[edk2-devel] [PATCH v12 20/32] MdePkg: Define ConfidentialComputingGuestAttr

Brijesh Singh via groups.io brijesh.singh=amd.com at groups.io
Thu Nov 11 17:07:46 UTC 2021 

Hi Ray,

On 11/11/21 8:00 AM, Ni, Ray wrote:
> I don't prefer to use a dynamic PCD for passing data.
> 
> Because developers don't know when this PCD value is finalized (PCD always has a default value).
> 
> If the value is determined in PEI and consumed in DXE, HOB is a better choice.
> If the value is determined in PEI and consumed in PEI, PPI is a better choice. (you can use PPI depex)
> If the value is determined in DXE and consumed in DXE, Protocol is a better choice. (You can use Protocol depex)
> 

I wish you had raised your concerns early to avoid going in this PCD 
direction. The PCD approach was discussed some time back. Both the 
SEV-SNP and TDX patches are dependent on it.

Having said so, if your preference is not to use the PCD, then it can be 
done after SNP and TDX patches are merged.

Jiewen/Min/Gerd thoughts?

thanks

> -----Original Message-----
> From: Brijesh Singh <brijesh.singh at amd.com>
> Sent: Thursday, November 11, 2021 6:15 AM
> To: devel at edk2.groups.io
> Cc: James Bottomley <jejb at linux.ibm.com>; Xu, Min M <min.m.xu at intel.com>; Yao, Jiewen <jiewen.yao at intel.com>; Tom Lendacky <thomas.lendacky at amd.com>; Justen, Jordan L <jordan.l.justen at intel.com>; Ard Biesheuvel <ardb+tianocore at kernel.org>; Erdem Aktas <erdemaktas at google.com>; Michael Roth <Michael.Roth at amd.com>; Gerd Hoffmann <kraxel at redhat.com>; Kinney, Michael D <michael.d.kinney at intel.com>; Liming Gao <gaoliming at byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu at intel.com>; Ni, Ray <ray.ni at intel.com>; Kumar, Rahul1 <rahul1.kumar at intel.com>; Dong, Eric <eric.dong at intel.com>; Brijesh Singh <brijesh.singh at amd.com>; Michael Roth <michael.roth at amd.com>
> Subject: [PATCH v12 20/32] MdePkg: Define ConfidentialComputingGuestAttr
> 
> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7C40483d937fa84cebe69908d9a51b9afd%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637722360254370524%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EtT7bzDCZxsMA9sTCqISftp62QbezdoSf4k2eCfZsws%3D&reserved=0
> 
> While initializing APs, the MpInitLib may need to know whether the guest is running with active AMD SEV or Intel TDX memory encryption.
> 
> Add a new ConfidentialComputingGuestAttr PCD that can be used to query the memory encryption attribute.
> 
> Cc: Michael D Kinney <michael.d.kinney at intel.com>
> Cc: Liming Gao <gaoliming at byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu at intel.com>
> Cc: Michael Roth <michael.roth at amd.com>
> Cc: Ray Ni <ray.ni at intel.com>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: James Bottomley <jejb at linux.ibm.com>
> Cc: Min Xu <min.m.xu at intel.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Tom Lendacky <thomas.lendacky at amd.com>
> Cc: Jordan Justen <jordan.l.justen at intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
> Cc: Erdem Aktas <erdemaktas at google.com>
> Cc: Gerd Hoffmann <kraxel at redhat.com>
> Suggested-by: Jiewen Yao <jiewen.yao at intel.com>
> Acked-by: Gerd Hoffmann <kraxel at redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
> ---
>   MdePkg/MdePkg.dec                             |  4 +++
>   .../Include/ConfidentialComputingGuestAttr.h  | 25 +++++++++++++++++++
>   2 files changed, 29 insertions(+)
>   create mode 100644 MdePkg/Include/ConfidentialComputingGuestAttr.h
> 
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 8b18415b107a..cd903c35d2ff 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -2396,5 +2396,9 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>     # @Prompt FSB Clock.
>     gEfiMdePkgTokenSpaceGuid.PcdFSBClock|200000000|UINT32|0x0000000c
>   
> +  ## This dynamic PCD indicates the memory encryption attribute of the guest.
> +  # @Prompt Memory encryption attribute
> + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0|UINT64|0x
> + 0000002e
> +
>   [UserExtensions.TianoCore."ExtraFiles"]
>     MdePkgExtra.uni
> diff --git a/MdePkg/Include/ConfidentialComputingGuestAttr.h b/MdePkg/Include/ConfidentialComputingGuestAttr.h
> new file mode 100644
> index 000000000000..495b0df0ac33
> --- /dev/null
> +++ b/MdePkg/Include/ConfidentialComputingGuestAttr.h
> @@ -0,0 +1,25 @@
> +/** @file
> +Definitions for Confidential Computing Attribute
> +
> +Copyright (c) 2021 AMD Inc. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
> +#define CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
> +
> +typedef enum {
> +  /* The guest is running with memory encryption disabled. */
> +  CCAttrNotEncrypted = 0,
> +
> +  /* The guest is running with AMD SEV memory encryption enabled. */
> +  CCAttrAmdSev      = 0x100,
> +  CCAttrAmdSevEs    = 0x101,
> +  CCAttrAmdSevSnp   = 0x102,
> +
> +  /* The guest is running with Intel TDX memory encryption enabled. */
> +  CCAttrIntelTdx    = 0x200,
> +} CONFIDENTIAL_COMPUTING_GUEST_ATTR;
> +
> +#endif
> --
> 2.25.1
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83656): https://edk2.groups.io/g/devel/message/83656
Mute This Topic: https://groups.io/mt/86969144/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list