Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Min Xu
Biesheuvel > ; Abner Chang ; > Daniel Schaefer ; Aktas, Erdem > ; James Bottomley ; Tom > Lendacky > Subject: Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in > OvmfPkg/IntelTdx > > This series has broken the ArmVirtQemuKernel build (see below). > > Please fix o

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Ard Biesheuvel
On Wed, 18 Jan 2023 at 17:41, Yao, Jiewen wrote: > > I think it is feasible. > > For example, https://github.com/tianocore/edk2/tree/master/OvmfPkg/PlatformCI > includes multiple xxxBuild.py. Each GetDscName() will return different dsc. > > But https://github.com/tianocore/edk2/tree/master/ArmVir

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Yao, Jiewen
day, January 18, 2023 11:35 PM > To: Gerd Hoffmann ; Michael Kubacki > > Cc: Yao, Jiewen ; devel@edk2.groups.io; Xu, Min M > ; Leif Lindholm ; Abner > Chang ; Daniel Schaefer ; > Aktas, Erdem ; James Bottomley > ; Tom Lendacky > Subject: Re: [edk2-devel] [PATCH V3 0/4

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Ard Biesheuvel
On Wed, 18 Jan 2023 at 14:43, Gerd Hoffmann wrote: > > On Wed, Jan 18, 2023 at 12:07:52PM +, Yao, Jiewen wrote: > > Hey Ard > > I am worried about the CI for ArmVirtPkg. > > Can we add such ArmVirtPkg build into CI? > > CI builds one of the ArmVirtPkg configs (ArmVirtQemu.dsc specifically), >

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Gerd Hoffmann
On Wed, Jan 18, 2023 at 12:07:52PM +, Yao, Jiewen wrote: > Hey Ard > I am worried about the CI for ArmVirtPkg. > Can we add such ArmVirtPkg build into CI? CI builds one of the ArmVirtPkg configs (ArmVirtQemu.dsc specifically), the other ones are not covered right now. take care, Gerd -=-

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Yao, Jiewen
Of Ard > Biesheuvel > Sent: Wednesday, January 18, 2023 7:08 PM > To: Yao, Jiewen ; Xu, Min M > Cc: Gerd Hoffmann ; devel@edk2.groups.io; Leif > Lindholm ; Ard Biesheuvel > ; Abner Chang ; > Daniel Schaefer ; Aktas, Erdem > ; James Bottomley ; Tom > Lendacky > Sub

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-18 Thread Ard Biesheuvel
This series has broken the ArmVirtQemuKernel build (see below). Please fix or revert. : In function ‘RelocatePeCoffImage’:

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-17 Thread Yao, Jiewen
Reviewed-by: Jiewen Yao Merged https://github.com/tianocore/edk2/pull/3916 > -Original Message- > From: Gerd Hoffmann > Sent: Tuesday, January 17, 2023 6:58 PM > To: Xu, Min M > Cc: devel@edk2.groups.io; Leif Lindholm ; Ard > Biesheuvel ; Abner Chang > ; Daniel Schaefer ; Aktas, > Erde

Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-17 Thread Gerd Hoffmann
On Tue, Jan 17, 2023 at 07:31:54AM +0800, Min Xu wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 > > In current DXE FV there are 100+ drivers. Some of the drivers are not > used in Td guest. (Such as USB support drivers, network related > drivers, etc). > > From the security pers

[edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

2023-01-16 Thread Min Xu
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 In current DXE FV there are 100+ drivers. Some of the drivers are not used in Td guest. (Such as USB support drivers, network related drivers, etc). >From the security perspective if a driver is not used, we should prevent it from being load