[edk2-devel] [RFC PATCH v5 00/28] Add AMD Secure Nested Paging (SEV-SNP) support

[Gerd Hoffmann]

  Hi,

[ /me reading through a bunch of old threads .... ]

> Many of the integrity guarantees of SEV-SNP are enforced through a new
> structure called the Reverse Map Table (RMP). Adding a new page to SEV-SNP
> VM requires a 2-step process. First, the hypervisor assigns a page to the
> guest using the new RMPUPDATE instruction. This transitions the page to
> guest-invalid. Second, the guest validates the page using the new PVALIDATE
> instruction.

Intel TDX names this "accepting pages", but it is basically the same
concept, correct?

If so I see opportunities to share code here.  The problem of tracking
which pages are validated/accepted and which are not should be the same
for both TDX and SEV-SNP.  The overall workflow (which phase
validates/accepts which pages etc.) should be identical too.

> At this time we only support the pre-validation. OVMF detects all the available
> system RAM in the PEI phase. When SEV-SNP is enabled, the memory is validated
> before it is made available to the EDK2 core.

How do you detect memory?  Intel wants pass a hob with a memory map (and
possibly more config info) to the early boot code, and I'm wondering why
TDX needs that while SEV-SNP apparently doesn't (at least I havn't
noticed anything similar while going over the patches quickly).

thanks,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79883): https://edk2.groups.io/g/devel/message/79883
Mute This Topic: https://groups.io/mt/83891508/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-