From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.80]) by mx.groups.io with SMTP id smtpd.web11.23828.1682110173242470042 for ; Fri, 21 Apr 2023 13:49:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=sUxKpKZU; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.80, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ACT589OWn5fA1PAbh0d2qYKc8ey7Ni8ll8GOSphh1ZPpafY7BVN+XkGctieTt+cq5oQsuOxhn2Wchu49vbUjeK8BT3y955+GGs5Ap7j3hdwYxywaChxvCHe+nmw36T3I9fC/3ia7YYJwYcPz9pq3qXC0PB+IWCX5ZugwSQQTnyEakR6hakUYTdFrcPuv3YyAcevUpLoVUXguibnek/3Nsi76I+tuAVdjzWd6tSEvGZUqi3D7/OMmhjaMJLUVdQ6EsegxLXyVjDHqMlUVMQJDKfDAHFJk2UvTu/SKP8Iczb+NLrfunY2mM1K+yz/jna3TU6Wy4lBRgPSq3jG0eyzH9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oXzFx1IcKaV3asEXn0jeyHLnJE7M5Ypd2CQL+cecX6w=; b=Ctuy5Xgmc7QBqSjsFy7CXaGExhymcdtoUG+223nH8iv1xGerzHconagGSUycRHfIvDHeuODP49QNX/1z9ZND3PcwWcxej9TLMAorfLx0fIfo3ozlGpvRh9JFl+m16Ka94oKHzcT8tTx/jeFl4vGmTtDyCL01glsqqYqNYGe4Fyx4PlxWWiPcKcBRnEuAV/cFo49LKjTHFFmYPEG7YUUD9mJRUGFB97DstQHdeQW8O1NW40pFsA32YdlhS8awVYN9pQ+xVUSyDKkiY2J3zLKTkbd7yvlPBBHo6XK9+wL8/jfhRGVSii88f5jxcFIHFJ5siyRzTmQr7RfVOTkzEhfkxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oXzFx1IcKaV3asEXn0jeyHLnJE7M5Ypd2CQL+cecX6w=; b=sUxKpKZUVfwDKtLXGkD1yguq4YAS3r7eoRKePVTRTCI2eBL1yK809am8pfpMcZQjuvuCxz+Kw6HrL6gnkTNGJciP/R9biEIF1I+O8/Az18JF7MK8bKP521CSrEFckuanrcRRbOdG7VHMeUC9aVDkDZ9wTVsDx9/6uJ3SpJl92mg= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH7PR12MB7889.namprd12.prod.outlook.com (2603:10b6:510:27f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.20; Fri, 21 Apr 2023 20:49:31 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648%7]) with mapi id 15.20.6319.022; Fri, 21 Apr 2023 20:49:30 +0000 Message-ID: <0da93279-d397-c067-cc9f-7abfc9935eea@amd.com> Date: Fri, 21 Apr 2023 15:49:27 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest To: Gerd Hoffmann Cc: "Xu, Min M" , joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth References: <7a06aa46-4c10-fc85-48a6-826a4d82991e@amd.com> <2xjjrifeaa7khaha4se7gs3hmtdz2kkg2dv4t7njwf5z5mbn2f@qb5s2k7c6225> <03fed1d7-cbd8-ee45-ebd8-8ecf60971e61@amd.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: SA0PR11CA0029.namprd11.prod.outlook.com (2603:10b6:806:d3::34) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH7PR12MB7889:EE_ X-MS-Office365-Filtering-Correlation-Id: 