I strongly recommend to separate SEV and TDX in all context, if it is something SEV or TDX specific.
toggle quoted messageShow quoted text
Then each file has clear ownership.
If it is something generic for both SEV and TDX, it can in one file.
For example, SecPeiTempRam/SecPageTable can be in common file.
But SevSnpSecrets/GhcbBookkeeping should be in SEV file.
From: Gerd Hoffmann <firstname.lastname@example.org>
Sent: Thursday, September 23, 2021 4:48 PM
To: Xu, Min M <email@example.com>
Cc: firstname.lastname@example.org; Ard Biesheuvel <email@example.com>; Justen,
Jordan L <firstname.lastname@example.org>; Brijesh Singh <email@example.com>;
Erdem Aktas <firstname.lastname@example.org>; James Bottomley
<email@example.com>; Yao, Jiewen <firstname.lastname@example.org>; Tom Lendacky
Subject: Re: [PATCH V7 1/1] OvmfPkg: Enable TDX in ResetVector
On Thu, Sep 23, 2021 at 12:38:24AM +0000, Xu, Min M wrote:
On September 22, 2021 3:49 PM, Gerd Hoffmann wrote:
+%ifdef ARCH_X64This should be switched to common ovmf metadata (see patches 4-7 of the
+; TDX Metadata offset block
+; TdxMetadata.asm is included in ARCH_X64 because Inte TDX is only ;
+available in ARCH_X64. Below block describes the offset of ;
+TdxMetadata block in Ovmf image ; ; GUID :
+ DD tdxMetadataOffsetStart - TdxMetadataGuid - 16
+ DW tdxMetadataOffsetEnd - tdxMetadataOffsetStart
+ DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47
+ DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2
Min: please have a look at these patches.
Hi, GerdThat is the idea, yes.
I checked the patches 4-7 of the SEV-SNP series. The common
OvmfMetadata is designed for both SEV and TDX, right?
If so, then it means the SEV and TDX metadata will be mixed in thisYes.
I am thinking there will always be different fields forWe have different range types. OVMF_* are the common areas. SEV_* will
SEV and TDX. For example, SEV has PcdOvmfSecGhcbPageTable but TDX
doesn't need that page. If the common OvmfMetadata is consumed by
TDX-QEMU, then PcdOvmfSecGhcbPageTableBase will be initialized too.
That doesn't make sense.
be used by sev only, TDX_* will be used by tdx only. TDX and SEV
entries are allowed to overlap, i.e. PcdOvmfSecGhcbPageTableBase should
have some SEV_* type for sev (I think this needs fixing in the series),
and tdx can use the page for something else by adding an TDX_* entry for
the same range.
I am thinking that SEV and TDX can keep their own Metadata (inI'd very much prefer to have a single table to avoid duplication for the
separate files, SevMetadata.asm and TdxMetadata.asm) which are pointed
by the SEV or TDX offsets in the GUID-ed chain in ResetVector.
common memory areas and keep the reset vector small.
Having separate SevMetadata.asm + TdxMetadata.asm files (then have
OvmfMetadata.asm include these two) is an option. I think this isn't
needed, we can also just group the entries in OvmfMetadata.asm.
In this case, SEV and TDX can design their own metadata flexibly, forWhy have two ways to do the same thing?
example, the attribute, the item structure, add/remove/update the