From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBE9C70 for ; Mon, 28 Jun 2021 13:43:40 +0000 (UTC) Received: from zn.tnic (p200300ec2f0ad700491bef6a2c18e575.dip0.t-ipconnect.de [IPv6:2003:ec:2f0a:d700:491b:ef6a:2c18:e575]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id F2FA21EC0473; Mon, 28 Jun 2021 15:43:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1624887819; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=oaTWoMIR/8kJ1vrSQ/YRM/leTg1aNhhSfH9Oxbdei28=; b=CcGIVm4bSbzMzC10uwvsiurej2wJd+CPm1Arml3UbITXCUfouCbJT706JeVxr6NOxOmjwo Bv7E2wkMLBJ3qDqFg3z4uKMvcXyXgLKEw3LFgtzRCZDU2rPJBwZVy9us4eNCpqb3a3lL7u oZVemIo605NkzDqx5AiWPvSFPd0d4X8= Date: Mon, 28 Jun 2021 15:43:34 +0200 From: Borislav Petkov To: Michael Roth Cc: Brijesh Singh , "Kuppuswamy, Sathyanarayanan" , Dave Hansen , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Andy Lutomirski , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , tony.luck@intel.com, npmccallum@redhat.com Subject: Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header Message-ID: References: <20210624031911.eznpkbgjt4e445xj@amd.com> <20210624123447.zbfkohbtdusey66w@amd.com> <20210624141111.pzvb6gk5lzfelx26@amd.com> <8faad91a-f229-dee3-0e1f-0b613596db17@amd.com> <20210625181417.kaylo56pz4rlwwqr@amd.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210625181417.kaylo56pz4rlwwqr@amd.com> On Fri, Jun 25, 2021 at 01:14:17PM -0500, Michael Roth wrote: > So non-EFI case would rely purely on the setup_data entry for both (though > we could still use boot_params->cc_blob_address to avoid the need to scan > setup_data list in proper kernel as well, but scanning it early on doesn't > have the same issues as with EFI config table so it's not really > necessary there). Yeah, sure, we can simply always use boot_params->cc_blob_address just like acpi_rsdp_addr and always put the CC blob address there. > I opted to give setup_data precedence over EFI, since if a bootloader goes > the extra mile of packaging up a setup_data argument instead of just leaving > it to firmware/EFI config table, it might be out of some extra need. For > example, if we do have a shared definition for both SEV and TDX, maybe the > bootloader needs to synthesize multiple EFI table entries, and a unified > setup_data will be easier for the kernel to consume than replicating that same > work, and maybe over time the fallback can be deprecated. And containers will > more than likely prefer setup_data approach, which might drive future changes > that aren't in lockstep with EFI definitions as well. Yah, that makes perfect sense. And you/Brijesh should put the gist of that in a comment over the code so that people are aware. The less we rely on firmware, the better. > Brijesh can correct me if I'm wrong, but I believe that's the intent, and the > setup_data approach definitely seems workable for that aspect. Oki doki, I think we're all on the same page then. :-) Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette