From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118240+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id DB14E78003C
	for <rebecca@openfw.io>; Wed, 24 Apr 2024 23:21:40 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=dG2H9la5QnWEEkbg3T34BkcvI+ogtvMoY/mzKX/F5cI=;
 c=relaxed/simple; d=groups.io;
 h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1714000899; v=1;
 b=p59JBdJZjgpBa2+c/mbkIIBb0kEmGWe8PRmnuvSi5lJKDq8hLfDHTo5YZrYhlif4sV31LqYL
 4QCAkRbdtWd0KqWDH0y3tWhZWjPLeUuwWRTIpJgr7Wd74avcjJfoJIbuGu6MU5VN2vj9enV8NNY
 /AZayb/H2wczdytPgAYC43emIbzPp+JYD1qxOLYJdUctPKYd+YdA/lHQ0VFbaDOQB0WWyi/ee4i
 J4DKXrTxiIHVzuhYTKvA1z69wS3eo05eW5b2vRb8yXW6BIQS+HoHH6Q54MQIx3+adJUnfsxfjCU
 ZaShGZx1O9B7xBIHzh/FzQWX52B9A/QKyHO5Ayd4EomfA==
X-Received: by 127.0.0.2 with SMTP id hmfBYY7687511xFfcIlRBfim; Wed, 24 Apr 2024 16:21:39 -0700
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web11.4071.1714000898407600780
 for <devel@edk2.groups.io>;
 Wed, 24 Apr 2024 16:21:38 -0700
X-Received: from [10.6.0.181] (unknown [20.39.63.2])
	by linux.microsoft.com (Postfix) with ESMTPSA id 1F5F4210DEBE;
	Wed, 24 Apr 2024 16:21:37 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1F5F4210DEBE
Message-ID: <e6cf8253-defa-44ac-b408-bae0be841fa3@linux.microsoft.com>
Date: Wed, 24 Apr 2024 19:21:35 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
To: devel@edk2.groups.io, jiewen.yao@intel.com,
 "Kinney, Michael D" <michael.d.kinney@intel.com>,
 Sean Brogan <sean.brogan@microsoft.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>, Ard Biesheuvel <ardb@kernel.org>,
 Oliver Steffen <osteffen@redhat.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Srikanth Aithal <sraithal@amd.com>
References: <20240424060029.1330637-1-kraxel@redhat.com>
 <MW4PR11MB58724B9407C72B823050988C8C102@MW4PR11MB5872.namprd11.prod.outlook.com>
 <CAMj1kXG1wv7eiKSN0DxjeboBFYO6H2F0P0G5F6MffOBz3WCsZA@mail.gmail.com>
 <MW4PR11MB58721C3EFB1C81976A6C0EDB8C102@MW4PR11MB5872.namprd11.prod.outlook.com>
 <CAMj1kXFC-tGf6ranAi2e_vEzdYB4A+8-t9gT-D-65C-jP_cRnA@mail.gmail.com>
 <MW4PR11MB5872E789A146739D9E98D0608C102@MW4PR11MB5872.namprd11.prod.outlook.com>
 <CO1PR11MB4929CDCE0256454B9383E12FD2102@CO1PR11MB4929.namprd11.prod.outlook.com>
 <MW4PR11MB58721B0D982D5C3EACD1FC258C102@MW4PR11MB5872.namprd11.prod.outlook.com>
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
In-Reply-To: <MW4PR11MB58721B0D982D5C3EACD1FC258C102@MW4PR11MB5872.namprd11.prod.outlook.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 24 Apr 2024 16:21:38 -0700
Resent-From: mikuback@linux.microsoft.com
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: 0vLyzApXcB6gZkXuMHnEOUZTx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=p59JBdJZ;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

That issue looks different in that CodeQL did not have a problem. You=20
can use the same PR, just rebase with master.

It looks like that had an issue triggering pipelines from GitHub which=20
might be fixed be rerunning after the push.

Thanks,
Michael

On 4/24/2024 7:08 PM, Yao, Jiewen wrote:
> Ah, thank you Mike.
>=20
> Should I close/re-open my PR?
> Or should I keep waiting?
>=20
> Thank you
> Yao, Jiewen
>=20
>> -----Original Message-----
>> From: Kinney, Michael D <michael.d.kinney@intel.com>
>> Sent: Thursday, April 25, 2024 7:01 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Sean Broga=
n
>> <sean.brogan@microsoft.com>; Michael Kubacki
>> <mikuback@linux.microsoft.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>;
>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>; Kinney,
>> Michael D <michael.d.kinney@intel.com>
>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>> confidential guests
>>
>> Hi Jiewen,
>>
>> Michael Kubacki has been working on a CI issue and a change is being mer=
ged
>> now.
>>
>> Mike
>>
>>> -----Original Message-----
>>> From: Yao, Jiewen <jiewen.yao@intel.com>
>>> Sent: Wednesday, April 24, 2024 3:57 PM
>>> To: devel@edk2.groups.io; Kinney, Michael D
>>> <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>
>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; Ard Biesheuvel <ardb@kernel.org>=
;
>>> Oliver Steffen <osteffen@redhat.com>; Ard Biesheuvel
>>> <ardb+tianocore@kernel.org>; Srikanth Aithal <sraithal@amd.com>
>>> Subject: RE: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>>> confidential guests
>>>
>>> Hi Mike/Sean
>>> Can someone look at the EDKII CI?
>>>
>>> My PR has been blocked for 9 hours -
>>> https://github.com/tianocore/edk2/pull/5595.
>>>
>>> Thank you
>>> Yao, Jiewen
>>>
>>>
>>>> -----Original Message-----
>>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>> Sent: Thursday, April 25, 2024 1:05 AM
>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io; Oliver
>>> Steffen
>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>> Srikanth
>>>> Aithal <sraithal@amd.com>
>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in
>>>> confidential guests
>>>>
>>>> On Wed, 24 Apr 2024 at 18:36, Yao, Jiewen <jiewen.yao@intel.com>
>>> wrote:
>>>>>
>>>>> Thanks Ard.
>>>>>
>>>>> I have submitted https://github.com/tianocore/edk2/pull/5595 3 hours
>>> ago.
>>>>> But it seems the CI stops working...
>>>>>
>>>>
>>>> OK, I have dropped my PR.
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>>>> Sent: Thursday, April 25, 2024 12:27 AM
>>>>>> To: Yao, Jiewen <jiewen.yao@intel.com>
>>>>>> Cc: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io;
>>> Oliver
>>>> Steffen
>>>>>> <osteffen@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>>> Srikanth
>>>>>> Aithal <sraithal@amd.com>
>>>>>> Subject: Re: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
>>> driver in
>>>>>> confidential guests
>>>>>>
>>>>>> On Wed, 24 Apr 2024 at 08:45, Yao, Jiewen <jiewen.yao@intel.com>
>>> wrote:
>>>>>>>
>>>>>>> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>>>>>>>
>>>>>>
>>>>>> Thanks, I've queued this up.
>>>>>>
>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Gerd Hoffmann <kraxel@redhat.com>
>>>>>>>> Sent: Wednesday, April 24, 2024 2:00 PM
>>>>>>>> To: devel@edk2.groups.io
>>>>>>>> Cc: Oliver Steffen <osteffen@redhat.com>; Gerd Hoffmann
>>>>>>>> <kraxel@redhat.com>; Ard Biesheuvel
>>> <ardb+tianocore@kernel.org>; Yao,
>>>>>> Jiewen
>>>>>>>> <jiewen.yao@intel.com>; Srikanth Aithal <sraithal@amd.com>
>>>>>>>> Subject: [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load
>>> driver in
>>>>>> confidential
>>>>>>>> guests
>>>>>>>>
>>>>>>>> The VirtHstiDxe does not work in confidential guests.  There
>>> also isn't
>>>>>>>> anything we can reasonably test, neither flash storage nor SMM
>>> mode will
>>>>>>>> be used in that case.  So just skip driver load when running
>>> in a
>>>>>>>> confidential guest.
>>>>>>>>
>>>>>>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>>>>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>>>>>>> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash
>>> check")
>>>>>>>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>>>>>>>> Tested-by: Srikanth Aithal <sraithal@amd.com>
>>>>>>>> ---
>>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 +
>>>>>>>>   OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 6 ++++++
>>>>>>>>   2 files changed, 7 insertions(+)
>>>>>>>>
>>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> index 9514933011e8..b5c237288766 100644
>>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>>>>>>>> @@ -49,6 +49,7 @@ [FeaturePcd]
>>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
>>>>>>>>
>>>>>>>>   [Pcd]
>>>>>>>> +  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
>>>>>>>>     gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
>>>>>>>>
>>> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
>>>>>>>>
>>>>>>>> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> index b6e53a1219d1..efaff0d1f3cb 100644
>>>>>>>> --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
>>>>>>>> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>>>   #include <Library/MemoryAllocationLib.h>
>>>>>>>>   #include <Library/UefiBootServicesTableLib.h>
>>>>>>>>   #include <Library/UefiLib.h>
>>>>>>>> +#include <Library/PcdLib.h>
>>>>>>>>   #include <Library/PlatformInitLib.h>
>>>>>>>>
>>>>>>>>   #include <IndustryStandard/Hsti.h>
>>>>>>>> @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
>>>>>>>>     EFI_STATUS                           Status;
>>>>>>>>     EFI_EVENT                            Event;
>>>>>>>>
>>>>>>>> +  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
>>>>>>>> +    DEBUG ((DEBUG_INFO, "%a: confidential guest\n",
>>> __func__));
>>>>>>>> +    return EFI_UNSUPPORTED;
>>>>>>>> +  }
>>>>>>>> +
>>>>>>>>     DevId =3D VirtHstiGetHostBridgeDevId ();
>>>>>>>>     switch (DevId) {
>>>>>>>>       case INTEL_82441_DEVICE_ID:
>>>>>>>> --
>>>>>>>> 2.44.0
>>>>>>>
>=20
>=20
>=20
>=20


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118240): https://edk2.groups.io/g/devel/message/118240
Mute This Topic: https://groups.io/mt/105705705/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-