Hey Ard I am worried about the CI for ArmVirtPkg. Can we add such ArmVirtPkg build into CI?
I feel disappointed that a simple build error cannot be caught by CI. Hey Min/Ard I think the reason is that the API in EmbeddedPkg/PrePiLib library is changed. That makes it compatible. It is a bad idea, IMHO. A better way is to keep old API - FfsFindSectionData(), and add a new API - FfsFindSectionDataWithHook(). That can keep the compatibility, and we don’t worry about any unknown consumer. Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard > Biesheuvel > Sent: Wednesday, January 18, 2023 7:08 PM > To: Yao, Jiewen <jiewen....@intel.com>; Xu, Min M <min.m...@intel.com> > Cc: Gerd Hoffmann <kra...@redhat.com>; devel@edk2.groups.io; Leif > Lindholm <quic_llind...@quicinc.com>; Ard Biesheuvel > <ardb+tianoc...@kernel.org>; Abner Chang <abner.ch...@amd.com>; > Daniel Schaefer <g...@danielschaefer.me>; Aktas, Erdem > <erdemak...@google.com>; James Bottomley <j...@linux.ibm.com>; Tom > Lendacky <thomas.lenda...@amd.com> > Subject: Re: [edk2-devel] [PATCH V3 0/4] Introduce Separate-Fv in > OvmfPkg/IntelTdx > > This series has broken the ArmVirtQemuKernel build (see below). > > Please fix or revert. > > > > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>: > In function ‘RelocatePeCoffImage’: > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:158:12: > error: too few arguments to function ‘FfsFindSectionData’ > 158 | Status = FfsFindSectionData (EFI_SECTION_PE32, FileHandle, > &SectionData); > | ^~~~~~~~~~~~~~~~~~ > In file included from > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:13: > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/EmbeddedPkg/Include/Library/PrePiLib.h>:81:1: > note: declared here > 81 | FfsFindSectionData ( > | ^~~~~~~~~~~~~~~~~~ > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:160:14: > error: too few arguments to function ‘FfsFindSectionData’ > 160 | Status = FfsFindSectionData (EFI_SECTION_TE, FileHandle, > &SectionData); > | ^~~~~~~~~~~~~~~~~~ > In file included from > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/ArmVirtPkg/PrePi/PrePi.c>:13: > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/EmbeddedPkg/Include/Library/PrePiLib.h>:81:1: > note: declared here > 81 | FfsFindSectionData ( > | ^~~~~~~~~~~~~~~~~~ > make: *** [GNUmakefile:397: > <https://ci.linaro.org/job/leg-virt-tianocore-edk2- > upstream/ws/edk2/Build/ArmVirtQemuKernel- > AARCH64/DEBUG_GCC5/AARCH64/ArmVirtPkg/PrePi/ArmVirtPrePiUniCoreR > elocatable/OUTPUT/PrePi.obj]> > Error 1 > > On Wed, 18 Jan 2023 at 04:05, Yao, Jiewen <jiewen....@intel.com> wrote: > > > > Reviewed-by: Jiewen Yao <jiewen....@intel.com> > > > > Merged https://github.com/tianocore/edk2/pull/3916 > > > > > -----Original Message----- > > > From: Gerd Hoffmann <kra...@redhat.com> > > > Sent: Tuesday, January 17, 2023 6:58 PM > > > To: Xu, Min M <min.m...@intel.com> > > > Cc: devel@edk2.groups.io; Leif Lindholm <quic_llind...@quicinc.com>; > Ard > > > Biesheuvel <ardb+tianoc...@kernel.org>; Abner Chang > > > <abner.ch...@amd.com>; Daniel Schaefer <g...@danielschaefer.me>; > Aktas, > > > Erdem <erdemak...@google.com>; James Bottomley > <j...@linux.ibm.com>; > > > Yao, Jiewen <jiewen....@intel.com>; Tom Lendacky > > > <thomas.lenda...@amd.com> > > > Subject: Re: [PATCH V3 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx > > > > > > On Tue, Jan 17, 2023 at 07:31:54AM +0800, Min Xu wrote: > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 > > > > > > > > In current DXE FV there are 100+ drivers. Some of the drivers are not > > > > used in Td guest. (Such as USB support drivers, network related > > > > drivers, etc). > > > > > > > > From the security perspective if a driver is not used, we should prevent > > > > it from being loaded/started. There are 2 benefits: > > > > 1. Reduce the attack surface > > > > 2. Improve the boot performance > > > > > > > > So we introduce Separate-Fv which separates DXEFV into 2 FVs: DXEFV > > > > and NCCFV. All the drivers which are not needed by a Confidential > > > > Computing guest are moved from DXEFV to NCCFV. > > > > > > > > When booting a CC guest only the drivers in DXEFV will be loaded and > > > > started. For a Non-CC guest both DXEFV and NCCFV drivers will be > > > > loaded and started. > > > > > > > > Patch#1 updates EmbeddedPkg/PrePiLib with > FFS_CHECK_SECTION_HOOK. > > > > Patch#2 adds PCDs/GUID for NCCFV. > > > > Patch#3 moves cc-unused drivers to NCCFV. > > > > Patch#4 update PeilessStartupLib to find NCCFV for non-cc guest. > > > > > > series: > > > Acked-by: Gerd Hoffmann <kra...@redhat.com> > > > > > > take care, > > > Gerd > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98799): https://edk2.groups.io/g/devel/message/98799 Mute This Topic: https://groups.io/mt/96319661/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
