Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OvmfPkg: Use TdHob instead of e820tables to get memory info in TDVF #6114

Merged
merged 2 commits into from
Sep 3, 2024

Conversation

sunceping
Copy link
Contributor

Currently, TDVF gets LowMemory and FistNonAddress from the e820tables
via fw_cfg, while TD-Hob can also provide the memory info of LowMemory
and FistNonAddress.

In current stage e820tables are not measured but TD-Hob is measured in
early phase by TDVF.

So, from the security perspective we'd better use the information from
TD-Hob instead of e820tables.

Cc: Erdem Aktas erdemaktas@google.com
Cc: Jiewen Yao jiewen.yao@intel.com
Cc: Min Xu min.m.xu@intel.com
Cc: Gerd Hoffmann kraxel@redhat.com
Cc: Elena Reshetova elena.reshetova@intel.com
Signed-off-by: Ceping Sun cepingx.sun@intel.com

Description

<Include a description of the change and why this change was made.>

<For each item, place an "x" in between [ and ] if true. Example: [x] (you can also check items in GitHub UI)>

<Create the PR as a Draft PR if it is only created to run CI checks.>

<Delete lines in <> tags before creating the PR.>

  • Breaking change?
    • Breaking change - Does this PR cause a break in build or boot behavior?
    • Examples: Does it add a new library class or move a module to a different repo.
  • Impacts security?
    • Security - Does this PR have a direct security impact?
    • Examples: Crypto algorithm change or buffer overflow fix.
  • Includes tests?
    • Tests - Does this PR include any explicit test code?
    • Examples: Unit tests or integration tests.

How This Was Tested

<Describe the test(s) that were run to verify the changes.>

Integration Instructions

<Describe how these changes should be integrated. Use N/A if nothing is required.>

@sunceping sunceping marked this pull request as ready for review August 27, 2024 08:19
@kraxel
Copy link
Member

kraxel commented Aug 27, 2024

Yes, the PlatformReservationConflict should not be needed when running on TDX:

For memory detection I'd suggest to use the cloud hypervisor idea, see PlatformScanE820Pvh. Have a relatively small helper function which reads the tdx hob, translates the entries to e820, goes call the callback with that. Should make the patch much smaller.

@sunceping sunceping force-pushed the TdhobinsteadofE820.v1 branch from 1a1f653 to 80c26e9 Compare August 28, 2024 07:31
@sunceping
Copy link
Contributor Author

For memory detection I'd suggest to use the cloud hypervisor idea, see PlatformScanE820Pvh. Have a relatively small helper function which reads the tdx hob, translates the entries to e820, goes call the callback with that. Should make the patch much smaller.

Thanks, now updated.

Currently, TDVF gets LowMemory and FistNonAddress from the e820tables
via fw_cfg, while TD-Hob can also provide the memory info of LowMemory
and FistNonAddress.

In current stage e820tables are not measured but TD-Hob is measured in
early phase by TDVF.

So, from the security perspective we'd better use the information from
TD-Hob instead of e820tables.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
@sunceping sunceping force-pushed the TdhobinsteadofE820.v1 branch from 80c26e9 to 43b7325 Compare September 2, 2024 08:23
@kraxel
Copy link
Member

kraxel commented Sep 2, 2024

Patch #1 looks good to me.
Patch #2 should not be needed any more due to patch #1 switching PlatformScanE820 to NOT use fw_cfg on TDX.

@sunceping sunceping force-pushed the TdhobinsteadofE820.v1 branch from 43b7325 to 11ccf9d Compare September 3, 2024 05:12
@sunceping
Copy link
Contributor Author

Patch #1 looks good to me. Patch #2 should not be needed any more due to patch #1 switching PlatformScanE820 to NOT use fw_cfg on TDX.

Thanks, patch 2 has now been removed.

@sunceping sunceping requested a review from kraxel September 3, 2024 06:48
@ardbiesheuvel ardbiesheuvel added the push Auto push patch series in PR if all checks pass label Sep 3, 2024
@mergify mergify bot merged commit d997d3c into tianocore:master Sep 3, 2024
126 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
push Auto push patch series in PR if all checks pass
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants