_ADDRESS) >> SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareFdSize = $(FW_SIZE) >> SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize = $(BLOCK_SIZE) >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >> index 999738dc39..28351e2f56 100644 >> --- a/OvmfPkg/OvmfPkgX64.dsc >> +++ b/OvmfPkg/OvmfPkgX64.dsc >> @@ -66,11 +66,19 @@ >> !else >> !ifdef $(FD_SIZE_4MB) >> DEFINE FD_SIZE_IN_KB = 4096 >> +!else >> +!ifdef $(FD_SIZE_8MB) >> + DEFINE FD_SIZE_IN_KB = 8192 >> +!else >> +!ifdef $(FD_SIZE_16MB) >> + DEFINE FD_SIZE_IN_KB = 16384 >> !else >> DEFINE FD_SIZE_IN_KB = 4096 >> !endif >> !endif >> !endif >> +!endif >> +!endif >> >> [BuildOptions] >> GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG >> @@ -501,7 +509,7 @@ >> gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000 >> !endif >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if $(FD_SIZE_IN_KB) == 4096 || $(FD_SIZE_IN_KB) == 8196 || $(FD_SIZE_IN_KB) == 16384 >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 >> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400 >> !if $(NETWORK_TLS_ENABLE) == FALSE >> diff --git a/OvmfPkg/VarStore.fdf.inc b/OvmfPkg/VarStore.fdf.inc >> index a1e524e393..70db929478 100644 >> --- a/OvmfPkg/VarStore.fdf.inc >> +++ b/OvmfPkg/VarStore.fdf.inc >> @@ -11,7 +11,7 @@ >> !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) >> 0x00000000|0x0000e000 >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> 0x00000000|0x00040000 >> !endif >> #NV_VARIABLE_STORE >> @@ -29,7 +29,7 @@ DATA = { >> # FvLength: 0x20000 >> 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> # FvLength: 0x84000 >> 0x00, 0x40, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, >> !endif >> @@ -41,7 +41,7 @@ DATA = { >> # CheckSum >> 0x19, 0xF9, >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> # CheckSum >> 0xAF, 0xB8, >> !endif >> @@ -51,7 +51,7 @@ DATA = { >> # Blockmap[0]: 0x20 Blocks * 0x1000 Bytes / Block >> 0x20, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> # Blockmap[0]: 0x84 Blocks * 0x1000 Bytes / Block >> 0x84, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, >> !endif >> @@ -70,7 +70,7 @@ DATA = { >> # This can speed up the Variable Dispatch a bit. >> 0xB8, 0xDF, 0x00, 0x00, >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - >> # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8 >> # This can speed up the Variable Dispatch a bit. >> @@ -83,7 +83,7 @@ DATA = { >> !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) >> 0x0000e000|0x00001000 >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> 0x00040000|0x00001000 >> !endif >> #NV_EVENT_LOG >> @@ -91,7 +91,7 @@ DATA = { >> !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) >> 0x0000f000|0x00001000 >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> 0x00041000|0x00001000 >> !endif >> #NV_FTW_WORKING >> @@ -109,7 +109,7 @@ DATA = { >> !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) >> 0x00010000|0x00010000 >> !endif >> -!if $(FD_SIZE_IN_KB) == 4096 >> +!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384) >> 0x00042000|0x00042000 >> !endif >> #NV_FTW_SPARE >> > I'm providing minimal feedback here just to get this review off my plate > as quickly as possible. Sorry, I'm collapsing under my TODO list. > > > (1) Every such change is compatibility breaking, so we *must* use the > opportunity at once to *significantly increase* the non-volatile > variable store size as well. > > We need to discuss this question with OS vendors and hardware platform > vendors on this list, to see what physical flash sizes are expected in > the future, and we must add a good safety margin on top of that. > > The primary concern is with the dbx variable growing without bounds over > time. > > Once we introduce a new FD_SIZE_IN_KB option, we're stuck with its > varstore layout forever, so we'd better get it right and future-proof at > once. Would you prefer to see a new patchset version addressing points (3) through (5) and adding the plaintext spreadsheet of the region offsets/sizes based on Brian's suggestion and discussing this point on that new thread? Or would you prefer a new discussion on the "discuss' list? Or use this thread? I've already started on the next patchset version, but can wait on submitting for more discussion if desired. > (2) [FD.MEMFD] should immediately benefit from this change, even if your > downstream populates FVMAIN_COMPACT with something else than PEIFV and > DXEFV. First, we're almost out of (uncompressed) DXEFV space again. > Second, especially the confidential computing technologies have been > gobbling up the nice, low, free space in FD.MEMFD the way a kid with a > sweet tooth empties a cookie jar. This change is already compat > breaking, so I'd like to see *some* proposal (separate patches) for > enlarging *and pushing up* PEIFV and DXEFV. I suppose it would be sensible to work this out after this patchset gets finalized, but your input is greatly welcomed here. > (3) Unfortunately, I have to agree that introducing *both* a 8MB option > *and* a 16MB option is justified, per QEMU commit 0657c657eb37 > ("hw/i386/pc: add max combined fw size as machine configuration option", > 2020-12-09). > > However, please add each option in a separate patch. That makes sense for logical separation and atomic commits. Will do. > (4) Dumping a bunch of magic numbers on reviewers is unhelpful. I'll > need to sit down with a calculator and go through the patch with a > magnifying glass. Please support that work by creating a commit message > (summary table) similar to the one in commit b24fca05751f ("OvmfPkg: > introduce 4MB flash image (mainly) for Windows HCK", 2017-05-05). In light of Brian's suggestion, would you prefer having such a summary table both in the commit message /and/ in the OVMF source tree or just the latter? > (5) Modifying *only* "OvmfPkg/OvmfPkgX64.dsc" doesn't seem right, there > are other DSC files (platforms) in OvmfPkg that would benefit. Without > much thinking for now, I'd say the new options should be available in > each DSC (platform description), even the 32-bit ones. You're right. I'll update the rest of the DSC files with the changes in the next patchset version. > I'm extremely annoyed by the general trend that the firmware (the OS > under the OS) keeps growing. Because of that, Linuxboot is a fantastic > project. I'd like OVMF to support the development of Linuxboot. I > welcome this patch for that reason. > > But I'd also like OVMF to benefit from this change even when it is built > with a traditional -- and regrettably, ever-growing -- DXE phase. I > welcome this patch for that reason too. Thank you for your feedback. I'm joyed to hear of your support. I, too, think both Linuxboot and OVMF proper could benefit from this. Best, Devon Bautista --------------FAD4CBDEFACD221575EE70E2 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Laszlo,

I apologize for the delay. I've been heavily preoccupied in another work program I am involved in.

On 5/27/21 3:12 AM, Laszlo Ersek wrote:
On 05/26/21 19:08, Devon Bautista wrote:

Currently, the largest volume size for building OVMF images is 4MB. With
the growth of the Linuxboot project, maintainers have had to maintain a
fork containing this patch which allows larger image sizes in order for
Linuxboot developers/users to have enough space to experiment with
and test including their own Linux kernel in the DXE section of OVMF
firmware. Testing using OVMF is valuable since it allows testing in QEMU
and thus does not require any hardware to do so.

This patch allows specifying '-D FD_SIZE_8MB' or '-D FD_SIZE_16MB' to
the OVMF build script in order to add the ability to build 8MB or 16MB
x86_64 (X64) OVMF images, respectively.

Signed-off-by: Devon Bautista <dbautista@newmexicoconsortium.org>
---
 OvmfPkg/OvmfPkgDefines.fdf.inc | 34 ++++++++++++++++++++++++++++++++++
 OvmfPkg/OvmfPkgX64.dsc         | 10 +++++++++-
 OvmfPkg/VarStore.fdf.inc       | 16 ++++++++--------
 3 files changed, 51 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/OvmfPkgDefines.fdf.inc b/OvmfPkg/OvmfPkgDefines.fdf.inc
index 35fd454b97..da37758934 100644
--- a/OvmfPkg/OvmfPkgDefines.fdf.inc
+++ b/OvmfPkg/OvmfPkgDefines.fdf.inc
@@ -66,6 +66,40 @@ DEFINE SECFV_OFFSET      = 0x003CC000
 DEFINE SECFV_SIZE        = 0x34000
 !endif
 
