On 06/08/21 23:36, Tom Lendacky wrote: > On 6/8/21 3:49 AM, Laszlo Ersek wrote: >> On 06/07/21 15:37, Brijesh Singh wrote: >> >> > ... > >> ... But maybe I just need to accept that we have to repurpose >> SEC_SEV_ES_WORK_AREA, considering it a super-early "HOB list" of sorts. >> Same as the PEI phase is considered the "HOB producer phase", outputting >> a bunch of disparate bits of info, we could consider the SEV-ES parts of >> the Reset Vector such an "early info bits" producer phase. I think this >> is a very big conceptual step away from the original purpose of >> SEC_SEV_ES_WORK_AREA (note the *name* of the structure: "work area"! >> HOBs are not "work areas", they are effectively read-only, once >> produced). But perhaps this is what we need (and then with proper >> documentation). >> >> NB however that HOBs have types, GUIDed HOBs have GUIDs, the HOB types >> are specified in PI, and GUIDs are expressly declared to stand for >> various purposes at least in edk2 DEC files. All that helps with >> discerning the information flow. So... I'd still prefer keeping >> SEC_SEV_ES_WORK_AREA as minimal as possible. >> >> Tom, any comments? > > The purpose of the work area was originally two-fold. It is used in the > reset vector code to set the SevEsEnabled bit so that we could keep the > original behavior in SecCoreStartupWithStack() - no initialization of the > exception handlers or early enabling of processor cache. The second use is > for initial AP startup, where we had a known memory address at build time > that could be used to set the initial CS:IP of APs for the first boot. > > We expanded the use for the security mitigations, used by the reset vector > code and again in SEC. At the start of PEI, PCDs are then set. > > So, yes, if the information can be obtained later, and in this case we're > not talking about CPUID information which would need re-validation, then > there's no need to keep it in the work area and we can keep the size and > information stored in the work area to a minimum.
Thank you very much! Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76262): https://edk2.groups.io/g/devel/message/76262 Mute This Topic: https://groups.io/mt/83113765/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
