From nobody Thu Nov 14 16:46:00 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94471+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94471+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379225; cv=none; d=zohomail.com; s=zohoarc; b=mZu4QIHotOEO2kWMQ62JyVYT10f7HuuPUECjnnn4DVWZZJUwBDaM6jTi+xdq63OQVEtfouPJc5ej/Oy6fAR2a0deT13vTOQqaJafXfsjAO4s2eKjfn1Hf6GbZ0sN6LcHFm8O6JQ18lYV0KwIeGkBzYwGoBc/FTCNiIuS080J+mw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379225; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=zGoZ4k6s2+XzP25VK8ubeOD9wYJM6gCiq0fk02yuWyU=; b=W2pErf8LIwQrtbJVqlSJV0z/fECVLzhDB252A2wLOFm6Iv9e+vj7O/eE1HnLhuFvQNarkxvE0zMyjhnDOFWJnCljBz+AJ3D8XOzoD1wU21KDmzvELpAQl2gcTCDxA8+rv6WHjzGMWQVLt1OIECXmvabFl1m92PCHdxSMvJMCHyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94471+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1664379225418998.2646571406156; Wed, 28 Sep 2022 08:33:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EJf0YY1788612xRhby2xGiLR; Wed, 28 Sep 2022 08:33:45 -0700 X-Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by mx.groups.io with SMTP id smtpd.web10.9451.1664379224216609740 for ; Wed, 28 Sep 2022 08:33:44 -0700 X-Received: by mail-pl1-f201.google.com with SMTP id h11-20020a170902f54b00b001780f0f7ea7so8413984plf.9 for ; Wed, 28 Sep 2022 08:33:44 -0700 (PDT) X-Gm-Message-State: iH1KXEbaDMdMJ9l5SkGiO9gbx1787277AA= X-Google-Smtp-Source: AMsMyM5w7IoXdd2fGi0QNd45DIFRHBcHwFGB5Mtlo5ilWtf14zYW2ugNtNEyjcKK9mlVQLWmPruTHPawAyg+XsCCkg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:b8d:b0:543:6731:8b6c with SMTP id g13-20020a056a000b8d00b0054367318b6cmr35177258pfj.80.1664379223704; Wed, 28 Sep 2022 08:33:43 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:20 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-4-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 3/6] OvmfPkg: set PcdEnableUnacceptedMemory to FALSE From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379225; bh=uE+p88GCRdvs48stjtfhX1qf4/CfBwIaQjnyi+Y/o0A=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=VqHFJbuSBAJ4xa5rt1ejhOyW8PSdrQ3JB1vW/noP7JBAavHPSp5vL1/vY35fdiLn9dZ 9N8tBYFWUrgmIHGX2w8giRhfYEswE0ZZ4aeT8khzLoeJGNqW2rdhA9ZamjU5UbfGWuS2N SuHcaD8NlLPWWa8PNtUAZHNsgbI0O/Jovp4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379227297100013 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The default value of PcdEnableUnacceptedMemory should be FALSE in order for default safe behavior. If the next started image does not yet understand UEFI v2.9's new memory type, then it's stuck with most of its memory inaccessible. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/Bhyve/BhyveX64.dsc | 2 ++ OvmfPkg/CloudHv/CloudHvX64.dsc | 2 ++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfXen.dsc | 2 ++ 7 files changed, 13 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 90e8a213ef..23086748c5 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -526,6 +526,7 @@ =20 # Set ConfidentialComputing defaults gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE =20 !include OvmfPkg/OvmfTpmPcds.dsc.inc =20 diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 475b88b21a..004be8b019 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -559,6 +559,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 # MdeModulePkg resolution sets up the system display resolution diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 10b16104ac..41f43a2631 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -618,6 +618,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index c0c1a15b09..55b6a2a845 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -514,6 +514,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index af566b953f..aebe1c3192 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -655,6 +655,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f39d9cd117..6e4418388e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -679,6 +679,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 58a7c97cdd..0f57e22a2b 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -505,6 +505,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 ##########################################################################= ###### --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94471): https://edk2.groups.io/g/devel/message/94471 Mute This Topic: https://groups.io/mt/93975248/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-