Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io, jiewen.yao@intel.com, "Kinney,
	Michael D" <michael.d.kinney@intel.com>,
	Sean Brogan <sean.brogan@microsoft.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	Oliver Steffen <osteffen@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Srikanth Aithal <sraithal@amd.com>
Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
Date: Wed, 24 Apr 2024 19:21:35 -0400	[thread overview]
Message-ID: <e6cf8253-defa-44ac-b408-bae0be841fa3@linux.microsoft.com> (raw)
In-Reply-To: <MW4PR11MB58721B0D982D5C3EACD1FC258C102@MW4PR11MB5872.namprd11.prod.outlook.com>

That issue looks different in that CodeQL did not have a problem. You 
can use the same PR, just rebase with master.

It looks like that had an issue triggering pipelines from GitHub which 
might be fixed be rerunning after the push.

Thanks,
Michael

On 4/24/2024 7:08 PM, Yao, Jiewen wrote:
> Ah, thank you Mike.
> 
> Should I close/re-open my PR?
> Or should I keep waiting?
> 
> Thank you
> Yao, Jiewen
> 
>> -----Original Message-----
>> From: Kinney, Michael D <michael.d.kinney@intel.com>
>> Sent: Thursday, April 25, 2024 7:01 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Sean Brogan
>> <sean.brogan@microsoft.com>; Michael Kubacki
>> <mikuback@linux.microsoft.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>; Kinney,
>> Michael D <michael.d.kinney@intel.com>
>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>> confidential guests
>>
>> Hi Jiewen,
>>
>> Michael Kubacki has been working on a CI issue and a change is being merged
>> now.
>>
>> Mike
>>
>>> -----Original Message-----
>>> From: Yao, Jiewen <jiewen.yao@intel.com>
>>> Sent: Wednesday, April 24, 2024 3:57 PM
>>> To: devel@edk2.groups.io; Kinney, Michael D
>>> <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
>>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
>>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
>>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>>> confidential guests
>>>
>>> Hi Mike/Sean
>>> Can someone look at the EDKII CI?
>>>
>>> My PR has been blocked for 9 hours -
>>> https://github.com/tianocore/edk2/pull/5595.
>>>
>>> Thank you
>>> Yao, Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>> Sent: Thursday, April 25, 2024 1:05 AM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
>>> Steffen
>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>> Srikanth
>>>> Aithal <sraithal@amd.com>
>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>>>> confidential guests
>>>>
>>>> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
>>> wrote:
>>>>>
>>>>> Thanks Ard.
>>>>>
>>>>> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
>>> ago.
>>>>> But it seems the CI stops working...
>>>>>
>>>>
>>>> OK, I have dropped my PR.
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>>>> Sent: Thursday, April 25, 2024 12:27 AM
>>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
>>>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
>>> Oliver
>>>> Steffen
>>>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Srikanth
>>>>>> Aithal <sraithal@amd.com>
>>>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
>>> driver in
>>>>>> confidential guests
>>>>>>
>>>>>> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
>>> wrote:
>>>>>>>
>>>>>>> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>>>>>>>
>>>>>>
>>>>>> Thanks, I've queued this up.
>>>>>>
>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Gerd Hoffmann <kraxel@redhat.com>
>>>>>>>> Sent: Wednesday, April 24, 2024 2:00 PM
>>>>>>>> To: devel@edk2.groups.io
>>>>>>>> Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
>>>>>>>> <kraxel@redhat.com>; Ard Biesheuvel
>>> <ardb+tianocore@kernel.org>; Yao,
>>>>>> Jiewen
>>>>>>>> <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
>>>>>>>> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
>>> driver in
>>>>>> confidential
>>>>>>>> guests
>>>>>>>>
>>>>>>>> The VirtHstiDxe does not work in confidential guests.  There
>>> also isn't
>>>>>>>> anything we can reasonably test, neither flash storage nor SMM
>>> mode will
>>>>>>>> be used in that case.  So just skip driver load when running
>>> in a
>>>>>>>> confidential guest.
>>>>>>>>
>>>>>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>>>>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>>>>>>> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
>>> check")
>>>>>>>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>>>>>>>> Tested-by: Srikanth Aithal <sraithal@amd.com>
>>>>>>>> ---
>>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
>>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
>>>>>>>>   2 files changed, 7 insertions(+)
>>>>>>>>
>>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> index 9514933011e8..b5c237288766 100644
>>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> @@ -49,6 +49,7 @@ [FeaturePcd]
>>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
>>>>>>>>
>>>>>>>>   [Pcd]
>>>>>>>> +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
>>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
>>>>>>>>
>>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
>>>>>>>>
>>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> index b6e53a1219d1..efaff0d1f3cb 100644
>>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>>>   #include <Library/MemoryAllocationLib.h>
>>>>>>>>   #include <Library/UefiBootServicesTableLib.h>
>>>>>>>>   #include <Library/UefiLib.h>
>>>>>>>> +#include <Library/PcdLib.h>
>>>>>>>>   #include <Library/PlatformInitLib.h>
>>>>>>>>
>>>>>>>>   #include <IndustryStandard/Hsti.h>
>>>>>>>> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
>>>>>>>>     EFI_STATUS                           Status;
>>>>>>>>     EFI_EVENT                            Event;
>>>>>>>>
>>>>>>>> +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
>>>>>>>> +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
>>> __func__));
>>>>>>>> +    return EFI_UNSUPPORTED;
>>>>>>>> +  }
>>>>>>>> +
>>>>>>>>     DevId = VirtHstiGetHostBridgeDevId ();
>>>>>>>>     switch (DevId) {
>>>>>>>>       case INTEL_82441_DEVICE_ID:
>>>>>>>> --
>>>>>>>> 2.44.0
>>>>>>>
> 
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118240): https://edk2.groups.io/g/devel/message/118240
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2024-04-24 23:21 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-24  6:00 [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Gerd Hoffmann
2024-04-24  6:45 ` Yao, Jiewen
2024-04-24 16:26   ` Ard Biesheuvel
2024-04-24 16:36     ` Yao, Jiewen
2024-04-24 17:05       ` Ard Biesheuvel
2024-04-24 22:56         ` Yao, Jiewen
2024-04-24 23:01           ` Michael D Kinney
2024-04-24 23:08             ` Yao, Jiewen
2024-04-24 23:21               ` Michael Kubacki [this message]
2024-04-25  2:37                 ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e6cf8253-defa-44ac-b408-bae0be841fa3@linux.microsoft.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox