Re: [PATCH v4 00/11] Measured SEV boot with kernel/initrd/cmdline

Yao, Jiewen

Hi James
"However, this ran into problems when it was decided AmdSev shouldn't have it's own Library."

I am not clear on the history. Would you please clarify why AmdSev should not have its own library?

It looks not reasonable to me. AmdSev is just a feature. A feature may have its own library. We have enough examples.

Also, the instance name "Grub" is very confusing. I compared PlatformBootManagerLib and PlatformBootManagerLibGrub. This is just a customized PlatformBootManagerLib.

For example, XEN feature removing and PIIX4 difference has nothing to do with Grub...
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x60), 0x0b); // A
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x61), 0x0b); // B
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x62), 0x0a); // C
PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x63), 0x0a); // D

It is a big misleading. Can we move the PlatformBootManagerLibGrub To AmdSev now?

-----Original Message-----
From: James Bottomley <>
Sent: Monday, July 26, 2021 5:10 AM
To:;; Yao, Jiewen
Cc: Tobin Feldman-Fitzthum <>; Tobin Feldman-Fitzthum
<>; Jim Cadden <>; Hubertus Franke
<>; Ard Biesheuvel <>; Justen,
Jordan L <>; Ashish Kalra <>;
Brijesh Singh <>; Erdem Aktas
<>; Xu, Min M <>; Tom Lendacky
<>; Leif Lindholm <>; Sami
Mujawar <>
Subject: Re: [edk2-devel] [PATCH v4 00/11] Measured SEV boot with

On Sun, 2021-07-25 at 10:52 +0300, Dov Murik wrote:
And I do have one question:
May I know what is criteria to put a SEV module to OvmfPkg\AmdSev
or OvmfPkg directly?

My original understanding is:
If a module is required by OvmfPkg{Ia32,Ia32X64,X64}.{dsc,fdf},
then it should be OvmfPkg.
If a module is only required by OvmfPkg\AmdSev\AmdSevX64.{dsc,fdf},
Then it should be in OvmfPkg\AmdSev.

Am I right?
I actually don't know the criteria. What you say sounds reasonable.
I'll also let James (who introduced the AmdSevX64 target) say what he
The original reason for the AmdSev package was actually for
attestation: The only way to get attested boot using a standard VM
image for SEV and SEV-ES was to pull grub inside the measurement
envelope and have a stripped down hard failing boot path, so if the key
didn't decode the encrypted boot volume for some reason, the whole
thing would fail without revealing the injected secret. This stripped
down hard failing boot path is much easier to construct as a separate

Essentially that means that lots of SEV exists outside the AmdSev
directory and things should only be in it if they're either modified to
support the encrypted volume boot path or are only required by it.
However, this ran into problems when it was decided AmdSev shouldn't
have it's own Library, so the modified boot path now lives in
OvmfPkg/Library/PlatformBootManagerLibGrub, so now it's unclear even to
me what the criteria are.


Join to automatically receive all group messages.