On Wed, Oct 13, 2021 at 11:57:00AM -0500, Brijesh Singh wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
> 
> When SEV-SNP is active, a memory region mapped encrypted in the page
> table must be validated before access. There are two approaches that
> can be taken to validate the system RAM detected during the PEI phase:
> 
> 1) Validate on-demand
> OR
> 2) Validate before access
> 
> On-demand
> =========
> If memory is not validated before access, it will cause a #VC
> exception with the page-not-validated error code. The VC exception
> handler can perform the validation steps.
> 
> The pages that have been validated will need to be tracked to avoid
> the double validation scenarios. The range of memory that has not
> been validated will need to be communicated to the OS through the
> recently introduced unaccepted memory type
> https://github.com/microsoft/mu_basecore/pull/66, so that OS can
> validate those ranges before using them.
> 
> Validate before access
> ======================
> Since the PEI phase detects all the available system RAM, use the
> MemEncryptSevSnpValidateSystemRam() function to pre-validate the
> system RAM in the PEI phase.
> 
> For now, choose option 2 due to the dependency and the complexity
> of the on-demand validation.

Acked-by: Gerd Hoffmann <kra...@redhat.com>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81992): https://edk2.groups.io/g/devel/message/81992
Mute This Topic: https://groups.io/mt/86292907/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-


Reply via email to