[edk2-devel] [PATCH 07/23] MdePkg: Update BaseIoLibIntrinsicSev to support Tdx

Wed Aug 18 05:54:48 UTC 2021

On August 17, 2021 4:38 PM, Gerd Hoffmann wrote:
> 
>   Hi,
> 
> > In the I/O functions of above files, if IsTdxGuest() returns TRUE,
> > then Td I/O routine is called, otherwise the legacy I/O routine is called.
> > Td I/O routines are declared in IoLibTdx.h and implemented in
> > IoLibInternalTdx.c.
> 
> Sorry, I'm a bit late to the party, but what is the overall long plan here?
>
Yes there are discussions about the TDVF (Trust Domain Virtual Firmware).
https://edk2.groups.io/g/devel/topic/83283616#76022
The design slides and recorded meeting are in below link:
https://edk2.groups.io/g/devel/files/Designs/2021/0611

> 
> IIRC some of the TDX features require a separate firmware binary.  So, if we
> need a separate binary anyway at some point in the future, isn't it simpler then
> to use a separate firmware binary right from the start?
> 
> You can simply add a Tdx-specific variant of the library
> (BaseIoLibIntrinsicTdx.inf) and switch at compile time instead of having runtime
> switches all over the place.
> 
TDVF has 2 Config for upstream. See https://edk2.groups.io/g/devel/message/76367
Config-A merge the *basic* TDVF features to existing OvmfX64Pkg.dsc. (Align with existing SEV).
OvmfX64Pkg.dsc includes SEV/TDX/normal OVMF basic boot capability. The final binary can run on SEV/TDX/normal OVMF
So we have to probe the Td guest in run-time and switch to the corresponding I/O routine.
The solution of using a separate firmware binary is not feasible in this situation.

Thanks.
Min

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79469): https://edk2.groups.io/g/devel/message/79469
Mute This Topic: https://groups.io/mt/84837896/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-