[edk2-devel] [PATCH 08/10] OvmfPkg: Update Sec to support Tdvf Config-B
Gerd Hoffmann
kraxel at redhat.com
Mon Dec 20 12:11:45 UTC 2021
Hi,
> > Why? Booting non-tdx guests without PEI shouldn't be fundamentally
> > different from a TDX guest. Memory detection needs fw_cfg instead of the
> > td_hob, and you have to skip some tdx setup steps, but that should be it.
> > Code for all that exists in PlatformPei, it only needs to be moved to a place
> > where SEC can use it too.
> We would like to split TDVF Config-B into below stages.
> 1. Basic Config-B (wave-3)
> 1.1 A standalone IntelTdxX64.dsc/.fdf. Un-used drivers/libs are removed from the fdf, such as network components, SMM drivers, TPM drivers, etc.
> 1.2 PEI FV is excluded from the build. Only DxeFV is included.
> 1.3 Since PEI FV is excluded from the build, so Basic Config-B can only bring up Tdx guest. It *CAN NOT* bring up legacy guest.
What blocks legacy guest bringup?
See above, I think it should not be hard to do, and given that
TDX-capable hardware is not yet production ready I find it rather
important that testing the PEI-less boot workflow does not require
TDX.
It'll also make it much easier to add CI coverage.
> 3.1 Add *basic* Ovmf feature without PEI, to achieve *ONE Binary* goal. (here basic means S3 is not supported without PEI)
Sure, pei-less ovmf has to drop some features, that is perfectly fine.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#85106): https://edk2.groups.io/g/devel/message/85106
Mute This Topic: https://groups.io/mt/87720802/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list