From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.73]) by mx.groups.io with SMTP id smtpd.web09.4746.1626535113656131209 for ; Sat, 17 Jul 2021 08:18:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=4BaW2FPs; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.95.73, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z41BaVbFatwtYaN4HK+U0mxGbH4cTua1V3Y+98SrHTXvPZrc0p3bnu/ieBlZKD6++2qK0tkHhQdqXOpKtBwigQQA1JdNCmFix/w5OLUAx5DGTrTD6ySfvODBNaeaSd+FbWBdRX+0pGEiu3YHByPiarJIWgADN8A4ZP29H1Rm0akdredYxpPMyaxpES4l4LZ9vtG0IUXlf8Wg7NNXaeLjMT/r4GMfegys08Zr/D3oJ2+TYg/La+UXg5rnt/OHrcNiepY9zxjAmus9ni1OFKBy3kTduta2cfCFp9J0eI/0UCG26pClRvINtvR48qc6ZwjBwNGu5CTe5A7f5uARy1qMIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KzfiyW/tJ2xUBiSY8j+VHFGhiPkkuRRU/DPiUoixkTA=; b=emKc095djCkcXQn6aSLOtH0+XeosDDhXHEaHYBh8tHZxWDqFlAtMLuk2RECO2xRVESNWClEMWoTszeQ3jSSsWi/H+djapNjEC4Xg4tsL4iCP/sxpjLH63yavdctpg6ui2z2VJEmw2g9em1GIsbV/C5s9HG5Df1dihoQrGUJkurpr0IFLz3d9yB6P6k2472pyyEK5yVljiyyNYhb5PYAHWSmtsnW2QsYmdRVfx1fUe+hhALAq9x3lRdwjR1oNWAoNjOgiAyjA8JFW8OjBI+esDoCSzDk+MvCi5tODLfhChpv+P8H0AAq8EMx+7XBH11SiuqIT9zOtbh0j5yTBz7j16g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KzfiyW/tJ2xUBiSY8j+VHFGhiPkkuRRU/DPiUoixkTA=; b=4BaW2FPsAJhZbk6dXhEC1phyC3zctj+4NxqhQWr8eGAE8S57B4STFUq+a/ULx8LQA62D79+vRDGMRkEyXn8X0ezJaizRy0l8dwdFDuyNW6Utrl9vic+yNkDZUFHGDl06ECJUPbu0pzA9FvurImaNkBw7Dj8UUM9cxLpbrCEDlTg= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB4669.namprd12.prod.outlook.com (2603:10b6:805:7::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.24; Sat, 17 Jul 2021 15:18:31 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4331.024; Sat, 17 Jul 2021 15:18:30 +0000 Cc: brijesh.singh@amd.com, Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: Re: [PATCH v2 02/11] OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds To: Dov Murik , devel@edk2.groups.io References: <20210706085501.1260662-1-dovmurik@linux.ibm.com> <20210706085501.1260662-3-dovmurik@linux.ibm.com> From: "Brijesh Singh" Message-ID: Date: Sat, 17 Jul 2021 10:18:28 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 In-Reply-To: <20210706085501.1260662-3-dovmurik@linux.ibm.com> X-ClientProxiedBy: SN6PR16CA0046.namprd16.prod.outlook.com (2603:10b6:805:ca::23) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN6PR16CA0046.namprd16.prod.outlook.com (2603:10b6:805:ca::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22 