Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

Wed, 18 Jan 2023 17:50:55 -0800 

I will submit a patch-set to fix it soon.

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard
> Biesheuvel
> Sent: Wednesday, January 18, 2023 7:08 PM
> To: Yao, Jiewen <jiewen....@intel.com>; Xu, Min M <min.m...@intel.com>
> Cc: Gerd Hoffmann <kra...@redhat.com>; devel@edk2.groups.io; Leif
> Lindholm <quic_llind...@quicinc.com>; Ard Biesheuvel
> <ardb+tianoc...@kernel.org>; Abner Chang <abner.ch...@amd.com>;
> Daniel Schaefer <g...@danielschaefer.me>; Aktas, Erdem
> <erdemak...@google.com>; James Bottomley <j...@linux.ibm.com>; Tom
> Lendacky <thomas.lenda...@amd.com>
> Subject: Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in
> OvmfPkg/IntelTdx
> 
> This series has broken the ArmVirtQemuKernel build (see below).
> 
> Please fix or revert.
> 
> 
> 
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:
> In function ‘RelocatePeCoffImage’:
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:158:12:
> error: too few arguments to function ‘FfsFindSectionData’
>   158 |   Status = FfsFindSectionData (EFI_SECTION_PE32, FileHandle,
> &SectionData);
>       |            ^~~~~~~~~~~~~~~~~~
> In file included from
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:13:
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/EmbeddedPkg/Include/Library/PrePiLib.h>:81:1:
> note: declared here
>    81 | FfsFindSectionData (
>       | ^~~~~~~~~~~~~~~~~~
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:160:14:
> error: too few arguments to function ‘FfsFindSectionData’
>   160 |     Status = FfsFindSectionData (EFI_SECTION_TE, FileHandle,
> &SectionData);
>       |              ^~~~~~~~~~~~~~~~~~
> In file included from
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:13:
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/EmbeddedPkg/Include/Library/PrePiLib.h>:81:1:
> note: declared here
>    81 | FfsFindSectionData (
>       | ^~~~~~~~~~~~~~~~~~
> make: *** [GNUmakefile:397:
> <https://ci.linaro.org/job/leg-virt-tianocore-edk2-
> upstream/ws/edk2/Build/ArmVirtQemuKernel-
> AARCH64/DEBUG_GCC5/AARCH64/ArmVirtPkg/PrePi/ArmVirtPrePiUniCoreRe
> locatable/OUTPUT/PrePi.obj]>
> Error 1
> 
> On Wed, 18 Jan 2023 at 04:05, Yao, Jiewen <jiewen....@intel.com> wrote:
> >
> > Reviewed-by: Jiewen Yao <jiewen....@intel.com>
> >
> > Merged https://github.com/tianocore/edk2/pull/3916
> >
> > > -----Original Message-----
> > > From: Gerd Hoffmann <kra...@redhat.com>
> > > Sent: Tuesday, January 17, 2023 6:58 PM
> > > To: Xu, Min M <min.m...@intel.com>
> > > Cc: devel@edk2.groups.io; Leif Lindholm <quic_llind...@quicinc.com>;
> > > Ard Biesheuvel <ardb+tianoc...@kernel.org>; Abner Chang
> > > <abner.ch...@amd.com>; Daniel Schaefer <g...@danielschaefer.me>;
> > > Aktas, Erdem <erdemak...@google.com>; James Bottomley
> > > <j...@linux.ibm.com>; Yao, Jiewen <jiewen....@intel.com>; Tom
> > > Lendacky <thomas.lenda...@amd.com>
> > > Subject: Re: [PATCH V3 0/4] Introduce Separate-Fv in
> > > OvmfPkg/IntelTdx
> > >
> > > On Tue, Jan 17, 2023 at 07:31:54AM +0800, Min Xu wrote:
> > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152
> > > >
> > > > In current DXE FV there are 100+ drivers. Some of the drivers are
> > > > not used in Td guest. (Such as USB support drivers, network
> > > > related drivers, etc).
> > > >
> > > > From the security perspective if a driver is not used, we should
> > > > prevent it from being loaded/started. There are 2 benefits:
> > > > 1. Reduce the attack surface
> > > > 2. Improve the boot performance
> > > >
> > > > So we introduce Separate-Fv which separates DXEFV into 2 FVs:
> > > > DXEFV and NCCFV. All the drivers which are not needed by a
> > > > Confidential Computing guest are moved from DXEFV to NCCFV.
> > > >
> > > > When booting a CC guest only the drivers in DXEFV will be loaded
> > > > and started. For a Non-CC guest both DXEFV and NCCFV drivers will
> > > > be loaded and started.
> > > >
> > > > Patch#1 updates EmbeddedPkg/PrePiLib with
> FFS_CHECK_SECTION_HOOK.
> > > > Patch#2 adds PCDs/GUID for NCCFV.
> > > > Patch#3 moves cc-unused drivers to NCCFV.
> > > > Patch#4 update PeilessStartupLib to find NCCFV for non-cc guest.
> > >
> > > series:
> > > Acked-by: Gerd Hoffmann <kra...@redhat.com>
> > >
> > > take care,
> > >   Gerd
> >
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98840): https://edk2.groups.io/g/devel/message/98840
Mute This Topic: https://groups.io/mt/96319661/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to