[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF |
|
Date: |
Thu, 31 Mar 2022 10:00:41 +0100 |
|
User-agent: |
Mutt/2.1.5 (2021-12-30) |
On Thu, Mar 31, 2022 at 04:51:27PM +0800, Xiaoyao Li wrote:
> On 3/22/2022 5:27 PM, Daniel P. Berrangé wrote:
> ...
> > IMHO the AmdSev build for OVMF gets this right by entirely disabling
> > the split OVMF_CODE.fd vs OVMF_VARS.fd, and just having a single
> > OVMF.fd file that is exposed read-only to the guest.
> >
> > This is further represented in $QEMU.git/docs/interop/firmware.json
> > by marking the firmware as 'stateless', which apps like libvirt will
> > use to figure out what QEMU command line to pick.
>
> Hi Daniel,
>
> I don't play with AMD SEV and I'm not sure if AMD SEV requires only single
> OVMF.fd. But IIUC, from edk2
>
> commit 437eb3f7a8db ("OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash
> detection with SEV-ES")
>
> , AMD SEV(-ES) does support NVRAM via proactive VMGEXIT MMIO
> QemuFlashWrite(). If so, AMD SEV seems to be able to support split OVMF,
> right?
Note that while the traditional OvmfPkg build can be used with
SEV/SEV-ES, this is not viable for measured boot, as it uses
the NVRAM whose content is not measured.
I was specifically referring to the OvmfPkg/AmdSev build which
doesn't use seprate NVRAM, and has no variables persistence.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, (continued)
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Xiaoyao Li, 2022/03/24
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Gerd Hoffmann, 2022/03/24
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Xiaoyao Li, 2022/03/24
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Daniel P . Berrangé, 2022/03/24
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Daniel P . Berrangé, 2022/03/22
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Xiaoyao Li, 2022/03/31
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF,
Daniel P . Berrangé <=
- Re: [RFC PATCH v3 17/36] pflash_cfi01/tdx: Introduce ram_mode of pflash for TDVF, Xiaoyao Li, 2022/03/31
[RFC PATCH v3 18/36] i386/tdvf: Introduce function to parse TDVF metadata, Xiaoyao Li, 2022/03/17
[RFC PATCH v3 19/36] i386/tdx: Parse TDVF metadata for TDX VM, Xiaoyao Li, 2022/03/17
[RFC PATCH v3 20/36] i386/tdx: Get and store the mem_ptr of TDVF firmware, Xiaoyao Li, 2022/03/17
[RFC PATCH v3 21/36] i386/tdx: Track mem_ptr for each firmware entry of TDVF, Xiaoyao Li, 2022/03/17
[RFC PATCH v3 22/36] i386/tdx: Track RAM entries for TDX VM, Xiaoyao Li, 2022/03/17
[RFC PATCH v3 23/36] i386/tdx: Create the TD HOB list upon machine init done, Xiaoyao Li, 2022/03/17
[RFC PATCH v3 24/36] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu, Xiaoyao Li, 2022/03/17