On 12/10/21 2:30 PM, Dave Hansen wrote:

On 12/10/21 12:18 PM, Brijesh Singh wrote:

quoted

On 12/10/21 1:12 PM, Dave Hansen wrote:

quoted

On 12/10/21 7:43 AM, Brijesh Singh wrote:

quoted

+/* AMD SEV Confidential computing blob structure */
+#define CC_BLOB_SEV_HDR_MAGIC	0x45444d41
+struct cc_blob_sev_info {
+	u32 magic;
+	u16 version;
+	u16 reserved;
+	u64 secrets_phys;
+	u32 secrets_len;
+	u64 cpuid_phys;
+	u32 cpuid_len;
+};

This is an ABI structure rather than some purely kernel construct, right?

This is ABI between the guest BIOS and Guest OS. It is defined in the OVMF.

https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FOvmfPkg%2FInclude%2FGuid%2FConfidentialComputingSevSnpBlob.h&data=04%7C01%7Cbrijesh.singh%40amd.com%7C460f6abff7f04e065c9108d9bc1bfcf7%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637747650681544593%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=GI1fAngRJ%2Bj4hcM91UutVXlS1F7kfk2xxtG6I%2BL%2FRYc%3D&reserved=0

SEV-SNP FW spec does not have it documented; it's up to the guest BIOS
on how it wants to communicate the Secrets and CPUID page location to
guest OS.

Well, no matter where it is defined, could we please make it a bit
easier for folks to find it in the future?

Noted, I will add a comment so that readers can find it easily. 
Additionally, I will create a doc and get it published on 
developer.amd.com/sev so that information is documented outside the 
source code files.

quoted

quoted

I searched through all of the specs to which you linked in the cover
letter.  I looked for "blob", "guid", the magic and part of the GUID
itself trying to find where this is defined to see if the struct is correct.

I couldn't find anything.

Where is the spec for this blob?  How large is it?  Did you mean to
leave a 4-byte hole after secrets_len and before cpuid_phys?

Yes, the length is never going to be > 4GB.

I was more concerned that this structure could change sizes if it were
compiled on 32-bit versus 64-bit code.  For kernel ABIs, we try not to
do that.

Is this somehow OK when talking to firmware?  Or can a 32-bit OS and
64-bit firmware never interact?

For SNP, both the firmware and OS need to be 64-bit. IIRC, both the 
Linux and OVMF do not enable the memory encryption for the 32-bit.

thanks