From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.72]) by mx.groups.io with SMTP id smtpd.web11.1974.1676414646906100116 for ; Tue, 14 Feb 2023 14:44:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=ddNui3HP; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.72, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hWa4HIXhqd6EL2yk39oj8YObsMNHZVsf9tT4P3KxnszKMVMaShvnUjzof5vHiq7kSFvUFvkfJ50vEtbbd7V0YVBTrKoq964yrYSj4BNwEuAp8jeOQzOXmTCJPuFvaOgPPgc0uLfbeDB2YsgGlw+nYSTleWItyZHOQAvztS/gLrJTsiGKpfvOCYbKNyWK+hpZqdR/5mTdoDOg7QR1hKVVygbLK/CiLZ6HxIWEvmVVU0k9zqIYcz4M76w12qvTj1xL5N9mnaE6xEBVuURHEJ58bYrSsz6zSp1zWm+qf0U1UDnwS9CD7dxUaZq4mOpRlAJ+7FkW0XmRg6TOM2eatDDEew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B8ajTCJk8fGw2T+4NWNsQOAwUGNoSBpU2bhc5LF0o7s=; b=NYGowToI1C5NLN/rFdZY0mI2kt2/wqgGOK2tWLdbOHNXPLqwYiYVAskPfMyL7Fhwm4ccLFNvkaawDuUC1faAk9yNy0zO7syCwqZKOZi/FwzPOBD9hT4pRz0CFPqH2spyjYJDkdgxiqHuk5NkhYWJz0lSvmvxC00koUmxXIGwJsF24IHn4qPEItD9CLu9rW/uzk5zGidCxGdcdZsaDFQ6ljCfNCBaXb7vWCoylfCmsJcze6B+DheTIyjt7lOYmAywa6Z266po7RwOuz0asn1ENUv385+xM3UcUx5TfbOrQkkEKXBSF7741IAiUYzqqdE1Ho9Xr+w4rdNUm/9D5Z5dew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B8ajTCJk8fGw2T+4NWNsQOAwUGNoSBpU2bhc5LF0o7s=; b=ddNui3HPefwvDBOD/8sWEnErqlDMIhZKPgk3c+wye09d/6tH/IlLbGW9144G5d5hZ1OdKzDdINfl2U4ZVEbkb++zer3qFHKonBjAlMdY1MTMZRt+hOJEdt53Ic15XxgaIm6+4xdyD/W0yjTgbkYbQud1+n7cyRZdsnhb8RAudRA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DS0PR12MB7971.namprd12.prod.outlook.com (2603:10b6:8:14e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 22:44:05 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::6cc0:9c7a:bd00:441c]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::6cc0:9c7a:bd00:441c%4]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 22:44:05 +0000 Message-ID: Date: Tue, 14 Feb 2023 16:44:02 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Subject: Re: [edk2-devel] [PATCH v10 1/4] OvmfPkg: Add memory acceptance event in AmdSevDxe To: Dionna Amalie Glaze , Gerd Hoffmann Cc: "Gupta, Pankaj" , devel@edk2.groups.io, James Bottomley , Jiewen Yao , Ard Biesheuvel , "Min M. Xu" , Andrew Fish , "Michael D. Kinney" , Oliver Steffen References: <20230126005647.3019225-1-dionnaglaze@google.com> <20230126005647.3019225-2-dionnaglaze@google.com> <0d8f2b0b-1d62-3db6-34c9-e9ce39838bce@amd.com> <9ea61013-e2c1-30a4-3be7-feed537c035a@amd.com> <20230214091217.nrm5zmqyolawtn2b@sirius.home.kraxel.org> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: DM6PR01CA0001.prod.exchangelabs.com (2603:10b6:5:296::6) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DS0PR12MB7971:EE_ X-MS-Office365-Filtering-Correlation-Id: 24b28510-1b3f-4999-6695-08db0edcf9bf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: okSFTR/VclAkIiDDh5QDQ3lggWl7b5vAiqnZa/WyTw1JGBaw1c/Kh+1ain4X4nNNUwp3D+qZxpLmAXJgXNRuG1WVNCL1cDVoFbxkn/wd9y/BEXCYo04KElPuTffJU/fRVrDQf4oiw4tT0PO/7qLPANCl3o6pCGH3xKkCzzXQ7yD9UPk00X7v+7aLSgc6MfDyzIkONtB1+WIWwYOU91vIaSsERqJD+ZOVxjS0phg3sDuHrgguBXcaLCnRHz63qh0FB7h81TjrB+8GeiqC+6O1PymEnfQhLE5ietPGqVuibTtPNlw9afjQZq/bUibzRaO6q8l0DpkvvkdhDE5bEgn9ohOjZMnPpUyZB0eITaAJBS0kKgW7YcVMVfLURLAF7wHC66G9oJ0a7OvxHORpsuNEJNxUWO09lHCFdhtEXQ5Y0bk+izGyedyvCBX36AdvHz+o1XFpvw7z1AXAcCW5YpY74RoTJwxATf21atyqt0Vdhn7U4ARqu2YdeNpkL9BiP0t1ypCRgpN7tDSobXoDoRvuomi3CIz5lTqAMZb6dEfUVSLHCD7ibx6XVItR01S9ZIPRUoxjxK6eSR+GwEvVGDtdy8rlK/eLiriiGPtOv33NTw2psH0BGrYyxuqhxtM588VpGLsAzQ/C9PN8hVUbjdTiSgAiKroNxFgEhVCrLyigjIDGJNFzepAhU1nmmCAvCKX1e3bKSw4p0wBDOb7YMzNwPFB3/yGaSkgZ06yemnDp8FY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(136003)(39860400002)(346002)(396003)(376002)(366004)(451199018)(6666004)(26005)(86362001)(66899018)(6512007)(186003)(2906002)(31696002)(6506007)(31686004)(54906003)(316002)(4326008)(66946007)(66476007)(8676002)(66556008)(41300700001)(110136005)(53546011)(5660300002)(478600001)(36756003)(6486002)(7416002)(8936002)(38100700002)(2616005)(83380400001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SnJTc0t4T0U2YkVCSzFWZWY2cTljdTB3c0JFcS8wWnZ4bkdxbFQwUUNSeFpQ?= =?utf-8?B?alVLZHNiR3JBaXZvbGlCblFqQ2J1a3pReERUS0Rjak5GNGVmdVBIN3JyNGps?= =?utf-8?B?RXVaNVg5YzFXV3VrY3lSbm5tdllvVFFKaGl1TGVHSVQ2aGdQL3BvYjBWNEdC?= =?utf-8?B?Rm9CTzJDTmhJRTdsRllYM0JTcTgvMkNZak5sc0NWeHRYSWZxMWN1NjFEUVFk?= =?utf-8?B?R0pHR1JLa1Nmd3FlZkZVNVFxTGxzanNYTjM2YTY4T1lMQy9hQ0VROW1wbE5W?= =?utf-8?B?VnZJVDhwZWlhMjc2LzRZSkUrcjcyMVVRaldkbS9HQ29UMWNqVlZ2L0NyTkVi?= =?utf-8?B?RVJTU2VKMEl3U1orUDE2L0owcXR3UGNGL2RLbG5JVi9YK05XQWJrNTVJT29D?= =?utf-8?B?RXJsVTRLVkhxbHc0cGNFTlU3eElZVEh2SzV2TVRnTXJRd0xyaWJhRXFoVXJa?= =?utf-8?B?ZWtKWGdTMzcxdmRhaGtJN0NMZEk3NHdwZDFEY2VIL3hOaTlRRnZwZ1k5clVN?= =?utf-8?B?dy9aUmlKYWN5YnlvZ1hjR2lJa2J5elFzVW1TOHJ6bFZ0REdCWkVlV1lyZkN6?= =?utf-8?B?ZHExQkV2cW0xZE1Xb09tZ29DSnc4VkJlbW1BMEtyYTN6UXJ5MVR0ZmUxdGtN?= =?utf-8?B?b1FaVXRCbFBTSTdueHlleHdVWmwwRmwyT0F0ZGpsOUJtUHo1T1FrcDBFYjh0?= =?utf-8?B?R29WaVh4Sk05VDFNVVNXc1lJU01aNWs1NEljc3piRE9wbG8vbm55VkpwL21N?= =?utf-8?B?UGt4Tnd6cEUvSUtjQldxd3JkQjc0MDY1WllLOEJac0NSU0szVE5zSFJzcU5n?= =?utf-8?B?TTdDUkMwcWdvOGwvUVBUZm1XWTMweUVHclFQVlFNL3lFZng1T3NXZnM1Z0ti?= =?utf-8?B?VEJpTXpUM1AwalQxMHYxbFRFcmc0VE8wRGJMTTFlYWRxT2RXTXFVMENjc0Y0?= =?utf-8?B?L2R0YTFIalUzL0dvU2MrWDc3MUtockVVVkVQcnBGaXpVbGhiUTdBZmh6MjRF?= =?utf-8?B?WnBMTmJmeXdFd2U0ckpHWm9CczJXUk5oYXVFUlRqNFUyQkF5MVhtcXErMWYr?= =?utf-8?B?UU1FK1Y2OUs4T3pjQWQwWHE2TjllRmJGblY4bnpJZ0FpS3RZTG01ZGpPaHFo?= =?utf-8?B?bndJS2doK1djQXVjSHNlM3NRSndpdWE5bFF0cHo4VjRiSytQaGV0MVpGR1Yy?= =?utf-8?B?Nm5TN20rR2JNZytuRE9UdEFENXdaR2puSks0azdYTlMzVExGTEw3QXVqR1lV?= =?utf-8?B?VmN4QkMwZ0RqMmt5ODEzYVJFTHBONzlPaUdmRGYvS0pDK21UdCtUVkF5VkFI?= =?utf-8?B?cWNORFByajRENkVuV1NGQ3ByeWE4M1o3WlRLbUtqTkF2M2pBekIrdTZxR3pD?= =?utf-8?B?bStlK2pZTy9xN3p3Tlh6VVllbkxVU3FOYTF6Nlh4UzY3UlhxdGpPQkowdFdB?= =?utf-8?B?bjExV1N6c0pLZlZQMDBhTllibkl6b1NpUktKK25ONE54Rjd2SnlxRW9GZEZL?= =?utf-8?B?emlnbHVOTTlFWGNrek9PRXVtYWVYRGpOMUoxcHVtTW9JQnVHbXEwck9PU1NZ?= =?utf-8?B?R2ZHODNRNDkycHNPYWlYbGswQmZtZm9VcFRPNVkvcmw1SXdNOGxhTDRUdTE3?= =?utf-8?B?USsvRnhRMW9tazlSbnJKaWl0ZjBWUEEzNVZZZXJzQnU1QXB0MGRMTDkrMUZJ?= =?utf-8?B?UjhpcG54K1dBTkUxL3ZHOHoxa3ZwRXNqb0J4a3ZDdmNxTEdiZmZyOGhkWjR3?= =?utf-8?B?TzFONDU5YVJYUXlodzFkU1JLQmtack9SR2ZkRWMzdURxbFh0OGF3L1RsZDNV?= =?utf-8?B?RERGR3VLaFhZRXhmOE9XUXRDRmNjaUtXNzdQcHJIN0RPS1d0UXdaWFhGeE5a?= =?utf-8?B?QWtMayt3Y1VDY1JHYUM1ajR5M21OdkdSMmhZcXZKQzhEK2k2cXlyTU9VNU81?= =?utf-8?B?TTNxR3hXbjllUnh0OEg3UitFdXduU1p4WkM0RUZFSmRWM3FnVTdhUEZHUGVi?= =?utf-8?B?MDZ3R05YelBOMnAzMXZ0V2EwS3dNck90ZHVhWmJ0NTQ2Y0dQd21lZ2tva3Bz?= =?utf-8?B?RHkrTVNPMUVYNk5tckJSZENWTXVUN3F0eDdLUkRsVkl2WHZJNzZ1cmFOVDFw?= =?utf-8?Q?NXkm64RjH2Qz+bHczbx+TTJXx?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24b28510-1b3f-4999-6695-08db0edcf9bf X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2023 22:44:05.0752 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HCIy7CaLClVrxf4/+tBvUiIDV7ji73A13BMAGv+nImwbH0HjhEdSljHa0C0Zzzx4YA/Nfu3pGKovSYgseb51Mg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7971 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2/14/23 11:28, Dionna Amalie Glaze wrote: >> >> Do you have any pointers on the IVARS service? Documentation, guest >> code, host code? >> > > Agh, I thought for sure there was a public API for VM owners to view > or change their UEFI variables, but I guess not. It's an > instance-specific small data store for nonvolatile memory like vTPM > and UEFI variables. It appears you can only set the variables through > cloud API at instance creation time. But this is how instances can be > shut down and brought back up on different machines and/or live > migrate to other machines and still have access to UEFI variables' > current values. Host code is all in Google's proprietary VMM, > Vanadium, but the device backend is really rather simple. The data > store service though, that's a matter of Cloud Scale Engineering. > >> Background: When moving to a SVSM-based setup where the svsm (with >> vtpm emulation) runs in vmpl0 and the edk2 firmware in vmpl1 we might >> likewise add a efi variable service to the svsm. >> > > I thought EFI variables in Qemu were loaded and measured at launch > (OVMF_VARS.fd). If you want the current values of all uefi variables The variables are not encrypted and not measured at launch because they need to be modified and stored on the host side. You can choose to use a single vars/code file, which keeps the variables in memory, but you then lose any changes made to them upon VM termination. Thanks, Tom > in your SVSM attestation report, I think it's probably better to use > the EFI_CC_MEASUREMENT_PROTOCOL, right? Or is it specifically going to > be an SVSM service that attests itself with current stored variables, > or at least variables that are considered important enough to measure? > > In any case, persistence in The Cloud (TM) remains a challenge in the > CC space. Discussion about what we should do about that should remain > on the coco mailing list. IVARS encrypts data with Google-managed > keys, so it wouldn't be directly applicable to SVSM NVRAM. > >> If something usable already exists we don't need to reinvent the wheel. >> > > Don't have to tell me twice. In the spirit of OSS collaboration and > product integrity, I think any CC offering's firmware should be public > and verifiably built. I'll keep pushing for that. > >> thanks & take care, >> Gerd >> > >