On Wed, Oct 13, 2021 at 11:56:42AM -0500, Brijesh Singh wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
>
> Move all the SEV specific function in AmdSev.c.
>
> No functional change intended.
>
> Cc: Michael Roth
> Cc: James Bottomley
> Cc: Min Xu
> Cc: Jiewen Yao
> Cc: Tom L
On Thu, Oct 14, 2021 at 06:31:30AM +, Xu, Min M wrote:
> On October 14, 2021 2:05 PM, Gerd Hoffmann wrote:
> > On Thu, Oct 14, 2021 at 12:27:13AM +, Xu, Min M wrote:
> > > On October 12, 2021 6:32 PM, Gerd Hoffman wrote:
> > > > Hi,
> > > >
> > > > > + do {
> > > > > +AsmCpuid (0, &L
Maciej,
Please add description of the interface in the comment block in line 103,
specifically covering the purpose of the interface, the producer and consumer
of this interface.
DieId's description says "Generation and die specific ID number". Can you add
some details on how a producer of thi
On Thu, Oct 14, 2021 at 12:55:22AM +, Xu, Min M wrote:
> On October 12, 2021 6:39 PM, Gerd Hoffmann wrote:
> > Hi,
> >
> > > - AcceptPages:
> > >To mitigate the performance impact of accepting pages in SEC phase on
> > >BSP, BSP will parse memory resources and assign each AP the tas
On October 14, 2021 2:05 PM, Gerd Hoffmann wrote:
> On Thu, Oct 14, 2021 at 12:27:13AM +, Xu, Min M wrote:
> > On October 12, 2021 6:32 PM, Gerd Hoffman wrote:
> > > Hi,
> > >
> > > > + do {
> > > > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
> > >
> > > Again: this should use PCD.
> >
+#define DIE_INFO_CPU_GUID \
+{ 0x6E5AF2E3, 0x5D84, 0x48F2, { 0x84, 0x28, 0x99, 0xE4, 0x93, 0x4F, 0x51, 0xE4
}}
1. What's the difference between SOC and CPU?
+ UINT32 DieIndex;
2. What the purpose of "DieIndex"?
+ INTEL_DIE_INFO_GET_DIE_NAME_STR GetNameStr;
+
On October 14, 2021 1:38 PM, Gerd Hoffmann wrote:
> Hi,
>
> > > Calling CPUID should not be needed, we have a new fancy
> > > ConfidentialComputing PCD for that now.
> > The gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr is
> defined in UefiCpuPkg. While BaseIoLibIntrinsicSev is in
Reviewed-by: Sai Chaganty
mailto:rangasai.v.chaga...@intel.com>>
From: Holland, Michael
Sent: Monday, October 11, 2021 11:48 PM
To: devel@edk2.groups.io
Cc: Chaganty, Rangasai V ; Ni, Ray
Subject: [PATCH] IntelSiliconPkg/FirmwareInterfaceTable: Define FIT 4 record
-=-=-=-=-=-=-=-=-=-=-=-
G
Hello,
Thanks for all your valuable feedbacks, I have sent V4 to incorporate all of
them, please help to review.
Thanks,
Chasel
> -Original Message-
> From: Chiu, Chasel
> Sent: Friday, October 8, 2021 2:43 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Oram, Isaac W
> ; Desimone,
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
Implementation should search FSP_NON_VOLATILE_STORAGE_HOB2 firstly
and only search FSP_NON_VOLATILE_STORAGE_HOB when former one is not found.
Also added PeiGetLargeVariable () to support the scenarios where the
variable data size is bigger
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Isaac Oram
Cc: Nat
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Nate DeSimone
Sign
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Sai Chaganty
Cc: N
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Nate DeSimone
Sign
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Nate DeSimone
Cc:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Nate DeSimone
Cc:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
To simplify the implementation the variable Name/GUID has been
changed to "FspNvsBuffer" and gFspNvsBufferVariableGuid
regardless it stores the data from FSP_NON_VOLATILE_STORAGE_HOB2
or FSP_NON_VOLATILE_STORAGE_HOB.
