[edk2-devel] [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c
Gerd Hoffmann
kraxel at redhat.com
Fri Aug 20 07:22:53 UTC 2021
On Thu, Aug 19, 2021 at 02:27:16PM +0000, Min Xu wrote:
> On August 19, 2021 2:50 PM, Gerd Hoffmann wrote:
> > > +/**
> > > + In Tdx guest, some information need to be passed from host VMM to
> > guest
> > > + firmware. For example, the memory resource, etc. These information are
> > > + prepared by host VMM and put in HobList which is described in
> > TdxMetadata.
> >
> > What kind of information is passed to the guest here?
> Please see https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
> Section 4.2 TD Hand-Off Block (HOB)
So basically the physical memory map.
qemu has etc/e820 for that.
> > qemu has fw_cfg to pass information from the VMM to the guest firmware.
> > What are the reasons to not use fw_cfg?
> Not all the VMM support fw_cfg. Cloud-Hypervisor is the example.
I can't see any support for Cloud-Hypervisor in OVMF.
Also FreeBSD's bhyve doesn't support fw_cfg either and has its own
ways to detect memory. Cloud-Hypervisor can surely do that too.
So, why does this matter?
> https://github.com/cloud-hypervisor/cloud-hypervisor
> TD Hob list gives Cloud-Hypervisor a chance to pass information to guest firmware.
> For example, ACPI can be downloaded from QEMU via fw_cfg to firmware. But
> Cloud-Hypervisor cannot pass ACPI via fw_cfg. In this situation, TD Hob can resolve
> this problem.
Sure, but again, why does this matter? For qemu?
I don't like the idea to have TDX take a completely different code paths.
That increases the code complexity and makes testing harder for no good
reason.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79634): https://edk2.groups.io/g/devel/message/79634
Mute This Topic: https://groups.io/mt/84837914/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list