[edk2-devel] [RFC PATCH v5 00/28] Add AMD Secure Nested Paging (SEV-SNP) support
Gerd Hoffmann
kraxel at redhat.com
Fri Aug 27 07:33:34 UTC 2021
Hi,
[ /me reading through a bunch of old threads .... ]
> Many of the integrity guarantees of SEV-SNP are enforced through a new
> structure called the Reverse Map Table (RMP). Adding a new page to SEV-SNP
> VM requires a 2-step process. First, the hypervisor assigns a page to the
> guest using the new RMPUPDATE instruction. This transitions the page to
> guest-invalid. Second, the guest validates the page using the new PVALIDATE
> instruction.
Intel TDX names this "accepting pages", but it is basically the same
concept, correct?
If so I see opportunities to share code here. The problem of tracking
which pages are validated/accepted and which are not should be the same
for both TDX and SEV-SNP. The overall workflow (which phase
validates/accepts which pages etc.) should be identical too.
> At this time we only support the pre-validation. OVMF detects all the available
> system RAM in the PEI phase. When SEV-SNP is enabled, the memory is validated
> before it is made available to the EDK2 core.
How do you detect memory? Intel wants pass a hob with a memory map (and
possibly more config info) to the early boot code, and I'm wondering why
TDX needs that while SEV-SNP apparently doesn't (at least I havn't
noticed anything similar while going over the patches quickly).
thanks,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79883): https://edk2.groups.io/g/devel/message/79883
Mute This Topic: https://groups.io/mt/83891508/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list