* Laszlo Ersek (ler...@redhat.com) wrote: > On 04/09/21 15:44, Yao, Jiewen wrote: > > Hi Laszlo > > Thanks. > > > > We did provide a separate binary in the beginning - see > > https://github.com/tianocore/edk2-staging/tree/TDVF, with same goal - easy > > to maintain and develop. A clean solution, definitely. > > > > However, we got requirement to deliver one binary solution together with 1) > > normal OVMF, 2) AMD-SEV, 3) Intel-TDX. > > Now, we are struggling to merge them...... > > > > For DXE, we hope to isolate TDX driver whenever it is possible. > > But we only have one reset vector here. Sigh... > > Can we please pry a little bit at that "one binary" requirement? > > Ultimately the "guest bundle" is going to be composed by much > higher-level code, I expect (such as some userspace code, written in > python or similar); selecting a firmware binary in such an environment > is surely easier than handling this "polymorphism" in the most > restrictive software environment imaginable (reset vector assembly code > in the guest)?
I think also there's a security argument here; some people like to measure security in kloc's; so having your secure boot image as small as possible for the environment you're actually running does make some sense, which favours the 2 image idea. Dave > Thanks > Laszlo -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#73937): https://edk2.groups.io/g/devel/message/73937 Mute This Topic: https://groups.io/mt/81969494/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
