[edk2-devel] [PATCH 2/2] OvmfPkg/ResetVector: Exclude SEV launch secrets page from pre-validation
Gerd Hoffmann
kraxel at redhat.com
Thu Mar 31 07:49:00 UTC 2022
Hi,
> >>>>>> Check if that page is defined; if it is, skip it in the metadata
> >>>>>> list.
> >>>>>> In such case, VMM should fill the page with the hashes content, or
> >>>>>> explicitly update it as a zero page (if kernel hashes are not used).
> >>>>>
> >>>>> Is it an option to just skip the page unconditionally?
> >>>>>
> >>>>> I think in the OvmfPkgX64 build the page is not used, so it probably
> >>>>> doesn't matter whenever it is included or not, and it would make
> >>>>> things
> >>>>> a bit less confusing ...
> // The below address range was part of the SEV OVMF metadata, and range
> // should be pre-validated by the Hypervisor.
> {
> FixedPcdGet32 (PcdOvmfSecPageTablesBase),
> FixedPcdGet32 (PcdOvmfPeiMemFvBase),
> },
> As the comment says, it assumes the entire range
> from PcdOvmfSecPageTablesBase (= 0x800000)
> to PcdOvmfPeiMemFvBase (= 0x820000)
> is pre-validated by the Hypervisor.
>
> How will it know to actually validate that page at 0x80F000 ?
Probably it doesn't unless we split the entry into two, so we are
effectively trading making the reset vector more complicated vs.
making this list more complicated.
I guess it's not worth the trouble then.
Acked-by: Gerd Hoffmann <kraxel at redhat.com>
for or the original patch (and thanks for investigating).
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#88290): https://edk2.groups.io/g/devel/message/88290
Mute This Topic: https://groups.io/mt/90092199/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list