Add platform specific servtd_info configuration for the hash tool.#37
Add platform specific servtd_info configuration for the hash tool.#37agokarn wants to merge 2 commits intomicrosoft-internal-only-changesfrom
Conversation
Fix formatting. modified: Makefile new file: config/servtd_info.txt new file: config/servtd_info_EMR.json new file: config/servtd_info_GNR.json
agokarn
force-pushed
the
user/arthig/platform-specific-migtd-and-hash
branch
from
6f83c50 to
a299437
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
config/servtd_info_GNR.json
Outdated
| "attributes": "0000000000000000", | ||
| "xfam": "e71e960000000000", | ||
| "mrconfigid": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", | ||
| "mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", |
There was a problem hiding this comment.
Remove trailing whitespace after the comma on line 5.
| "mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", | |
| "mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", |
config/servtd_info_EMR.json
Outdated
| "attributes": "0000000000000000", | ||
| "xfam": "e718060000000000", | ||
| "mrconfigid": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", | ||
| "mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", |
There was a problem hiding this comment.
Remove trailing whitespace after the comma on line 5.
| "mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", | |
| "mrowner": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", |
config/servtd_info.txt
Outdated
| 19-20 | AMX | ✓ | ✓ | AMX state (TILECFG, TILEDATA) | ||
| 23 | CET | - | ✓ | Control-flow Enforcement | ||
|
|
||
| Info generated by VSCode extension for "Claude Sonnet 4" |
There was a problem hiding this comment.
[nitpick] This line appears to be metadata about how the documentation was generated rather than actual documentation content. Consider removing it or moving it to a comment format.
| Info generated by VSCode extension for "Claude Sonnet 4" |
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| @@ -0,0 +1,22 @@ | |||
| Info generated by VSCode extension for "Claude Sonnet 4" | |||
There was a problem hiding this comment.
This comment appears to be generated metadata rather than proper documentation. Consider replacing with actual project documentation or removing this line.
| Info generated by VSCode extension for "Claude Sonnet 4" |
| XFAM Values for Intel CPU Generations | ||
|
|
||
| EMR (Emerald Rapids) CPU - Expected XFAM | ||
| Recommended XFAM: 0x00000006071e8000 (same as current) |
There was a problem hiding this comment.
The comment '(same as current)' is unclear without context about what 'current' refers to. Consider removing or clarifying what the current reference is.
| Recommended XFAM: 0x00000006071e8000 (same as current) | |
| Recommended XFAM: 0x00000006071e8000 |
agokarn
requested review from
CyanDevs,
a-trikalinou,
bhargavshah1988,
bodzhang,
daperoni,
davidmatson,
haitaohuang and
ksayid
|
Our current design is based on a stable hash across all machines. Should we meet to discuss? I'm not sure the platform can handle divergent hashes very well. |
Sure. Would the Thursday call work? Or do you want me to schedule an additional time slot? |
I don't currently see a Thursday appointment on my calendar, but anytime that afternoon should work. |
The series had expired. Extended it into October |
thanks - sure, that time should work fine |
| @@ -0,0 +1,22 @@ | |||
| Info generated by VSCode extension for "Claude Sonnet 4" | |||
| Reference: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg03255.html#:~:text=Emerald%20Rapids%20(EMR)%20is%20the,1%20reply%20via%20email%20to | |||
There was a problem hiding this comment.
According to https://cdrdv2.intel.com/v1/dl/getContent/733575, xfam is defined as below:
xfam is set by VMM when the MigTD is launched, controlling what extended CPU instruction sets can be used by MigTD. VMM needs to make sure the enabled extended CPU instruction sets are sufficient for MigTD to function. For example, if MigTD implementation requires AMX to function, but VMM did not enable it, MigTD operation will fail. To predict the expected MigTD TDINFO and pre-calculate MIGTD TDINFO_HASH, the tool needs to know what VMM will do. If VMM update to a platform changes the xfam configuration, and the pre-calculated hash value is not updated, the hash will be wrong. How should ensure the pre-calculated hash update is synchronized with xfam configuration update in VMM?
There was a problem hiding this comment.
xfam is set by VMM when the MigTD is launched, controlling what extended CPU instruction sets can be used by MigTD. VMM needs to make sure the enabled extended CPU instruction sets are sufficient for MigTD to function. For example, if MigTD implementation requires AMX to function, but VMM did not enable it, MigTD operation will fail. To predict the expected MigTD TDINFO and pre-calculate MIGTD TDINFO_HASH, the tool needs to know what VMM will do. If VMM update to a platform changes the xfam configuration, and the pre-calculated hash value is not updated, the hash will be wrong. How should ensure the pre-calculated hash update is synchronized with xfam configuration update in VMM?
I think we have three options here:
- Use mulitple xfams, and keep xfam as part of the MigTD hash.
- Use a mulitple xfams, but set ignore_xfam to exclude it from the MigTD hash.
- Use a single xfam, matching the TD's documented requirement here in source control.
(Note that both options 2 and 3 require platform changes.)
I tend to think option 3 might be the simplest - thoughts?
There was a problem hiding this comment.
Discussed further with platform folks, and we're planning on adding support for specifying the desired xfam in the IGVM file, so I think we could do option 3. Thoughts?
This is related to Issue - #7
Problem statement -
servtd_info.json is used by the hash tool to pre- calculate MigTD TDINFO and TDINFO_HASH. MigTD TDINFO fields such as attributes and xfam are determined by HW capability and VMM configuration (`xfam' reflect the Intel CPU extended features supported by the HW and enabled by VMM). To properly pre-calculate Mig TDINFO for a specific platform, a platform specific servtd_info configuration is needed.
Depending on the targeted platform's capability and VMM configuration, the same MigTD binary running on different platforms can produce different attributes and xfam value in MigTD TDINFO, requiring VMM to use platform specific TDINFO_HASH value when invoke TDX LM prebind API.
The platform specific servtd_info configuration might need be integrated in MigTD release pipeline and a platform specific TDINFO_HASH metadata might need to be packaged with the MigTD binary for VMM to use in prebind API.
Current solution-
Xfam value determination and security implications are still under consideration. However, the Makefile now has a way to have different configurations for different platforms and generate different hashes that can be used by the build pipeline.