On September 9, 2021 3:46 AM, Brijesh Singh wrote:
>
> Thank you so much Yao for reviewing the patches. Based on some comments
> from Gerd I may update code around the reset vector area (mainly use the
> metadata format etc). For your comments regarding the introducing a new
> PcdConfidentialComputingCategory I will look to see what I can come up with
> and in UefiCpuPkg I will try to move all the SEV specific functions in new
> files
> (where applicable).
>
Hi, Brijesh
if you are considering to introduce a new PcdConfidentialComputingCategory
as Jiewen suggested below:
> >
> > 0008-UefiCpuPkg-Define-the-SEV-SNP-specific-dynamic-PCDs
> > I really don't like the idea to use BOOL PcdSevEsIsEnabled and
> PcdSevSnpIsEnabled.
> > Can we define *one* PCD - such as PcdConfidentialComputingCategory?
> > We can assign range 0x0000~0xFFFF to AMD SEV, 0x10000~0x1FFFF to Intel
> TDX.
> > Then SEV=0x0000, SEV-ES=0x0001, SEV-SNP=0x0002, and TDX=0x10000
> later.
> > I really don't want to keep adding PCD endlessly in the future, like
> PcdSevXXXIsEnabled, PcdSevYYYIsEnabled, PcdTdxIsEnabled,
> PcdTdx20Enabled, PcdTdx30Enabled, ......
> >
I also have some suggestions.
As we have below definition in WorkArea.h
typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER {
UINT8 GuestType;
UINT8 Reserved1[3];
} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER;
Can we update above CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER to below:
typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER {
UINT8 GuestType;
UINT8 SubType; // subtype which indicates
SEV-ES, SEV-NP, or TDX 1.0, TDX 2.0 etc.
UINT8 Reserved1[2];
} CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER;
The PcdConfidentialComputingCategory can be defined as UINT32, like below:
## This dynamic PCD indicates the Confidential Computing Category
# [7:0] Confidential Computing Category (0 - Non-Cc, 1 - AmdSev, 2 -
IntelTdx)
# [15:8] Sub-Category (defined by each vendor, SEV-ES, SEV-SNP, or TDX-1.0,
TDX-2.0, etc)
# [31:16] Reserved
# @Prompt Confidential Computing Category
gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingCategory|0|UINT32|0x60000018
So that we simply copy the CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER to
PcdConfidentialComputingCategory.
What's your thought?
Thanks!
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80390): https://edk2.groups.io/g/devel/message/80390
Mute This Topic: https://groups.io/mt/85306653/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