+!if $(FD_SIZE_IN_KB) == 8192
+DEFINE VARS_SIZE         = 0x84000
+DEFINE VARS_BLOCKS       = 0x84
+DEFINE VARS_LIVE_SIZE    = 0x40000
+DEFINE VARS_SPARE_SIZE   = 0x42000
+
+DEFINE FW_BASE_ADDRESS   = 0xFF800000
+DEFINE FW_SIZE           = 0x00800000
+DEFINE FW_BLOCKS         = 0x800
+DEFINE CODE_BASE_ADDRESS = 0xFF884000
+DEFINE CODE_SIZE         = 0x0077C000
+DEFINE CODE_BLOCKS       = 0x77C
+DEFINE FVMAIN_SIZE       = 0x00748000
+DEFINE SECFV_OFFSET      = 0x007CC000
+DEFINE SECFV_SIZE        = 0x34000
+!endif
+
+!if $(FD_SIZE_IN_KB) == 16384
+DEFINE VARS_SIZE         = 0x84000
+DEFINE VARS_BLOCKS       = 0x84
+DEFINE VARS_LIVE_SIZE    = 0x40000
+DEFINE VARS_SPARE_SIZE   = 0x42000
+
+DEFINE FW_BASE_ADDRESS   = 0xFF000000
+DEFINE FW_SIZE           = 0x01000000
+DEFINE FW_BLOCKS         = 0x1000
+DEFINE CODE_BASE_ADDRESS = 0xFF084000
+DEFINE CODE_SIZE         = 0x00F7C000
+DEFINE CODE_BLOCKS       = 0xF7C
+DEFINE FVMAIN_SIZE       = 0x00F48000
+DEFINE SECFV_OFFSET      = 0x00FCC000
+DEFINE SECFV_SIZE        = 0x34000
+!endif
+
 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress     = $(FW_BASE_ADDRESS)
 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareFdSize    = $(FW_SIZE)
 SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize = $(BLOCK_SIZE)
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 999738dc39..28351e2f56 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -66,11 +66,19 @@
 !else
 !ifdef $(FD_SIZE_4MB)
   DEFINE FD_SIZE_IN_KB           = 4096
+!else
+!ifdef $(FD_SIZE_8MB)
+  DEFINE FD_SIZE_IN_KB           = 8192
+!else
+!ifdef $(FD_SIZE_16MB)
+  DEFINE FD_SIZE_IN_KB           = 16384
 !else
   DEFINE FD_SIZE_IN_KB           = 4096
 !endif
 !endif
 !endif
+!endif
+!endif
 
 [BuildOptions]
   GCC:RELEASE_*_*_CC_FLAGS             = -DMDEPKG_NDEBUG
@@ -501,7 +509,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
 !endif
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if $(FD_SIZE_IN_KB) == 4096 || $(FD_SIZE_IN_KB) == 8196 || $(FD_SIZE_IN_KB) == 16384
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
 !if $(NETWORK_TLS_ENABLE) == FALSE
diff --git a/OvmfPkg/VarStore.fdf.inc b/OvmfPkg/VarStore.fdf.inc
index a1e524e393..70db929478 100644
--- a/OvmfPkg/VarStore.fdf.inc
+++ b/OvmfPkg/VarStore.fdf.inc
@@ -11,7 +11,7 @@
 !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
 0x00000000|0x0000e000
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
 0x00000000|0x00040000
 !endif
 #NV_VARIABLE_STORE
@@ -29,7 +29,7 @@ DATA = {
   # FvLength: 0x20000
   0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
   # FvLength: 0x84000
   0x00, 0x40, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
 !endif
@@ -41,7 +41,7 @@ DATA = {
   # CheckSum
   0x19, 0xF9,
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
   # CheckSum
   0xAF, 0xB8,
 !endif
@@ -51,7 +51,7 @@ DATA = {
   # Blockmap[0]: 0x20 Blocks * 0x1000 Bytes / Block
   0x20, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
   # Blockmap[0]: 0x84 Blocks * 0x1000 Bytes / Block
   0x84, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
 !endif
@@ -70,7 +70,7 @@ DATA = {
   # This can speed up the Variable Dispatch a bit.
   0xB8, 0xDF, 0x00, 0x00,
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
   # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
   #          0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
   # This can speed up the Variable Dispatch a bit.
@@ -83,7 +83,7 @@ DATA = {
 !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
 0x0000e000|0x00001000
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
 0x00040000|0x00001000
 !endif
 #NV_EVENT_LOG
@@ -91,7 +91,7 @@ DATA = {
 !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
 0x0000f000|0x00001000
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
 0x00041000|0x00001000
 !endif
 #NV_FTW_WORKING
@@ -109,7 +109,7 @@ DATA = {
 !if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
 0x00010000|0x00010000
 !endif
-!if $(FD_SIZE_IN_KB) == 4096
+!if ($(FD_SIZE_IN_KB) == 4096) || ($(FD_SIZE_IN_KB) == 8192) || ($(FD_SIZE_IN_KB) == 16384)
 0x00042000|0x00042000
 !endif
 #NV_FTW_SPARE


