On 4/23/2024 8:01 PM, Gerd Hoffmann wrote:
On Tue, Apr 23, 2024 at 07:14:04PM +0530, Aithal, Srikanth wrote:

Correcting.

On 4/23/2024 7:09 PM, Aithal, Srikanth wrote:

Hello,

Todays OVMF/edk2 master branch is breaking AMD SEV-ES guest boot with
OvmfX64 package, where as sev-es guest boots fine with AmdSev package.

Git bisect pointed to below commit as bad, going back to previous commit
i.e ddc43e7a SEV-ES guest boots fine with OvmfX64 package:

Git bisect pointed to below commit as bad, going back to previous commit i.e
ddc43e7a SEV-ES guest boots fine. With OVMF/edk2 master branch SEV-ES guest
boots fine with *AmdSev *package:

The tests don't make much sense in confidential guests (both sev and
tdx).  Which why the driver is not included in the AmdSevPkg builds.

Not activating the driver in confidential guests should fix that, test
patch below.

take care,
  Gerd

diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
index 9514933011e8..b5c237288766 100644
--- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
@@ -49,6 +49,7 @@ [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
 
 [Pcd]
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
   gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
 
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
index b6e53a1219d1..efaff0d1f3cb 100644
--- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiLib.h>
+#include <Library/PcdLib.h>
 #include <Library/PlatformInitLib.h>
 
 #include <IndustryStandard/Hsti.h>
@@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
   EFI_STATUS                           Status;
   EFI_EVENT                            Event;
 
+  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
+    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
+    return EFI_UNSUPPORTED;
+  }
+
   DevId = VirtHstiGetHostBridgeDevId ();
   switch (DevId) {
     case INTEL_82441_DEVICE_ID:

Thanks, tested this patch on top of current edk2 master. Issue is resolved, am able to boot sev-es guests.

Tested-by: Srikanth Aithal <sraithal@amd.com>


    

  




_._,_._,_





Groups.io Links:



  
    You receive all messages sent to this group.
  
  




View/Reply Online (#118173) |


  

|

  Mute This Topic


| New Topic







Your Subscription |
Contact Group Owner |

Unsubscribe

 [rebecca@openfw.io]


_._,_._,_