Tom: One build issue is found with CLANGPDB and XCODE tool chain. BZ has been submitted https://bugzilla.tianocore.org/show_bug.cgi?id=2901. Can you fix it for this stable tag?
Thanks Liming > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Lendacky, > Thomas > Sent: Tuesday, August 18, 2020 1:56 AM > To: Laszlo Ersek <ler...@redhat.com>; Gao, Liming <liming....@intel.com>; > devel@edk2.groups.io > Cc: Brijesh Singh <brijesh.si...@amd.com>; Ard Biesheuvel > <ard.biesheu...@arm.com>; Dong, Eric <eric.d...@intel.com>; Justen, > Jordan L <jordan.l.jus...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Ni, Ray <ray...@intel.com>; Andrew Fish > <af...@apple.com>; Anthony Perard <anthony.per...@citrix.com>; You, Benjamin > <benjamin....@intel.com>; Bi, Dandan > <dandan...@intel.com>; Dong, Guo <guo.d...@intel.com>; Wu, Hao A > <hao.a...@intel.com>; Wang, Jian J <jian.j.w...@intel.com>; > Julien Grall <jul...@xen.org>; Leif Lindholm <l...@nuviainc.com>; Ma, Maurice > <maurice...@intel.com> > Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support > > Yes, a big thank you to everyone involved! > > Tom > > On 8/17/20 12:03 PM, Laszlo Ersek wrote: > > On 08/17/20 06:09, Gao, Liming wrote: > >> This patch set have been merged edk2 > 7f7f511c5a74676523ed48435350f6e35282b62b..7f0b28415cb464832155d5b3ff6eb63612f58645 > > > > Thank you! > > Laszlo > > > >> -----Original Message----- > >> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Liming Gao > >> Sent: 2020年8月14日 9:20 > >> To: Laszlo Ersek <ler...@redhat.com>; Tom Lendacky > >> <thomas.lenda...@amd.com>; devel@edk2.groups.io > >> Cc: Brijesh Singh <brijesh.si...@amd.com>; Ard Biesheuvel > >> <ard.biesheu...@arm.com>; Dong, Eric <eric.d...@intel.com>; Justen, > Jordan L <jordan.l.jus...@intel.com>; Kinney, Michael D > <michael.d.kin...@intel.com>; Ni, Ray <ray...@intel.com>; Andrew Fish > <af...@apple.com>; Anthony Perard <anthony.per...@citrix.com>; You, Benjamin > <benjamin....@intel.com>; Bi, Dandan > <dandan...@intel.com>; Dong, Guo <guo.d...@intel.com>; Wu, Hao A > <hao.a...@intel.com>; Wang, Jian J <jian.j.w...@intel.com>; > Julien Grall <jul...@xen.org>; Leif Lindholm <l...@nuviainc.com>; Ma, Maurice > <maurice...@intel.com> > >> Subject: Re: [edk2-devel] [PATCH v15 00/46] SEV-ES guest support > >> > >> Laszlo: > >> > >> -----Original Message----- > >> From: Laszlo Ersek <ler...@redhat.com> > >> Sent: 2020年8月14日 3:54 > >> To: Tom Lendacky <thomas.lenda...@amd.com>; devel@edk2.groups.io > >> Cc: Brijesh Singh <brijesh.si...@amd.com>; Ard Biesheuvel > >> <ard.biesheu...@arm.com>; Dong, Eric <eric.d...@intel.com>; Justen, > Jordan L <jordan.l.jus...@intel.com>; Gao, Liming <liming....@intel.com>; > Kinney, Michael D <michael.d.kin...@intel.com>; Ni, Ray > <ray...@intel.com>; Andrew Fish <af...@apple.com>; Anthony Perard > <anthony.per...@citrix.com>; You, Benjamin > <benjamin....@intel.com>; Bi, Dandan <dandan...@intel.com>; Dong, Guo > <guo.d...@intel.com>; Wu, Hao A > <hao.a...@intel.com>; Wang, Jian J <jian.j.w...@intel.com>; Julien Grall > <jul...@xen.org>; Leif Lindholm <l...@nuviainc.com>; Ma, > Maurice <maurice...@intel.com> > >> Subject: Re: [PATCH v15 00/46] SEV-ES guest support > >> > >> On 08/13/20 15:22, Tom Lendacky wrote: > >>> From: Tom Lendacky <thomas.lenda...@amd.com> > >>> > >>> This patch series provides support for running EDK2/OVMF under SEV-ES. > >>> > >>> Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on > >>> the SEV support to protect the guest register state from the > >>> hypervisor. See > >>> "AMD64 Architecture Programmer's Manual Volume 2: System Programming", > >>> section "15.35 Encrypted State (SEV-ES)" [1]. > >>> > >>> In order to allow a hypervisor to perform functions on behalf of a > >>> guest, there is architectural support for notifying a guest's > >>> operating system when certain types of VMEXITs are about to occur. > >>> This allows the guest to selectively share information with the > >>> hypervisor to satisfy the requested function. The notification is > >>> performed using a new exception, the VMM Communication exception > >>> (#VC). The information is shared through the Guest-Hypervisor > >>> Communication Block (GHCB) using the VMGEXIT instruction. > >>> The GHCB format and the protocol for using it is documented in "SEV-ES > >>> Guest-Hypervisor Communication Block Standardization" [2]. > >>> > >>> The main areas of the EDK2 code that are updated to support SEV-ES are > >>> around the exception handling support and the AP boot support. > >>> > >>> Exception support is required starting in Sec, continuing through Pei > >>> and into Dxe in order to handle #VC exceptions that are generated. > >>> Each AP requires it's own GHCB page as well as a page to hold values > >>> specific to that AP. > >>> > >>> AP booting poses some interesting challenges. The INIT-SIPI-SIPI > >>> sequence is typically used to boot the APs. However, the hypervisor is > >>> not allowed to update the guest registers. The GHCB document [2] talks > >>> about how SMP booting under SEV-ES is performed. > >>> > >>> Since the GHCB page must be a shared (unencrypted) page, the processor > >>> must be running in long mode in order for the guest and hypervisor to > >>> communicate with each other. As a result, SEV-ES is only supported > >>> under the X64 architecture. > >>> > >>> This series adds a new library requirement for the VmgExitLib library > >>> against the UefiCpuPkg CpuExceptionHandlerLib library and the > >>> UefiCpuPkg MpInitLib library. The edk2-platforms repo requires > >>> updates/patches to add the new library requirement. To accomodate > >>> that, this series could be split between: > >>> > >>> patch number 10: > >>> UefiPayloadPkg: Prepare UefiPayloadPkg to use the VmgExitLib library > >>> > >>> and patch number 11: > >>> UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC > >>> exception > >>> > >>> The updates to edk2-platforms can be applied at the split. > >>> > >>> [1] > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf& > amp;data=02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b45410108d842cf75d6%7C3dd8961fe4884e608e11a82d994e1 > 83d%7C0%7C0%7C637332807380740132&sdata=2%2BQLHjbgwrn8p0ac7MCq17nwSZ%2BqEEadZk9yhTDUlPg%3D&reserved= > 0 > >>> [2] > >>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.amd.com%2Fwp- > content%2Fresources%2F56421.pdf&data=02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b45410108d842cf75d6% > 7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637332807380740132&sdata=mz43rsp%2F9py2d5eWmimrC9HilcF8pnbEK > hkbJzJ%2BP40%3D&reserved=0 > >>> > >>> --- > >>> > >>> These patches are based on commit: > >>> 65904cdbb33c ("UefiCpuPkg/MtrrLibUnitTest: Change to use static array > >>> for CI test") > >>> > >>> A version of the tree can be found at: > >>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAMDESE%2Fovmf%2Ftree%2Fsev-es- > v24&data=02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b45410108d842cf75d6%7C3dd8961fe4884e608e11a82d9 > 94e183d%7C0%7C0%7C637332807380740132&sdata=JglZJ9Ts5ZmFLLYQYb1iIBcY1HWXh6UosOh%2BtSjFm5Q%3D&reserved=0 > >>> > >>> Cc: Andrew Fish <af...@apple.com> > >>> Cc: Anthony Perard <anthony.per...@citrix.com> > >>> Cc: Ard Biesheuvel <ard.biesheu...@arm.com> > >>> Cc: Benjamin You <benjamin....@intel.com> > >>> Cc: Dandan Bi <dandan...@intel.com> > >>> Cc: Eric Dong <eric.d...@intel.com> > >>> Cc: Guo Dong <guo.d...@intel.com> > >>> Cc: Hao A Wu <hao.a...@intel.com> > >>> Cc: Jian J Wang <jian.j.w...@intel.com> > >>> Cc: Jordan Justen <jordan.l.jus...@intel.com> > >>> Cc: Julien Grall <jul...@xen.org> > >>> Cc: Laszlo Ersek <ler...@redhat.com> > >>> Cc: Leif Lindholm <l...@nuviainc.com> > >>> Cc: Liming Gao <liming....@intel.com> > >>> Cc: Maurice Ma <maurice...@intel.com> > >>> Cc: Michael D Kinney <michael.d.kin...@intel.com> > >>> Cc: Ray Ni <ray...@intel.com> > >>> > >>> Changes since v14: > >>> - Address ECC errors > >>> - Fix non-boolean comparison to use a comparison operator > >>> - Separate declaration and initialization of variables > >>> - Add period to first line of block comments > >>> - Split single-line multiple declaration into multiple lines > >> > >> The changes look good to me, thanks! > >> > >> In this particular case, the updates do not invalidate my > >> "Regression-tested-by" given under v14: > >> > >> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F63921&data > =02%7C01%7Cthomas.lendacky%40amd.com%7C9f8ac7054fe14b45410108d842cf75d6%7C3dd8961fe4884e608e11a82d994e183d%7C0 > %7C0%7C637332807380740132&sdata=0ZQ3oULPfbBeSX5cvOfkGjCS4si%2FH2cqnkceyQcrUdY%3D&reserved=0 > >> > >> """ > >> For all patches except #10 ("UefiPayloadPkg: Prepare UefiPayloadPkg to use > >> the VmgExitLib library") and #46 ("Maintainers.txt: Add > reviewers for the OvmfPkg SEV-related files"): > >> > >> Regression-tested-by: Laszlo Ersek <ler...@redhat.com> """ > >> > >> So whoever merges this series should please apply that to the respective > >> patches. > >> > >> [Liming] Got it. This patch set has passed all review. I will help merge > >> it for this stable tag stable202008. > >> > >> Thanks! > >> Laszlo > >> > >> > >> > >> > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64340): https://edk2.groups.io/g/devel/message/64340 Mute This Topic: https://groups.io/mt/76166920/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-