96476496-60c1-4a15-89aa-08db42a9e79f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PvgpJz+vM1/+hZPiOko8iNjlWVzAHDAjXdN0t3xdj8CElR0KxH/kuCx8Bd1PAJx19bd2fsA0fJr8bZwRKk3mZ/b4KMBE/dIH5djbuiHfBkWDZY+nL6uW8X81IC+zd9H7sFDJHUj4jFtVprwKVRbZI/DcJBxLO9NcIIKTAYEUpChU3lqQZE+Y16M+q06RkFa4CbASoDWJ/lLf6kasxZOu8IoYoGLXQm9ZARotTO+KKgBqB5vSmbQhn9kWbZ99MCHzotypOTOWJL7xUt0khtCEtvQW471CEFhaHQ4IvX4HzLOiaPy1y3//AKdiClKT22JyNI6tdhepScSs0Edt1yq2tKW1gQ/Akc+IhuyQKWmildPB2i7SooBh0xPzTAiCNKeBz1Q0u+VxPBLTvAHxfheeqfh310g45dSL1QQPewBXkz7Igm0uW4wATYeI/EZZBh2K0/1y0Kv3x2UCA8uFbOCScqsfD3UVqrC7Fg5kTa1LR9mj2U8kqlsJt461YvhhYcedsJjxWHZRSVLXCCaYc9WB53AzdNFrtbYaybxpFVyXz0Vzw3A+6OEnpiXzgsKbkNgALwZgfsgJBYlSmHdJlcwMbk/aMVKvmPmUOtAGmBOwqAPsIaMEYdFcMJBt84xZu1i7y8hgWJfnv1S/exK8QdR0Jw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(396003)(376002)(39860400002)(346002)(366004)(136003)(451199021)(6486002)(6666004)(966005)(478600001)(31696002)(86362001)(36756003)(2616005)(83380400001)(26005)(38100700002)(6512007)(186003)(6506007)(53546011)(316002)(66556008)(66946007)(66476007)(2906002)(6916009)(8676002)(8936002)(5660300002)(31686004)(41300700001)(4326008)(54906003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?c3U5V0JNblI5SFhRNGNLVWFSaW1DVUhwb1BxV05DOEI3WWhxS1lORk5OaVRE?= =?utf-8?B?Yzk4UXdDQ2VrWERkVDJOdlh3M3ZqQjBUVzEwbFBaSUkvRWR4UmRXb3NhamJ1?= =?utf-8?B?ZTJWdDlPc3paQ2V1QUNXVXhReXdCT2pDdStuMnJCTXhkcDl2MGFEOUtTcW9V?= =?utf-8?B?TU0wbHBSQUVsNTdhaWVkYWt5ZXAxUm8yeFFVV3hNTzY5aXZMUGVZRXhOTGRh?= =?utf-8?B?WEE2Yno5OVhseEZkYTVRcnFDdlg4VElZTXhxRWxVMmxOM0ZFR0lKMHZBUitQ?= =?utf-8?B?bkVwQ00ySFpOZkZBc3phUXlyTXI3TE00OE9YU243Zit2d0JEMzM4d0hGVno1?= =?utf-8?B?TjFmMjhMVjJ0T2hMUUk1RmtLTW5pZ1dvY2xDZkU1azRObjMwc0xhcEp3MXN5?= =?utf-8?B?cGFFLzhoQkVhK0taZ3ROUy96dmVkMWRHZGxmMEhQcjVWU2M0L1ZDbVdkbWE4?= =?utf-8?B?MmYwMG40TjhoOHEzNGlrVDZKaW1mYUtWTFpNdSt3YWM0RmxzYzIrcUNrSnZh?= =?utf-8?B?MXI5S2FHRjNuVEpQZ28xU1JoNENlanN2YjQ5dDVFUks0RGQ3YW5IQXppUW5Q?= =?utf-8?B?Nm1KUFdWY3p0NU84MHVHaVdONDBSWnBWWkl5ZEZ0MFh5ZGU3WTFJUGJKelI2?= =?utf-8?B?cEVxSzV3NFRkZHk5VERSRWFXR3p2RU0zTnhaNWg4M1QrdWFndE5hWFNZOU9y?= =?utf-8?B?cFRpU2NVWkZSMXFYVFR2Nk1kS2hERXlLVW80QzRuaUQzc0xaaEpGUmNFTHpj?= =?utf-8?B?M0t4U3VTSGRWTGVaeDBVQTVVOHpvcCtPNmtqWGt5SW1SdE1BVjZwc090UHFN?= =?utf-8?B?bUdobXZ5NVFiVmtwV3hnZ284VVhXSzUxeXFwNFFZUFFPMHdjWHo1VDRZWXhU?= =?utf-8?B?L091MldTVWZ6cHNnVUlIRVNLcjhEdy9rd051eGo3aDN0eHp4ck1wRjdRZFJn?= =?utf-8?B?WTdIczlzQ0hEWS95Rlo3dU9aTE9jZFpVcysvRkRRSHE1VE5LMFluTnJ0U0dw?= =?utf-8?B?SzF1ak1ZVlVQNHRUZUJKS2VnOGwxeTJUQ2RIWWcxMUN6cENkSDM4ZXNHa3FM?= =?utf-8?B?MDI3RmxYNnlxcFpCL1B3NEpRbzUvWDZwRVYyRkNuSnBoSGpBSUtGK2hVakFt?= =?utf-8?B?T3Z0MW8vcGt5a2hJZitEd2xLTVBLRWNFQ0pSSW9RaDFNWXVqUGx0bjRTekE2?= =?utf-8?B?Szh5aGlrRGRUc2dmYnVYRHUyQlJqMjQvWDVDTVJ2V2lpWkxyMjdCV3ltc0RZ?= =?utf-8?B?MXNBZnk1QVNaZ1pWMXB6QUxDMWw3eGFWM1BZMmQ4bWJEcWQ0bW05djBNTzRa?= =?utf-8?B?M3B5TFl6QXlIRWZ1dDVubE9ZU1Y2TlU0b3ovLzNtQ1VTWituNXZDaWVreEpm?= =?utf-8?B?dUJqWGRNUjl6S2ZDT0I5MVZ0b3VuSmIrQm1RU2lidkoyYnNiZi9ETXV5b1Mx?