Cc: Nate DeSimone
Cc:
V4:
. Switched to LargeVariableRead(Write)Lib in SaveMemoryConfig driver
. Fixed tailing white space issue in PeiLib.c/.h
. Updated function descriptions for PeiGetVariable() and PeiGetLargeVariable()
. Added VariableReadLib to CorePeiLib.dsc for all platforms
. Fixed white space issue in
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3678
Implementation should search FSP_NON_VOLATILE_STORAGE_HOB2 firstly
and only search FSP_NON_VOLATILE_STORAGE_HOB when former one is not found.
Also added PeiGetLargeVariable () to support the scenarios where the
variable data size is bigger
On Thu, Oct 14, 2021 at 12:27:13AM +, Xu, Min M wrote:
> On October 12, 2021 6:32 PM, Gerd Hoffman wrote:
> > Hi,
> >
> > > + do {
> > > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
> >
> > Again: this should use PCD.
> ConfidentialComputing PCD is set in PlatformPei. So any check of
I've requested in the past that you do this so I'll request again: please
discuss these changes on the freebsd-virtualization list before sending
patches outside of the project.
I'd suggest to add the list to the bhyve section of Maintainers.txt
then.
Yep, that's fair enough.
later,
Peter
Hi,
> I've requested in the past that you do this so I'll request again: please
> discuss these changes on the freebsd-virtualization list before sending
> patches outside of the project.
I'd suggest to add the list to the bhyve section of Maintainers.txt
then.
take care,
Gerd
-=-=-=-=-=
It's much easier to create configuration dependend ACPI tables for > bhyve than for OVMF. For this reason, don't use the statically>
created ACPI tables provided by OVMF. Instead use the dynamically>
created ACPI tables of bhyve. If bhyve provides no ACPI tables or> we
are unable to detect thos
On October 12, 2021 11:27 PM, Sami Mujawar wrote:
> Hi Min,
>
> Thank you for this patch.
>
> I think it would greatly help if the EFI_TD_PROTOCOL is changed to something
> more architecture neutral. As I understand, this patch series is removing the
> dependency on TPM for measurement and is ins
Hi,
> > Calling CPUID should not be needed, we have a new fancy
> > ConfidentialComputing PCD for that now.
> The gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr is defined in
> UefiCpuPkg. While BaseIoLibIntrinsicSev is in MdePkg.
> If the ConfidentialComputing PCD is used, then Ue
Hi,
> > > +UINT8 *mExtendBufferAddress = NULL;
> > > +TDX_EXTEND_BUFFER mExtendBuffer;
> > > +
> > > +/**
> > > + TD.RTMR.EXTEND requires 64B-aligned guest physical address of
> > > + 48B-extension data. In runtime we walk thru the Buffer to find
> > > + out a 64B-aligned star
On October 12, 2021 9:02 PM, Gerd Hoffmann wrote:
> On Tue, Oct 05, 2021 at 11:39:39AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > TDX guest supports LocalApicTimer. But in current OvmfPkg the
> > supported timer is 8254TimerDxe. So
> > gUefiOvmfPkgToke
On Wed, Oct 13, 2021 at 11:26:23AM +0200, Corvin Köhne wrote:
> From: Corvin Köhne
>
> QemuFwCfg is more powerful and has more use cases than BhyveFwCtl. Try
> to use QemuFwCfg in first place. If that fails, fall back to
> BhyveFwCtl.
Does bhyve implement the qemu fwcfg interface?
Acked-by: Ge
Hi,
> +#define BHYVE_ACPI_PHYSICAL_ADDRESS ((UINTN)0x000F2400)
> +#define BHYVE_BIOS_PHYSICAL_END ((UINTN)0x0010)
> + //
> + // Detect the RSDP
> + //
> + for (RsdpAddress = BHYVE_ACPI_PHYSICAL_ADDRESS;
> + RsdpAddress < BHYVE_BIOS_PHYSICAL_END;
> + RsdpAddress += 0x
Pushed as 2ebe49ccd34cfd59bac32216b71334d371b3fa44.
Sorry, I forgot to add my "Acked-by" to the commit before pushing.
Acked-by: Rebecca Cran
On 10/13/21 10:48 PM, Jayaprakash Nevara wrote:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3638
This change is to add IA32 support into py3
Hello Jeff,
Thanks for the reference you provided of the change made by you. Leveraging a
similar change resolves the problem 90 percent for me as I do not get the ISR
interrupted for the most part because of another timer interrupt. However, even
with your change, during the ISR there are few
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3638
This change is to add IA32 support into py3 EFI package
creation batch script. Enhanced the script take Architecture
as an additional parameter. With this the script can be used
to create deployable Python 3.6.8 EFI package from X64 and IA32
Jayaprakash Nevara (1):
AppPkg/Applications/Python/Python3.6.8: add IA32 support for py3
package creation batch script
.../Python-3.6.8/create_python368_pkg.bat | 62 ---
1 file changed, 39 insertions(+), 23 deletions(-)
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You
Sorry for the delay.
I can't see the copy of the patch you sent out: could you send it again,
this time marking it as v2 please? Since it's sent out via email there's
no problem with duplicates.
--
Rebecca Cran
On 10/3/21 6:35 PM, Jayaprakash, N wrote:
Hi Rebecca / Mike,
Could you look i
the flag "-fpie" is passed for all builds with a GCC family toolchain,
including CLANGPDB, but CLANGPDB does not support this flag, it will
report "clang: error: unsupported option '-fpie' for target
'x86_64-unknown-windows-gnu'". So we add the CLANGPDB option "-fno-pie"
later to overwrite it.
Cc:
the flag "-fpie" is passed for all builds with a GCC family toolchain,
including CLANGPDB, but CLANGPDB does not support this flag, it will
report "clang: error: unsupported option '-fpie' for target
'x86_64-unknown-windows-gnu'". So we add the CLANGPDB option "-fno-pie"
later to overwrite it.
Cc
Reviewed-by: Dandan Bi
Thanks,
Dandan
> -Original Message-
> From: Wang, Jian J
> Sent: Wednesday, October 13, 2021 4:11 PM
> To: Ma, Hua ; devel@edk2.groups.io
> Cc: Liming Gao ; Bi, Dandan
> ; Ni, Ray
> Subject: RE: [PATCH v3] MdeModulePkg/Core/Dxe: Acquire a lock when
> iterating
On October 12, 2021 8:16 PM, Gerd Hoffmann wrote:
> Hi,
>
> > +#define IO_MMU_LEGACY 0x0
> > +#define IO_MMU_SEV 0x01
> > +#define IO_MMU_TDX 0x02
> > +
> > +UINTN mIoMmuType = IO_MMU_LEGACY;
>
> Yet another place where you should be able to just use the
> ConfidentialComputing PCD.
Th
On October 13, 2021 11:46 PM, Brijesh Singh wrote:
> On 10/12/21 5:58 PM, Xu, Min M wrote:
> > On October 12, 2021 9:23 PM, Lendacky Thomas wrote:
> Good point Tom. The WORK_AREA_GUEST_TYPE define should be moved
> outside the ARCH_X86. I missed it mainly because we renamed the
> ESWorkArea to Gene
On October 12, 2021 6:39 PM, Gerd Hoffmann wrote:
> Hi,
>
> > - AcceptPages:
> >To mitigate the performance impact of accepting pages in SEC phase on
> >BSP, BSP will parse memory resources and assign each AP the task of
> >accepting a subset of pages. This command may be called sev
On October 12, 2021 6:32 PM, Gerd Hoffman wrote:
> Hi,
>
> > + do {
> > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
>
> Again: this should use PCD.
ConfidentialComputing PCD is set in PlatformPei. So any check of this PCD
should be after PlatformPei.
MpInitLib will be included in CpuMpP
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Wu, Hao A
> Sent: Tuesday, October 12, 2021 7:42 AM
> To: Konstantin Aladyshev ; devel@edk2.groups.io
> Cc: Wang, Jian J ; gaolim...@byosoft.com.cn
> Subject: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg/Sd: Corrections for
> E
Thanks Brijesh for looking into this.
On 13/10/2021 22:41, Brijesh Singh wrote:
> Hi Dov,
>
> On 10/13/21 2:35 AM, Dov Murik wrote:
>> Hello,
>>
>> I encountered the following problem when trying to launch SEV-ES
>> (policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build:
>>
>>
>> $ s
Hi Dov,
On 10/13/21 2:35 AM, Dov Murik wrote:
> Hello,
>
> I encountered the following problem when trying to launch SEV-ES
> (policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build:
>
>
> $ sudo /home/dmurik/git/qemu/build/qemu-system-x86_64 -enable-kvm
> -machine q35 -smp 1 -m 2G -ma
Ackd-by: Samer El-Haj-Mahmoud
Any update on getting this reviewed/merged? We have downstream platforms that
depend on this and would like to avoid duplication of similar functionality in
platform code.
Thanks!
--Samer
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of A
Used to provision and maintain certain HW-defined NV spaces.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2994
Signed-off-by: Bret Barkelew
Reviewed-by: Jiewen Yao
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Cc: Rahul Kumar
---
SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 12
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Use the SEV-SNP AP Creation NAE event to create and launch APs under
SEV-SNP. This capability will be advertised in the SEV Hypervisor
Feature Support PCD (PcdSevEsHypervisorFeatures).
Cc: Michael Roth
Cc: Eric Dong
Cc
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that both the secrets and cpuid pages are reserved in the HOB,
extract the location details through fixed PCD and make it available
to the guest OS through the configuration table.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: J
When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.
Cc: Micha
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added the support to query the
hypervisor feature bitmap. The feature bitmap provide information
such as whether to use the AP create VmgExit or use the AP jump table
approach to create the APs. The MpInitL
The SetMemoryEncDec() is used by the higher level routines to set or clear
the page encryption mask for system RAM and Mmio address. When SEV-SNP is
active, in addition to set/clear page mask it also updates the RMP table.
The RMP table updates are required for the system RAM address and not
the Mm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the memo
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added a new VMGEXIT that the guest
could use for querying the hypervisor features. One of the immediate
users for it will be an AP creation code. When SEV-SNP is enabled, the
guest can use the newly added A
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
architecture allows a guest VM to divide its address space into four
levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the h
From: Michael Roth
During AP bringup, just after switching to long mode, APs will do some
cpuid calls to verify that the extended topology leaf (0xB) is available
so they can fetch their x2 APIC IDs from it. In the case of SEV-ES,
these cpuid instructions must be handled by direct use of the GHCB
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that OvmfPkg supports version 2 of the GHCB specification, bump the
protocol version.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:
1) Validate on-demand
OR
2) Vali
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Previous commit introduced a generic confidential computing PCD that can
determine whether AMD SEV-ES is enabled. Update the MpInitLib to drop the
PcdSevEsIsEnabled in favor of PcdConfidentialComputingAttr.
Cc: Michael Roth
Cc: Ray Ni
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The VMM launch sequence should have pre-validated all the data pages used
in the Reset vector. The range does not cover the data pages used during
the SEC phase (mainly PEI and DXE firmware volume decompression memory).
When SEV-SNP is activ
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
While initializing APs, the MpInitLib may need to know whether the
guest is running with active AMD SEV or Intel TDX memory encryption.
Add a new ConfidentialComputingGuestAttr PCD that can be used to query
the memory encryption attribute.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The initial page built during the SEC phase is used by the
MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
page validation process requires using the PVALIDATE instruction; the
instruction accepts a virtual address of
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MpInitLib uses the ConfidentialComputingAttr PCD to determine whether
AMD SEV is active so that it can use the VMGEXITs defined in the GHCB
specification to create APs.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: Ja
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
system RAM. As the boot progress, each phase validates a fixed region of
the RAM. In the PEI phase, the PlatformPei detects all the available RAM
and calls to pre-valid
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Many of the integrity guarantees of SEV-SNP are enforced through the
Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
particular page of DRAM should be mapped. The guest can request the
hypervisor to add pages in the RMP ta
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
that MMIO is only performed against the un-encrypted memory. If MMIO
is performed against encrypted memory, a #GP is raised.
The AmdSevDxe uses the functions provided by
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
From: Michael Roth
SEV-SNP firmware allows a special guest page to be populated with
guest CPUID values so that they can be validated against supported
host features before being loaded into encrypted guest memory to be
used instead of hypervisor-provided values [1].
Add handling for this in the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Create a function that can be used to determine if VM is running as an
SEV-SNP guest.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffm
From: Michael Roth
CPUID instructions are issued during early boot to do things like probe
for SEV support. Currently these are handled by a minimal #VC handler
that uses the MSR-based GHCB protocol to fetch the CPUID values from
the hypervisor. When SEV-SNP is enabled, use the firmware-validated
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.
The validation process consist of the following sequence:
1) Set the memory encryption attribute in the page table (aka C-bi
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can poten
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The OvmfPkgX86 build reserves memory regions in MEMFD. The memory regions
get accessed in the SEC phase. AMD SEV-SNP require that the guest's
private memory be accepted or validated before access.
Introduce a Guided metadata structure that d
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesh
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
In preparation for SEV-SNP support move clearing of the GHCB memory from
the ResetVector/AmdSev.asm to SecMain/AmdSev.c. The GHCB page is not
accessed until SevEsProtocolCheck() switch to full GHCB. So, the move
does not make any changes in t
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
A
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory re-mappi
On 10/12/21 5:58 PM, Xu, Min M wrote:
> On October 12, 2021 9:23 PM, Lendacky Thomas wrote:
>> On 10/11/21 9:37 PM, Min Xu wrote:
>>> diff --git a/OvmfPkg/ResetVector/Main.asm
>>> b/OvmfPkg/ResetVector/Main.asm index ae90a148fce7..a501fbe880f2
>> 100644
>>> --- a/OvmfPkg/ResetVector/Main.asm
>>>
Dear Bob, dear Liming,
The patch appended to
https://bugzilla.tianocore.org/show_bug.cgi?id=3066
was reviewed by Yuwei Chen last year but has not been merged since.
Please, consider adding the patch to EDK II.
Cf. https://edk2.groups.io/g/devel/message/67192
Best regards
Heinrich
-=-=-=-=-=
On October 12, 2021 6:16 PM, Gerd Hoffman wrote:
> Hi,
>
> > + do {
> > +AsmCpuid (0, &LargestEax, &Ebx, &Ecx, &Edx);
>
> Use ConfidentialComputing PCD ?
BaseXApicX2ApicLib (LocalApicLib) is included by the drivers/libs not only in
DXE phase, but also in SEC/PEI. For example, SecPeiCpuExc
On October 12, 2021 6:06 PM, Gerd Hoffmann wrote:
> On Tue, Oct 05, 2021 at 11:39:17AM +0800, Min Xu wrote:
> > RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
> >
> > Intel TDX architecture does not prescribe a specific software
> > convention to perform I/O from the guest TD. Guest TD pr
On Wed, Oct 13, 2021 at 06:44:28AM -0500, Brijesh Singh wrote:
>
> On 10/12/21 12:22 AM, Gerd Hoffmann via groups.io wrote:
> > Hi,
> >
> >> +; - Type field means this section is of BFV. This field is designed for
> >> the
> >> +; purpose that in some case host VMM may do some additional proc
On October 12, 2021 4:22 PM, Gerd Hoffmann wrote:
> > +// PageSize is mapped to PageLevel like below:
> > +// 4KB - 0, 2MB - 1
> > +UINT64 mTdxAcceptPageLevelMap[2] = {
> > + SIZE_4KB,
> > + SIZE_2MB
>
> No 1G pages?
TDX:
https://software.intel.com/content/dam/develop/external/us/en/documents/
BEGIN:VCALENDAR
METHOD:REQUEST
PRODID:Microsoft Exchange Server 2010
VERSION:2.0
BEGIN:VTIMEZONE
TZID:India Standard Time
BEGIN:STANDARD
DTSTART:16010101T00
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:16010101T00
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
END:DAYLIGHT
E
On 10/12/21 12:22 AM, Gerd Hoffmann via groups.io wrote:
> Hi,
>
>> +; - Type field means this section is of BFV. This field is designed for the
>> +; purpose that in some case host VMM may do some additional processing
>> based
>> +; upon the section type. TdHob section is an example. Hos
Hi Khasim and Deepak,
To check all the required Libraries, Pcds, ... are included correctly,
it is faster to run the CI tests.
The edk2 CI is currently not available for edk2-platforms. I created a
branch that can run the CI on your patch-set at:
https://github.com/PierreARM/edk2-platforms/tree/r
Hello,
I encountered the following problem when trying to launch SEV-ES
(policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build:
$ sudo /home/dmurik/git/qemu/build/qemu-system-x86_64 -enable-kvm
-machine q35 -smp 1 -m 2G -machine confidential-guest-support=sev0
-object sev-guest,id=s
Hi Khasim,
I have some remarks about the patch:
On 10/10/21 19:29, Khasim Mohammed via groups.io wrote:
> Add an initial platform DXE driver and support for ramdisk devices.
