[edk2-devel] [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support

Min Xu min.m.xu at intel.com
Thu Sep 9 00:31:05 UTC 2021 

On September 9, 2021 3:46 AM, Brijesh Singh wrote:
> 
> Thank you so much Yao for reviewing the patches. Based on some comments
> from Gerd I may update code around the reset vector area (mainly use the
> metadata format etc). For your comments regarding the introducing a new
> PcdConfidentialComputingCategory I will look to see what I can come up with
> and in UefiCpuPkg I will try to move all the SEV specific functions in new files
> (where applicable).
> 
Hi, Brijesh
if you are considering to introduce a new PcdConfidentialComputingCategory
as Jiewen suggested below:
> >
> > 0008-UefiCpuPkg-Define-the-SEV-SNP-specific-dynamic-PCDs
> > I really don't like the idea to use BOOL PcdSevEsIsEnabled and
> PcdSevSnpIsEnabled.
> > Can we define *one* PCD - such as PcdConfidentialComputingCategory?
> > We can assign range 0x0000~0xFFFF to AMD SEV, 0x10000~0x1FFFF to Intel
> TDX.
> > Then SEV=0x0000, SEV-ES=0x0001, SEV-SNP=0x0002, and TDX=0x10000
> later.
> > I really don't want to keep adding PCD endlessly in the future, like
> PcdSevXXXIsEnabled, PcdSevYYYIsEnabled, PcdTdxIsEnabled,
> PcdTdx20Enabled, PcdTdx30Enabled, ......
> >
I also have some suggestions.

As we have below definition in WorkArea.h
  typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER {
    UINT8                   GuestType;
    UINT8                   Reserved1[3];
  } CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER;

Can we update above CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER to below:
  typedef struct _CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER {
    UINT8                   GuestType;
    UINT8                   SubType;               // subtype which indicates SEV-ES, SEV-NP, or TDX 1.0, TDX 2.0 etc.
    UINT8                   Reserved1[2];
  } CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER;

The PcdConfidentialComputingCategory can be defined as UINT32, like below:
  ## This dynamic PCD indicates the Confidential Computing Category
  #  [7:0]   Confidential Computing Category  (0 - Non-Cc, 1 - AmdSev, 2 - IntelTdx)
  #  [15:8]  Sub-Category (defined by each vendor, SEV-ES, SEV-SNP, or TDX-1.0, TDX-2.0, etc)
  #  [31:16] Reserved
  # @Prompt Confidential Computing Category
  gUefiCpuPkgTokenSpaceGuid.PcdConfidentialComputingCategory|0|UINT32|0x60000018

So that we simply copy the CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER to PcdConfidentialComputingCategory.
What's your thought?

Thanks!
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80390): https://edk2.groups.io/g/devel/message/80390
Mute This Topic: https://groups.io/mt/85306653/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list