On Wed, Oct 13, 2021 at 11:57:00AM -0500, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 > > When SEV-SNP is active, a memory region mapped encrypted in the page > table must be validated before access. There are two approaches that > can be taken to validate the system RAM detected during the PEI phase: > > 1) Validate on-demand > OR > 2) Validate before access > > On-demand > ========= > If memory is not validated before access, it will cause a #VC > exception with the page-not-validated error code. The VC exception > handler can perform the validation steps. > > The pages that have been validated will need to be tracked to avoid > the double validation scenarios. The range of memory that has not > been validated will need to be communicated to the OS through the > recently introduced unaccepted memory type > https://github.com/microsoft/mu_basecore/pull/66, so that OS can > validate those ranges before using them. > > Validate before access > ====================== > Since the PEI phase detects all the available system RAM, use the > MemEncryptSevSnpValidateSystemRam() function to pre-validate the > system RAM in the PEI phase. > > For now, choose option 2 due to the dependency and the complexity > of the on-demand validation.
Acked-by: Gerd Hoffmann <kra...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81992): https://edk2.groups.io/g/devel/message/81992 Mute This Topic: https://groups.io/mt/86292907/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-