On Mon, 2021-07-26 at 00:55 +0000, Yao, Jiewen wrote: > Hi James > "However, this ran into problems when it was decided AmdSev shouldn't > have it's own Library." > > I am not clear on the history. Would you please clarify why AmdSev > should not have its own library?
The history predates me. It was already done for the Bhyve package which also has a modified PlatformBootManagerLib when I came along with this. However, only having Library in the top level package seems to be a common edk2 pattern if you run a find. > It looks not reasonable to me. AmdSev is just a feature. A feature > may have its own library. We have enough examples. We do? Running find . -name Library -print only turns up ./FmpDevicePkg/Test/UnitTest/Library As not following the top level package only pattern. > Also, the instance name "Grub" is very confusing. I compared > PlatformBootManagerLib and PlatformBootManagerLibGrub. This is just a > customized PlatformBootManagerLib. It's called Grub because it places Grub in the Fv for combined pre- attestation. Either SEV or TDX could use this (Although TDX looks likely not to want to). > For example, XEN feature removing and PIIX4 difference has nothing to > do with Grub... > ================= > PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x60), 0x0b); // A > PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x61), 0x0b); // B > PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x62), 0x0a); // C > PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x63), 0x0a); // D > ================= It's part of the boot path stripping to make sure there's a hard failure if Grub fails to execute. There's a Bugzilla requiring more of this because a grub only booting platform library needs fewer extraneous things which could constitute an attack surface for the injected secret. > It is a big misleading. Can we move the PlatformBootManagerLibGrub To > AmdSev now? I think you probably want to ask around older edk2 package maintainers and see if there's any reason for this pattern, which seems to be strongly enforced. If no-one can remember, then likely it can be broken. James -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78175): https://edk2.groups.io/g/devel/message/78175 Mute This Topic: https://groups.io/mt/84375116/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
