Re: [PATCH v9 0/4] Add safe unaccepted memory behavior


Ard Biesheuvel
 

On Wed, 25 Jan 2023 at 13:10, Gerd Hoffmann <kraxel@...> wrote:

On Wed, Jan 25, 2023 at 12:44:13PM +0100, Ard Biesheuvel wrote:
On Wed, 25 Jan 2023 at 10:18, Gerd Hoffmann <kraxel@...> wrote:

On Wed, Jan 25, 2023 at 10:01:47AM +0100, Ard Biesheuvel wrote:

Exactly. And my Fedora kernel has those bits enabled by default.

So I suppose the way forward here is to expose this protocol only on
OVMF builds that target SEV-SNP, instead of introducing it as a
generic CoCo feature.
OVMF builds already adapt at runtime, so this needs to be a runtime
check too. But IIRC the module already checks whenever SNP-SEV or TDX
is active before installing, so we only need to tweak that check to drop
the TDX check.
Sure. But Dionna's series introduces a new CocoDxe driver that is
intended to carry shared logic, but we should probably add this stuff
to AmdSevDxe instead.
OvmfPkgX64.dsc can run in SEV/TDX modes too, so it is needed there as
well. We can probably leave it out from IntelTdx (assuming Intel's
upstream merge plans work out as expected and tdx-guest + unaccepted
memory actually land in the same kernel release).
OvmfPkgX64.dsc already incorporates AmdSevDxe, as do a few other
platforms, so adding it there is still fine afaict.

Join devel@edk2.groups.io to automatically receive all group messages.