I'm providing minimal feedback here just to get this review off my plate
as quickly as possible. Sorry, I'm collapsing under my TODO list.


(1) Every such change is compatibility breaking, so we *must* use the
opportunity at once to *significantly increase* the non-volatile
variable store size as well.

We need to discuss this question with OS vendors and hardware platform
vendors on this list, to see what physical flash sizes are expected in
the future, and we must add a good safety margin on top of that.

The primary concern is with the dbx variable growing without bounds over
time.

Once we introduce a new FD_SIZE_IN_KB option, we're stuck with its
varstore layout forever, so we'd better get it right and future-proof at
once.

Would you prefer to see a new patchset version addressing points (3) through (5) and adding the plaintext spreadsheet of the region offsets/sizes based on Brian's suggestion and discussing this point on that new thread? Or would you prefer a new discussion on the "discuss' list? Or use this thread?

I've already started on the next patchset version, but can wait on submitting for more discussion if desired. 

(2) [FD.MEMFD] should immediately benefit from this change, even if your
downstream populates FVMAIN_COMPACT with something else than PEIFV and
DXEFV. First, we're almost out of (uncompressed) DXEFV space again.
Second, especially the confidential computing technologies have been
gobbling up the nice, low, free space in FD.MEMFD the way a kid with a
sweet tooth empties a cookie jar. This change is already compat
breaking, so I'd like to see *some* proposal (separate patches) for
enlarging *and pushing up* PEIFV and DXEFV.
I suppose it would be sensible to work this out after this patchset gets finalized, but your input is greatly welcomed here. 
(3) Unfortunately, I have to agree that introducing *both* a 8MB option
*and* a 16MB option is justified, per QEMU commit 0657c657eb37
("hw/i386/pc: add max combined fw size as machine configuration option",
2020-12-09).

However, please add each option in a separate patch.
That makes sense for logical separation and atomic commits. Will do. 
(4) Dumping a bunch of magic numbers on reviewers is unhelpful. I'll
need to sit down with a calculator and go through the patch with a
magnifying glass. Please support that work by creating a commit message
(summary table) similar to the one in commit b24fca05751f ("OvmfPkg:
introduce 4MB flash image (mainly) for Windows HCK", 2017-05-05).
In light of Brian's suggestion, would you prefer having such a summary table both in the commit message and in the OVMF source tree or just the latter? 
(5) Modifying *only* "OvmfPkg/OvmfPkgX64.dsc" doesn't seem right, there
are other DSC files (platforms) in OvmfPkg that would benefit. Without
much thinking for now, I'd say the new options should be available in
each DSC (platform description), even the 32-bit ones.
You're right. I'll update the rest of the DSC files with the changes in the next patchset version. 
I'm extremely annoyed by the general trend that the firmware (the OS
under the OS) keeps growing. Because of that, Linuxboot is a fantastic
project. I'd like OVMF to support the development of Linuxboot. I
welcome this patch for that reason.

But I'd also like OVMF to benefit from this change even when it is built
with a traditional -- and regrettably, ever-growing -- DXE phase. I
welcome this patch for that reason too.

Thank you for your feedback. I'm joyed to hear of your support. I, too, think both Linuxboot and OVMF proper could benefit from this.

Best,
Devon Bautista


--------------FAD4CBDEFACD221575EE70E2--