Hi, > During the guest creation time, the VMM encrypts the OVMF_CODE.fd using > the SEV-SNP firmware provided LAUNCH_UPDATE_DATA command. In addition to > encrypting the content, the command also validates the memory region. > This allows us to execute the code without going through the validation > sequence.
Hmm, tdx must handle this too. > + > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart|0x0|UINT32|0x56 > + > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd|0x0|UINT32|0x57 So maybe we should drop the "Snp" from the name here ... > ; GUID (SEV-SNP boot block): bd39c0c2-2f8e-4243-83e8-1b74cebcb7d9 > ; > sevSnpBootBlockStart: > + DD SNP_HV_VALIDATED_START > + DD SNP_HV_VALIDATED_END ... and store the range which needs validation in another, not snp-specific block? Jiewen? Min? take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80150): https://edk2.groups.io/g/devel/message/80150 Mute This Topic: https://groups.io/mt/85306660/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