via Frontend Transport; Sat, 17 Jul 2021 15:18:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 04b2b528-e0b9-48f1-2890-08d949362291 X-MS-TrafficTypeDiagnostic: SN6PR12MB4669: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2582; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VurTAYIV8odozmAWSaSdVyeXoypOmQzQdWNkK2ah25kHQ0jYXnhLh0VRjn2q12Go9MYZR0ErMrjBmOebOU+4A45CKarF2whepYKNZOZl0/v0M1XXP2Ynd0cC7q36plqnXBDG/dqY9xCTOjYDhPX6BoXlTzqBmFc/kjML7CL/LAE8CapiPzcucuDOB9SCRbDRlzdt1Zv9hBWteXUOLHqfOJjLglvqB80beNBG7d1hfJRd/Y2Lx2fNn7fQJDIeovESMpqER0+geHx7v9BviJEoPKtXIKyLR0RKmcTvR9HC7bxUD9NfVaUn2AL72HLEyDgHLJ05cDrxUhvGXMQORPMHmnRj8QOIPwbIQv5iMRQ+9Bc4eupR44thW62jmAUAYF4X8buDJ4VCRhfC8vtRlU/4PNgDWohxxIfpUmyr7DZunG7Jbju18UwxHem2U4YBP8nHoBKHy62Sp2LjZX39zHMFuzFhTdX9FhL/e2Tms1Zq4d+ElPcMPbYkfv2nGeZYIZvc2sH4rNHHDP6FgW2nBjsq/F18fZdKOe+1ylymQD7kX7o3BDb0Lyw4oy/c7rVO55eAWpZGwmH1M8k1HzUEf4FuxvcFPZ5LwHp9jTdiDX7Q8E6JNjHw4d3cj4LXLXSKWX1yK+4t/JAKS6CMX45bOqgQV6GyKPF74/Pvpu9Rk68uUPB8tVdJhs+HXhN1IrzMR9Ks/XXyVIrmmt+e1zJVTVd1AmsNLnHQDSL/uO+BjVyO160HIOc64aOZn9/YHyCmKS3teOTamhk/3PeN5NMOFluRldxOxe+4VmbkmciT36ypa06UGuW/HLTIVt96RaphYEcf/rqWqLTNtKcecJmC8V5r541aKTDbCPXcc0enCFSg3msbdPdx3VtXUdV188M3H806 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(376002)(39860400002)(346002)(136003)(366004)(83380400001)(38350700002)(38100700002)(6512007)(956004)(2616005)(44832011)(53546011)(52116002)(6506007)(2906002)(31696002)(26005)(186003)(36756003)(4744005)(66946007)(7416002)(316002)(6486002)(31686004)(86362001)(5660300002)(54906003)(66556008)(66476007)(8676002)(4326008)(478600001)(966005)(8936002)(213903007)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NFM1NVVMQW9OckUvUmJubUNVSGt5bjlBZGNBemQyUGxqRE9VSkpqT0N5d21N?= =?utf-8?B?SjA2WVNFODNxNnluVzhObFVoSDFSSzQ2YTd4OXd5MXVMbzAzSE5hSGs3K0tr?= =?utf-8?B?TkhkRWp4WktYRFFtRm5GdVJ6aElWYmd4TUZnR1RML1hyRFdXTGZ6bm4rSTJw?= =?utf-8?B?dXBRNGRneUpJM3JmWnRKcDFjbUZXTklGNjVjSXNIUndkT3JGSkNSYk1pWmFu?= =?utf-8?B?aTd6clFMRXFJdE5MSHVOb1BPT2lPcjdxNkdRWStKV0YvYWZqekVuZG1RYmZF?= =?utf-8?B?Z0YzN1Zla3NCNi9mYmJMOEd5a01jODZYN2JBZ1pQV0dVN3I0UEplV25oN2lH?= =?utf-8?B?RHZjekw3aHNjZ0dkb2s1Z2w5VkMxaUl1RVIyUHQxTmFmWXFHVEIxWk51OFRl?= =?utf-8?B?bFBQVFVHT3M5MHJUTWhteW5lN05MdjdKWWY1MmFZR3ZzQ2FwcjZrNFM3SWgv?= =?utf-8?B?R2dmbWFVV3NlSlZuS2wzUzY2ZnNZa1JMd0krR0hhcU1CN2ZONWdTeWxLSW1S?= =?utf-8?B?KzF5WWNUL2xOUS9WOStkK3RIei8xKzVSOUN0UmJpRmttbEIzY2FUNzhJMEFq?