From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id DB14E78003C for ; Wed, 24 Apr 2024 23:21:40 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=dG2H9la5QnWEEkbg3T34BkcvI+ogtvMoY/mzKX/F5cI=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1714000899; v=1; b=p59JBdJZjgpBa2+c/mbkIIBb0kEmGWe8PRmnuvSi5lJKDq8hLfDHTo5YZrYhlif4sV31LqYL 4QCAkRbdtWd0KqWDH0y3tWhZWjPLeUuwWRTIpJgr7Wd74avcjJfoJIbuGu6MU5VN2vj9enV8NNY /AZayb/H2wczdytPgAYC43emIbzPp+JYD1qxOLYJdUctPKYd+YdA/lHQ0VFbaDOQB0WWyi/ee4i J4DKXrTxiIHVzuhYTKvA1z69wS3eo05eW5b2vRb8yXW6BIQS+HoHH6Q54MQIx3+adJUnfsxfjCU ZaShGZx1O9B7xBIHzh/FzQWX52B9A/QKyHO5Ayd4EomfA== X-Received: by 127.0.0.2 with SMTP id hmfBYY7687511xFfcIlRBfim; Wed, 24 Apr 2024 16:21:39 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.4071.1714000898407600780 for ; Wed, 24 Apr 2024 16:21:38 -0700 X-Received: from [10.6.0.181] (unknown [20.39.63.2]) by linux.microsoft.com (Postfix) with ESMTPSA id 1F5F4210DEBE; Wed, 24 Apr 2024 16:21:37 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1F5F4210DEBE Message-ID: Date: Wed, 24 Apr 2024 19:21:35 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests To: devel@edk2.groups.io, jiewen.yao@intel.com, "Kinney, Michael D" , Sean Brogan Cc: Gerd Hoffmann , Ard Biesheuvel , Oliver Steffen , Ard Biesheuvel , Srikanth Aithal References: <20240424060029.1330637-1-kraxel@redhat.com> From: "Michael Kubacki" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 24 Apr 2024 16:21:38 -0700 Resent-From: mikuback@linux.microsoft.com Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 0vLyzApXcB6gZkXuMHnEOUZTx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=p59JBdJZ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io That issue looks different in that CodeQL did not have a problem. You=20 can use the same PR, just rebase with master. It looks like that had an issue triggering pipelines from GitHub which=20 might be fixed be rerunning after the push. Thanks, Michael On 4/24/2024 7:08 PM, Yao, Jiewen wrote: > Ah, thank you Mike. >=20 > Should I close/re-open my PR? > Or should I keep waiting? >=20 > Thank you > Yao, Jiewen >=20 >> -----Original Message----- >> From: Kinney, Michael D >> Sent: Thursday, April 25, 2024 7:01 AM >> To: Yao, Jiewen ; devel@edk2.groups.io; Sean Broga= n >> ; Michael Kubacki >> >> Cc: Gerd Hoffmann ; Ard Biesheuvel ; >> Oliver Steffen ; Ard Biesheuvel >> ; Srikanth Aithal ; Kinney, >> Michael D >> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in >> confidential guests >> >> Hi Jiewen, >> >> Michael Kubacki has been working on a CI issue and a change is being mer= ged >> now. >> >> Mike >> >>> -----Original Message----- >>> From: Yao, Jiewen >>> Sent: Wednesday, April 24, 2024 3:57 PM >>> To: devel@edk2.groups.io; Kinney, Michael D >>> ; Sean Brogan >>> Cc: Gerd Hoffmann ; Ard Biesheuvel = ; >>> Oliver Steffen ; Ard Biesheuvel >>> ; Srikanth Aithal >>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in >>> confidential guests >>> >>> Hi Mike/Sean >>> Can someone look at the EDKII CI? >>> >>> My PR has been blocked for 9 hours - >>> https://github.com/tianocore/edk2/pull/5595. >>> >>> Thank you >>> Yao, Jiewen >>> >>> >>>> -----Original Message----- >>>> From: Ard Biesheuvel >>>> Sent: Thursday, April 25, 2024 1:05 AM >>>> To: Yao, Jiewen >>>> Cc: Gerd Hoffmann ; devel@edk2.groups.io; Oliver >>> Steffen >>>> ; Ard Biesheuvel ; >>> Srikanth >>>> Aithal >>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in >>>> confidential guests >>>> >>>> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen >>> wrote: >>>>> >>>>> Thanks Ard. >>>>> >>>>> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours >>> ago. >>>>> But it seems the CI stops working... >>>>> >>>> >>>> OK, I have dropped my PR. >>>> >>>> >>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: Ard Biesheuvel >>>>>> Sent: Thursday, April 25, 2024 12:27 AM >>>>>> To: Yao, Jiewen >>>>>> Cc: Gerd Hoffmann ; devel@edk2.groups.io; >>> Oliver >>>> Steffen >>>>>> ; Ard Biesheuvel ; >>>> Srikanth >>>>>> Aithal >>>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load >>> driver in >>>>>> confidential guests >>>>>> >>>>>> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen >>> wrote: >>>>>>> >>>>>>> Reviewed-by: Jiewen Yao >>>>>>> >>>>>> >>>>>> Thanks, I've queued this up. >>>>>> >>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Gerd Hoffmann >>>>>>>> Sent: Wednesday, April 24, 2024 2:00 PM >>>>>>>> To: devel@edk2.groups.io >>>>>>>> Cc: Oliver Steffen ; Gerd Hoffmann >>>>>>>> ; Ard Biesheuvel >>> ; Yao, >>>>>> Jiewen >>>>>>>> ; Srikanth Aithal >>>>>>>> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load >>> driver in >>>>>> confidential >>>>>>>> guests >>>>>>>> >>>>>>>> The VirtHstiDxe does not work in confidential guests. There >>> also isn't >>>>>>>> anything we can reasonably test, neither flash storage nor SMM >>> mode will >>>>>>>> be used in that case. So just skip driver load when running >>> in a >>>>>>>> confidential guest. >>>>>>>> >>>>>>>> Cc: Ard Biesheuvel >>>>>>>> Cc: Jiewen Yao >>>>>>>> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash >>> check") >>>>>>>> Signed-off-by: Gerd Hoffmann >>>>>>>> Tested-by: Srikanth Aithal >>>>>>>> --- >>>>>>>> OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + >>>>>>>> OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ >>>>>>>> 2 files changed, 7 insertions(+) >>>>>>>> >>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf >>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf >>>>>>>> index 9514933011e8..b5c237288766 100644 >>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf >>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf >>>>>>>> @@ -49,6 +49,7 @@ [FeaturePcd] >>>>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire >>>>>>>> >>>>>>>> [Pcd] >>>>>>>> + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr >>>>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase >>>>>>>> >>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase >>>>>>>> >>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c >>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c >>>>>>>> index b6e53a1219d1..efaff0d1f3cb 100644 >>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c >>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c >>>>>>>> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent >>>>>>>> #include >>>>>>>> #include >>>>>>>> #include >>>>>>>> +#include >>>>>>>> #include >>>>>>>> >>>>>>>> #include >>>>>>>> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( >>>>>>>> EFI_STATUS Status; >>>>>>>> EFI_EVENT Event; >>>>>>>> >>>>>>>> + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { >>>>>>>> + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", >>> __func__)); >>>>>>>> + return EFI_UNSUPPORTED; >>>>>>>> + } >>>>>>>> + >>>>>>>> DevId =3D VirtHstiGetHostBridgeDevId (); >>>>>>>> switch (DevId) { >>>>>>>> case INTEL_82441_DEVICE_ID: >>>>>>>> -- >>>>>>>> 2.44.0 >>>>>>> >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118240): https://edk2.groups.io/g/devel/message/118240 Mute This Topic: https://groups.io/mt/105705705/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-