On Fri, Jan 26, 2024 at 8:16 AM Tom Lendacky wrote:
>
> On 1/26/24 08:29, Gerd Hoffmann wrote:
> > Neat when doing ResetVector coding.
> > Incompatible with TDX and SEV, therefore not enabled by default.
> >
> > Signed-off-by: Gerd Hoffmann
>
> Acked-by: Tom Lendacky
>
Acked-by: Erdem Aktas
>
>
Same for TDX, I did not run it but it should cause failure
as debugShowPostCode is called OvmfPkg/ResetVector/Ia32/IntelTdx.asm before
actually the #VE handlers are installed.
-Erdem
On Wed, Jan 24, 2024 at 11:55 AM Tom Lendacky
wrote:
> On 1/24/24 13:24, Tom Lendacky wrote:
> > On 1/24/24 10:4
On Sun, Oct 29, 2023 at 11:42 PM Sun, CepingX wrote:
>
> On Saturday, October 28, 2023 12:45 AM, Erdem Aktas wrote:
> This should be the [PATCH V1 2/2] I assume?
> Yes, the name is same with [PATCH v1 0/2] , may be confusion, I would update
> in next version to avoid the same title name.
>
>
> On
Hi,
This should be the [PATCH V1 2/2] I assume?
On Thu, Oct 26, 2023 at 5:58 PM sunceping wrote:
> From: Ceping Sun
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4572
>
> According to section 3.2 of the [GHCI] document, if the result of MapGPA
> is "TDG.VP.VMCALL_RETRY", TDVF must re
Reviewed-by: Erdem Aktas
On Sun, Jul 16, 2023 at 6:55 PM Yao, Jiewen wrote:
>
> Reviewed-by: Jiewen Yao
>
> > -Original Message-
> > From: devel@edk2.groups.io On Behalf Of Gerd
> > Hoffmann
> > Sent: Monday, July 10, 2023 6:36 PM
> > To: devel@edk2.groups.io; Sun, CepingX
> > Cc: Ak
Hi Min,
On Mon, Nov 1, 2021 at 6:16 AM Min Xu wrote:
>
> +VmTdExitHandleVe (
> + IN OUT EFI_EXCEPTION_TYPE *ExceptionType,
> + IN OUT EFI_SYSTEM_CONTEXT SystemContext
> + )
> +{
> + UINT64Status;
> + TD_RETURN_DATAReturnData;
> + EFI_SYSTEM_CONTEXT_X64
Hi Min,
Sorry for the late review. My comments and a few questions are inline.
Thanks
-Erdem
On Mon, Nov 1, 2021 at 6:16 AM Min Xu wrote:
>
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
>
> +**/
> +UINT32
> +GetGpaPageLevel (
> + UINT32 PageSize
> + )
> +{
> + UINT32 Index
On Mon, Sep 13, 2021 at 9:20 PM Brijesh Singh wrote:
> +*/
> +STATIC
> +VOID
> +SevSnpGhcbRegister (
> + UINTN Address
> + )
> +{
> + MSR_SEV_ES_GHCB_REGISTER Msr;
> + MSR_SEV_ES_GHCB_REGISTER CurrentMsr;
> + EFI_PHYSICAL_ADDRESS GuestFrameNumber;
> +
> + GuestFrameNumber = Address
On Mon, Sep 13, 2021 at 9:06 AM Xu, Min M wrote:
>
> > > +TdxApWait:
> > > +cmp byte[TDX_WORK_AREA_PGTBL_READY], 0
> > > +je TdxApWait
> > Don't we need memory fence before je TdxApWait. I did not check
> > what the compiler generates for this loop.
> Below is the code compi
On Mon, Aug 30, 2021 at 5:35 AM Min Xu wrote:
> +;
> +; Check if it is Intel Tdx
> +;
> +; Modified: EAX, EBX, ECX, EDX
> +;
> +; If it is Intel Tdx, EAX is zero
> +; If it is not Intel Tdx, EAX is non-zero
> +;
> +IsTdx:
IsTdx returns 0 when TDX is enabled in CPUID but IsTdxEnabled return 1
when
On Thu, Aug 12, 2021 at 2:57 PM Min Xu wrote:
> +UINT8
> +EFIAPI
> +TdMmioRead8 (
> + IN UINTN Address
> + )
> +{
> + UINT64 Value;
> + UINT64 Status;
> +
> + Address |= TdSharedPageMask ();
Why is the SharedBi
On Thu, Aug 12, 2021 at 2:57 PM Min Xu wrote:
> - TdMaxVCpuNum: Get the maximum number of virutal CPUs.
s/virutal/virtual
> - TdVCpuNum : Get the number of virtual CPUs. (In some case VMM may
> add more vCPU in runtime).
s/case/cases
How is this possible consideri
On Thu, Aug 12, 2021 at 2:57 PM Min Xu wrote:
> +
> +#include
> +#include "InternalTdxProbe.h"
> +
> +/**
> + TDX only works in X64. So allways return -1 to indicate Non-Td.
s/allways/always
Also, -1 or 1? PROBE_NOT_TD_GUEST is defined as 1.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receiv
On Thu, Aug 12, 2021 at 2:57 PM Min Xu wrote:
>
> +;
> +; Check if it is Intel Tdx
> +;
> +; Modified: EAX, EBX, ECX, EDX
> +;
> +; If it is Intel Tdx, EAX is zero
> +; If it is not Intel Tdx, EAX is non-zero
> +;
> +IsTdx:
IsTdx returns 0 when TDX is enabled in CPUID but IsTdxEnabled return 1
whe
On Thu, Aug 12, 2021 at 2:57 PM Min Xu wrote:
>
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
>
> SevEsIsEnabled return TRUE if SevEsWorkArea->SevEsEnabled is non-zero.
s/return/returns
> It is correct when SevEsWorkArea is only used by SEV. After Intel TDX
> is enabled in Ovmf, the
I have few naive questions. Sorry if the answers were obvious.