= =?utf-8?B?dzhNVmpEY2hmYXJPMEhpSDEzTSt2YmJYMkp2YWhlTWJUL2xBc1hsN0tjemF1?= =?utf-8?B?TmVwMWZhTzc3U1lOd1Z4L011ZzVyY0tNYnRnaHhhMGNkRmpuaFYzNXJuTUxX?= =?utf-8?B?VnhTeUViMU51TEhYVHIyNm9MajRucis0UnErVXZDalBnTUxIWHR2SmtmVXRx?= =?utf-8?B?LzJRTzF2SzVrVzd5V1NYYU5NempZdUJIWEV3TVQydlNjRFNvWndZNDZnTEIw?= =?utf-8?B?ZHdWUGwrZG5EeEludW14aU82M3B5VDdRNFJtTTJKRFB6aFp0eGJHRkt5cHVs?= =?utf-8?B?dDJrZWdqUWRvR2gzckMwWHcyaEtTejdJbnZlTHFvUWYxajZUblZ5eHpkaVUz?= =?utf-8?B?Z1ZqaFBCRHhSV1lSTmxqMnkwQTJGQlRISkF6dG9ZdWs2WDhZWmRrak9XV1gx?= =?utf-8?B?UWVXUTJ3bUJVNkFYYWlteVlWT056MDM0dmZ2SDhoMmVYRlErS2hPOHh0Rmx3?= =?utf-8?B?SVhodSt1RVF6YmJQb1V6SHhkM2ZkbW8rR0Ivek1QMlRaK0dHVm01THZLUVNQ?= =?utf-8?B?SjNlMFlWOE5ucGNNWjdRVys5NmpiQVlLaWlPSUpIY1VDMjdXNVZZcStYaTlL?= =?utf-8?B?ZWN2Ym8wUHVlNy9QbUVHd2dFREQwTUYvem16bVB1NEMxdXV0VUhWcnFMOWwx?= =?utf-8?B?ck80aGs5ZUdacXFXb1dEdlpaS0pNOWcyazRlL1pVTVVzbC9tVS9kSStvNFBZ?= =?utf-8?B?ZzZKMjNTN2kvdmVDb3diQ3hhYjRkV2wvQmpmMCtvVE8rcWRsTnA1UHJqWEFJ?= =?utf-8?B?SnZMWitDTTBURnF3MmJydjI4Um5PVHFpSUcwbEtKaGc5VW1HTWt4Sk4ySCtw?= =?utf-8?B?THNta0ZteXhXZU1JTElmMjdqMG00eFB4cFlmZ1N1SWlrSERRbFRXUkZjalg4?= =?utf-8?B?RE5IcVhwZWNIOUNId0FzeGR2NzlPWGk2M0Vqa2ZzNTlLWXlrdTZMNU5WNFVE?= =?utf-8?B?aGYxQ1pmVCthYUlVUXpoTDVLRFJvRTR4dURJTlFwaVI5SGR1aVUwMFNnQ1RX?= =?utf-8?B?VThZTHpGR2JxS0w1UFo4MDI3cy80ZDhSMEt0dDhRU1N0dkViMkwxSWtPM0FJ?= =?utf-8?B?ZmJkdnlEL1JueTY1bVpORHc2b1RNcmdWVTlKeHhRaFZpMU9aNVovcGE1dFRO?= =?utf-8?Q?G5vsyV1iC5t9fQjIiKugrGs15Jgg0sE1OIhDwU6?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 04b2b528-e0b9-48f1-2890-08d949362291 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2021 15:18:30.8115 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TBi8CuyOyL9K31ywYtwfIZWMRkFaq1SuXYaYQLQtIaAhbvM3/Pg9XJul+JqxEdeZi1FAL9+XKAEzwfC7BN5AbQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4669 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 7/6/21 3:54 AM, Dov Murik wrote: > Newer kernels support efistub and therefore don't need all the legacy > stuff in X86QemuLoadImageLib, which are harder to secure. Specifically > the verification of kernel/initrd/cmdlien blobs will be added only to > the GenericQemuLoadImageLib implementation, so use that for SEV builds. > > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Ashish Kalra > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > Signed-off-by: Dov Murik Reviewed-by: Brijesh Singh thanks