Hi James
"However, this ran into problems when it was decided AmdSev shouldn't have it's
own Library."
I am not clear on the history. Would you please clarify why AmdSev should not
have its own library?
It looks not reasonable to me. AmdSev is just a feature. A feature may have its
own library. We have enough examples.
Also, the instance name "Grub" is very confusing. I compared
PlatformBootManagerLib and PlatformBootManagerLibGrub. This is just a
customized PlatformBootManagerLib.
For example, XEN feature removing and PIIX4 difference has nothing to do with
Grub...
=================
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x60), 0x0b); // A
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x61), 0x0b); // B
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x62), 0x0a); // C
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x63), 0x0a); // D
=================
It is a big misleading. Can we move the PlatformBootManagerLibGrub To AmdSev
now?
> -----Original Message-----
> From: James Bottomley <j...@linux.ibm.com>
> Sent: Monday, July 26, 2021 5:10 AM
> To: devel@edk2.groups.io; dovmu...@linux.ibm.com; Yao, Jiewen
> <jiewen....@intel.com>
> Cc: Tobin Feldman-Fitzthum <to...@linux.ibm.com>; Tobin Feldman-Fitzthum
> <to...@ibm.com>; Jim Cadden <jcad...@ibm.com>; Hubertus Franke
> <fran...@us.ibm.com>; Ard Biesheuvel <ardb+tianoc...@kernel.org>; Justen,
> Jordan L <jordan.l.jus...@intel.com>; Ashish Kalra <ashish.ka...@amd.com>;
> Brijesh Singh <brijesh.si...@amd.com>; Erdem Aktas
> <erdemak...@google.com>; Xu, Min M <min.m...@intel.com>; Tom Lendacky
> <thomas.lenda...@amd.com>; Leif Lindholm <l...@nuviainc.com>; Sami
> Mujawar <sami.muja...@arm.com>
> Subject: Re: [edk2-devel] [PATCH v4 00/11] Measured SEV boot with
> kernel/initrd/cmdline
>
> On Sun, 2021-07-25 at 10:52 +0300, Dov Murik wrote:
> > And I do have one question:
> > > May I know what is criteria to put a SEV module to OvmfPkg\AmdSev
> > > or OvmfPkg directly?
> > >
> > > My original understanding is:
> > > If a module is required by OvmfPkg{Ia32,Ia32X64,X64}.{dsc,fdf},
> > > then it should be OvmfPkg.
> > > If a module is only required by OvmfPkg\AmdSev\AmdSevX64.{dsc,fdf},
> > > Then it should be in OvmfPkg\AmdSev.
> > >
> > > Am I right?
> > >
> >
> > I actually don't know the criteria. What you say sounds reasonable.
> > I'll also let James (who introduced the AmdSevX64 target) say what he
> > thinks.
>
> The original reason for the AmdSev package was actually for
> attestation: The only way to get attested boot using a standard VM
> image for SEV and SEV-ES was to pull grub inside the measurement
> envelope and have a stripped down hard failing boot path, so if the key
> didn't decode the encrypted boot volume for some reason, the whole
> thing would fail without revealing the injected secret. This stripped
> down hard failing boot path is much easier to construct as a separate
> target.
>
> Essentially that means that lots of SEV exists outside the AmdSev
> directory and things should only be in it if they're either modified to
> support the encrypted volume boot path or are only required by it.
> However, this ran into problems when it was decided AmdSev shouldn't
> have it's own Library, so the modified boot path now lives in
> OvmfPkg/Library/PlatformBootManagerLibGrub, so now it's unclear even to
> me what the criteria are.
>
> James
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78161): https://edk2.groups.io/g/devel/message/78161
Mute This Topic: https://groups.io/mt/84375116/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