>>TDVF also include a configuration firmware volume (CFV) that is separated
>>from the BFV. The reason is because the CFV is measured in RTMR, while
>>the BFV is measured in MRTD.
If I understand correctly, this means that the BFV is
I agree with Brijesh on that this patch should be divided into smaller ones.
On Mon, Aug 2, 2021 at 6:18 PM Min Xu wrote:
>
> +;
> +; EBP[6:0] CPU supported GPA width
> +;
> +and ebp, 0x3f
Based on
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-m
Reviewed-by: Erdem Aktas
On Mon, Aug 2, 2021 at 6:18 PM Min Xu wrote:
>
> RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429
>
> Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) known
> as the Boot Firmware Volume (BFV). The FV format is defined in the
> UEFI Platform Initial
On Wed, Jun 30, 2021 at 5:54 AM Brijesh Singh wrote:
>
> a) Enhance the OVMF reset vector code to validate the pages as described
>above (go through step 2 - 3).
> OR
> b) Validate the pages during the guest creation time. The SEV firmware
>provides a command which can be used by the VMM t
Hi all,
Sorry for the late reply. I like to add some clarification on "one
binary". I feel like the way everyone uses the term "one binary" in
the email threads is causing some confusion.
As I have tried to explain before, we are not looking for everything
in a single binary. As Laszlo has menti
> + @param[in] BaseAddress The physical address that is the start
> + address of a MMIO region.
Based on the code, what I understand is that the address parameters
should be "guest virtual address", not the physical address. But in
this patch, all
>> +#define RMPADJUST_VMPL_MAX 3
Why is RMPADJUST_VMPL_MAX defined as 3? Is it not defined in bits
[15:12] of CPUID Fn8000_001F[EBX]?
-Erdem
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#75833): https://edk2.groups.io/g/d
I verified that the values align with the GHCB spec publication:
#56421 Revision: 2.00
Reviewed-by: Erdem Aktas
On Wed, May 12, 2021 at 4:46 PM Brijesh Singh wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
>
> The Page State Change NAE exit will be used by the SEV-SNP guest t
I verified that the values align with the GHCB spec publication:
#56421 Revision: 2.00
Just one question: is there any reason why GHCB_* defines are decimal
while the SVM_EXIT_* are all in hexadecimal? Does EDK2 have any
preference?
Reviewed-by: Erdem Aktas
-Erdem
On Wed, May 12, 2021 at 4:46
I verified that the values align with the GHCB spec publication:
#56421 Revision: 2.00
Reviewed-by: Erdem Aktas
-Erdem
On Wed, May 12, 2021 at 4:46 PM Brijesh Singh wrote:
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
>
> Version 2 of GHCB introduces advertisement of features th
> +//
> +// If the request page state change is shared then invalidate the pages
> before
> +// adding the page in the RMP table.
> +//
> +if (State == SevSnpPagePrivate) {
> + PvalidateRange (Info, 0, i, TRUE);
> +}
Looks like some copy-paste mistake in the comment.
A
Hi Brijesh,
I have few naive questions inlined:
On Fri, Apr 30, 2021 at 4:52 AM Brijesh Singh wrote:
> +; Use PVALIDATE instruction to invalidate the page
> +mov eax, GHCB_BASE
> +mov ecx, 0
> +mov edx, 0
> +DB 0xF2, 0x0F, 0x01, 0xFF
> +cmp eax, 0
> +
Add 'Erdem Aktas' as a reviewer for OvmfPkg/Confidential Computing.
Signed-off-by: Erdem Aktas
---
Maintainers.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/Maintainers.txt b/Maintainers.txt
index fda3df5de2..cafe6b1ab8 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -458,6 +458,
Hi Laszlo,
I am sorry to hear that it sounded like we are dictating a certain
approach. Although I can see why it sounded that way, it certainly was not
my intention.
We want to work with the EDK2 community to have a solution that is
beneficial for everyone and we appreciate the inputs that we got
Thanks Paolo.
On Thu, Apr 15, 2021 at 12:59 AM Paolo Bonzini wrote:
>
> On 15/04/21 01:34, Erdem Aktas wrote:
> > We do not want to generate different binaries for AMD, Intel, Intel
> > with TDX, AMD with SEV/SNP etc
>
> My question is why the user would want a single binary for VMs with and
> wi
Hi all,
>>Can we please pry a little bit at that "one binary" requirement?
I think when we call it a "one binary" requirement, it sounds like we
are asking something new but what we are asking is pretty much
captured by James Bottomley.
We do not want to generate different binaries for AMD, Intel
31 matches
Mail list logo
