<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Tom,<div class=""><br class=""></div><div class="">The phases are defined by the UEFI Platform Initialization Specification [1] (PI Spec). Basically the UEFI Specification defines how to write EFI OS Loaders and Option ROMs and EFI is just defined in the context of how EFI services are passed into applications or drivers. The UEFI Platform Initialization Specification is how to write modular bits of the firmware that interoperate. So all PI systems produce UEFI, but not all UEFI systems are built out of PI. There are also some schemes that use the early parts of PI, but not all of it but this is confusing enough without talking about that. </div><div class=""><br class=""></div><div class="">[1] <a href="https://uefi.org/specifications" class="">https://uefi.org/specifications</a></div><div class=""><br class=""><div class="">Thanks,</div><div class=""><br class=""></div><div class="">Andrew Fish</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Apr 21, 2021, at 7:09 AM, Andrew Fish via <a href="http://groups.io" class="">groups.io</a> <<a href="mailto:afish=apple.com@groups.io" class="">afish=apple.com@groups.io</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><a href="https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://edk2-docs.gitbook.io/edk-ii-build-specification/2_design_discussion/23_boot_sequence</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div dir="ltr" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""></div><div dir="ltr" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br class=""><blockquote type="cite" class="">On Apr 20, 2021, at 11:34 PM, Eric van Tassell <<a href="mailto:evantass@amd.com" class="">evantass@amd.com</a>> wrote:<br class=""><br class=""></blockquote></div><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div dir="ltr" class=""><span class=""></span><br class=""><span class=""></span><br class=""><span class="">On 4/20/21 5:54 PM, Tom Lendacky wrote:</span><br class=""><blockquote type="cite" class=""><span class="">From: Tom Lendacky <<a href="mailto:thomas.lendacky@amd.com" class="">thomas.lendacky@amd.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">BZ: <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=3345" class="">https://bugzilla.tianocore.org/show_bug.cgi?id=3345</a></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">The TPM support in OVMF performs MMIO accesses during the PEI phase. At</span><br class=""></blockquote><span class=""></span><br class=""><span class="">where are the phases defined and how many other are there?</span><br class=""><span class=""></span><br class=""><blockquote type="cite" class=""><span class="">this point, MMIO ranges have not been marked un-encyrpted, so an SEV-ES</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">guest will fail attempting to perform MMIO to an encrypted address.</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Read the PcdTpmBaseAddress and mark the specification defined range</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">(0x5000 in length) as un-encrypted, to allow an SEV-ES guest to process</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">the MMIO requests.</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: Laszlo Ersek <<a href="mailto:lersek@redhat.com" class="">lersek@redhat.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: Ard Biesheuvel <<a href="mailto:ardb+tianocore@kernel.org" class="">ardb+tianocore@kernel.org</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: Jordan Justen <<a href="mailto:jordan.l.justen@intel.com" class="">jordan.l.justen@intel.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: Brijesh Singh <<a href="mailto:brijesh.singh@amd.com" class="">brijesh.singh@amd.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: James Bottomley <<a href="mailto:jejb@linux.ibm.com" class="">jejb@linux.ibm.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: Jiewen Yao <<a href="mailto:jiewen.yao@intel.com" class="">jiewen.yao@intel.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Cc: Min Xu <<a href="mailto:min.m.xu@intel.com" class="">min.m.xu@intel.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">Signed-off-by: Tom Lendacky <<a href="mailto:thomas.lendacky@amd.com" class="">thomas.lendacky@amd.com</a>></span><br class=""></blockquote><blockquote type="cite" class=""><span class="">---</span><br class=""></blockquote><blockquote type="cite" class=""><span class=""> OvmfPkg/PlatformPei/PlatformPei.inf |  1 +</span><br class=""></blockquote><blockquote type="cite" class=""><span class=""> OvmfPkg/PlatformPei/AmdSev.c        | 19 +++++++++++++++++++</span><br class=""></blockquote><blockquote type="cite" class=""><span class=""> 2 files changed, 20 insertions(+)</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">index 6ef77ba7bb21..de60332e9390 100644</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">--- a/OvmfPkg/PlatformPei/PlatformPei.inf</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+++ b/OvmfPkg/PlatformPei/PlatformPei.inf</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">@@ -113,6 +113,7 @@ [Pcd]</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   [FixedPcd]</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">index dddffdebda4b..d524929f9e10 100644</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">--- a/OvmfPkg/PlatformPei/AmdSev.c</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+++ b/OvmfPkg/PlatformPei/AmdSev.c</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">@@ -141,6 +141,7 @@ AmdSevInitialize (</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   )</span><br class=""></blockquote><blockquote type="cite" class=""><span class=""> {</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   UINT64                            EncryptionMask;</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  UINT64                            TpmBaseAddress;</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   RETURN_STATUS                     PcdStatus;</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">     //</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">@@ -206,6 +207,24 @@ AmdSevInitialize (</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">     }</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   }</span><br class=""></blockquote><blockquote type="cite" class=""><span class=""> +  //</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  // PEI TPM support will perform MMIO accesses, be sure this range is not</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  // marked encrypted.</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  //</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  TpmBaseAddress = PcdGet64 (PcdTpmBaseAddress);</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  if (TpmBaseAddress != 0) {</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+    RETURN_STATUS  DecryptStatus;</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+    DecryptStatus = MemEncryptSevClearPageEncMask (</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+                      0,</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+                      TpmBaseAddress,</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+                      EFI_SIZE_TO_PAGES (0x5000),</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+                      FALSE</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+                      );</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+    ASSERT_RETURN_ERROR (DecryptStatus);</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+  }</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">+</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   //</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   // Check and perform SEV-ES initialization if required.</span><br class=""></blockquote><blockquote type="cite" class=""><span class="">   //</span><br class=""></blockquote><span class=""></span><br class=""><span class=""></span><br class=""><span class=""></span><br class=""><span class=""></span><br class=""><span class=""></span><br class=""></div></blockquote></div></blockquote></div><br class=""></div></div></body></html>


 <div width="1" style="color:white;clear:both">_._,_._,_</div> <hr>   Groups.io Links:<p>   You receive all messages sent to this group.    <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/74337">View/Reply Online (#74337)</a> |    |  <a target="_blank" href="https://groups.io/mt/82247968/1813853">Mute This Topic</a>  | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br>    <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> |  <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a>  [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>