>
> Signed-off-by: Deepak Pandey
> Signed-off-by: Khasim Syed Mohammed
> ---
> .../N1Sdp/Drivers/PlatformDxe/PlatformDxe
Hi Khasim and Chandni,
The patch looks good to me,
Reviewed-by: Pierre Gondois
Regards,
Pierre
On 10/10/21 19:29, Khasim Mohammed via groups.io wrote:
> This patch introduces new PCDs required to enable
> chip to chip interface and corresponding memory map is updated.
>
> Signed-off-by: Chandni
Hi Khasim,
I had some questions about this path:
On 10/10/21 19:29, Khasim Mohammed via groups.io wrote:
> This patch adds missing documentation for few of the functions
> and fixes few formatting changes.
>
> Signed-off-by: Khasim Syed Mohammed
> ---
> .../PciHostBridgeLib/PciHostBridgeLib.c
From: Corvin Köhne
QemuFwCfg is more powerful and has more use cases than BhyveFwCtl. Try
to use QemuFwCfg in first place. If that fails, fall back to
BhyveFwCtl.
Signed-off-by: Corvin Köhne
CC: Ard Biesheuvel
CC: Jiewen Yao
CC: Jordan Justen
CC: Gerd Hoffmann
CC: Rebecca Cran
CC: Peter G
It's much easier to create configuration dependend ACPI tables for
bhyve than for OVMF. For this reason, don't use the statically
created ACPI tables provided by OVMF. Instead use the dynamically
created ACPI tables of bhyve. If bhyve provides no ACPI tables or
we are unable to detect those, fall
Reviewed-by: Ray Ni
-Original Message-
From: Liu, Zhiguang
Sent: Wednesday, October 13, 2021 5:08 PM
To: devel@edk2.groups.io
Cc: Dong, Guo ; Ni, Ray ; Ma, Maurice
; You, Benjamin
Subject: [PATCH] UefiPayloadPkg: Use SECURITY_STUB_ENABLE to control the
SecurityStubDxe
The SecuritySt
The SecurityStubDxe driver may be provided by platform payload.
In UefiPayloadPkg\UefiPayloadPkg.fdf file, SecurityStubDxe should only
be included if SECURITY_STUB_ENABLE is TRUE
Cc: Guo Dong
Cc: Ray Ni
Cc: Maurice Ma
Cc: Benjamin You
Signed-off-by: Zhiguang Liu
---
UefiPayloadPkg/UefiPaylo
It's fine this time, but please add [staging/RedfishClientPkg] when next time
send the patch against edk2-staging.
Only one comment in below, others look good to me.
Reviewed-by: Abner Chang
> -Original Message-
> From: Wang, Nickle (HPS SW)
> Sent: Wednesday, October 13, 2021 4:31 PM
I noticed a difference between V2 and V3:
V2:
- AcpiBoardInfo = BuildHobFromAcpi (SysTableInfo.AcpiTableBase);
+ AcpiBoardInfo = BuildHobFromAcpi (AcpiTableHob->Rsdp.AcpiTableBase);
V3:
- AcpiBoardInfo = BuildHobFromAcpi (SysTableInfo.AcpiTableBase);
+ AcpiBoardInfo = BuildHobFromAcpi (AcpiTab
SystemTableInfo GUID is not a Spec defined GUID.
But the latest SBL uses SystemTableInfo to get ACPI
and SMBIOS table information. So moving the SystemTableInfo
GUID implementation to SblParseLib.
Cc: Maurice Ma
Cc: Guo Dong
Cc: Ray Ni
Cc: Benjamin You
Cc: Zhiguang Liu
Signed-off-by: Guo Don
Initial common header file and meta files for feature drivers.
Signed-off-by: Nickle Wang
Cc: Abner Chang
Cc: Liming Gao
---
.../Include/Guid/RedfishClientPkgTokenSpace.h | 20 +++
.../EdkIIRedfishResourceConfigProtocol.h | 129 ++
.../Include/RedfishCollectionCommon.h
1 - 100 of 104 matches
Mail list logo