= =?utf-8?B?L2FkYWM0bnNHQkNqRGQvMUJXTjlkRWY3dFc5ZzduR0tzbEl0c05FbVlTR2xU?= =?utf-8?B?aU9qc0hDZnhKTTR5WnpMUzU3YnNtdzJpVXBTMkQxS05OWFlpSzhDV1ZhVGpU?= =?utf-8?B?a055eDV6Q053dmJRSEZyRVl5Vmt2enAvWjdPR2ZqOUg1TTFHV1pnWk8rakFZ?= =?utf-8?B?eWpUSm1vdGRWLzNyeWhoVlJLODg2NEJQSThJSjQ4ak5VUFZhajNQUzFGdGNh?= =?utf-8?B?ekM0UUU0eUdpRlp0anU5VXBFbU5IbUFyenlyRzBMT2xQTzRwNDc0d0dCWjcv?= =?utf-8?B?b0RoTzRlTGw5MytlWHJDMGtUMExWTDNTODdadThYb3NRU3l3ZE9VMHByblZy?= =?utf-8?B?SklLUGhDRjdjbzN0dElmNjZpNWE1NzRJZHNwMEJ3T3hLbWhEVitJUm1ZYjVX?= =?utf-8?B?Tzl1endBckE3TDV3YzRZUlJYbzY0QVBRWWRaaXZrQ2RMMGJlUHA4dmlPNC9r?= =?utf-8?B?cWJoWkExVXJGNEd1RnlIRUVwMGdZL1ZSZ0hReUZxUDh3SDBRV0pmVDlPdkdh?= =?utf-8?B?VENLeGNqZGRBdGRxSktzYU1uOEZzc3d0WlFjQjI1YlFJRHJ2ZlArTVVxeEdq?= =?utf-8?B?TnpqTWhxanJ6dDRjSm1QT1phMTQvaWwvZWFFUjlGNUcvaUUwNFpXYmJQQm1m?= =?utf-8?Q?bSKZRgHMwI3dokHShgmmg10xZ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 96476496-60c1-4a15-89aa-08db42a9e79f X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2023 20:49:30.7998 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: yykgPaFjSoFQEIka2dB0ZfRMP2bol4l5N3kAc1CMRfbtI90qBnTSvVv8TfeSZ5aPAgwXsbPkDOrya+aPtynhaw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7889 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/21/23 04:18, Gerd Hoffmann wrote: >>> Hmm, good question. Can the guest figure what memory ranges are part >>> of the launch measurement? >>> >>> I have a patch here (attached below) which refines flash detection and >>> can detect whenever varstore flash is writable or not. I suspect that >>> doesn't help much though as flash probing requires mappings already >>> being correct. >> >> Sorry for the delay, but, yeah, doesn't help. SEV and SEV-ES assert and >> SEV-SNP terminates because of accessing a shared page (in the RMP) as a >> private page (we don't support the generated 0x404 error code in the #VC >> handler). > > Can you try this? > https://github.com/kraxel/edk2/commits/devel/secure-boot-pcd It works for the split vars/code launch, but fails for the combined vars/code launch: EMU Variable FVB Started EMU Variable FVB: Using pre-reserved block at 7FE7C000 EMU Variable FVB: Basic FV headers were invalid EMU Variable FVB: SecureBoot: restore FV from ROM EMU Variable FVB: Basic FV headers were invalid ASSERT [EmuVariableFvbRuntimeDxe] /root/kernels/ovmf-gerd-build-X64/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c(781): ((BOOLEAN)(0==1)) So the mapping isn't correct at this point either. Thanks, Tom > > It moves the varstore copy from platform init to emu variable driver, > which should be late enough that sev setup should be complete. > > take care, > Gerd >