From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <brijesh.singh@amd.com>
Received-SPF: Pass (sender SPF authorized) identity=helo;
 client-ip=104.47.37.54; helo=nam02-cy1-obe.outbound.protection.outlook.com;
 envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org 
Received: from NAM02-CY1-obe.outbound.protection.outlook.com
 (mail-cys01nam02on0054.outbound.protection.outlook.com [104.47.37.54])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A0DFA211F889A
 for <edk2-devel@lists.01.org>; Tue, 26 Jun 2018 12:46:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=gTcqFzWyFLTKx4HSydBjmMneT0cjNS+BbLhybaPzdDs=;
 b=qsBbBiFcASoovuPwpmnM2O6pts7LAYGJV8ALDSRWhBfdnT+JzyphegKXchsJMHihXrhmFF3IlNc3ppLqcxcBwzdqrhDuGqmbTrrOlTuRT14y0/cIDx829wqPaU2IhXBoLORqmP6rT3zr0MYQt6XtRwZT+fUj5mxAHXfHIQ6YUIQ=
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=brijesh.singh@amd.com; 
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by
 MW2PR12MB2460.namprd12.prod.outlook.com (2603:10b6:907:9::11) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.884.23; Tue, 26 Jun 2018 19:46:14 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: edk2-devel@lists.01.org
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>,
 Brijesh Singh <brijesh.singh@amd.com>, Laszlo Ersek <lersek@redhat.com>
Date: Tue, 26 Jun 2018 14:46:05 -0500
Message-Id: <1530042365-9979-1-git-send-email-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SN4PR0501CA0145.namprd05.prod.outlook.com
 (2603:10b6:803:2c::23) To MW2PR12MB2460.namprd12.prod.outlook.com
 (2603:10b6:907:9::11)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 273c65d5-c5c3-469e-32e8-08d5db9d7a79
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(7020095)(4652020)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(48565401081)(2017052603328)(7153060)(7193020);
 SRVR:MW2PR12MB2460; 
X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2460;
 3:Ahu8711FNA6rdcxhCibZgSLlBjy1MtIaUL1elB3wdu9MHCiswOPJd6Z6cA3dpTkZQ8MpVX7BQ1Ezp2IYO7S0v1fNfAf5Hzs0PYt9X41wExZeYdsm1WUCsc2UGe4aoyXm4kXBinxnS6L3MyAQWZBc1w0qa5C/T96Mw99TxIcCMZ/2J7SVZw4IsjfxCQqoxnFHcPclEaRhNJlUgciIfddmGF7eOKlO16tkuEDi6/Nj3m83mZeIan6FfidJ4NdpH+/q;
 25:cg3H13DvOwIvdKPN5rKJWoETU6UW2A05wdzuMtxahPuMRC9eWUChIDoiuJzWc1SEaQyHGw7OOJqO2I2f7EuG3FPy1VVIb2XCnf7Pz7/9iyUZoWockvmNcmFNsm9ijkBVvbOmPG8XNIQRPEKUH06OOq+1slpyxRQqjwYwGL29wmtjlE68tiKUG9A0BgM6b56BLo5o5UIX3FVCjyh1ApCqxPkJvw1uT0vBwMyOYJgBkTjS8uwPKQ2S2Z0vee27RUW0hVqQQuRHEX5c5lnmE75SCN7+sITEbxA8hrMzYFRqDAeNHXPQbK6jVAPqrrA8kaFmmBDwX7l/m7al/+zFN7EB+A==;
 31:Etp4u+kM9pV47G9Q9A2aO7iDewa9OwlFiNNTln599fmVn7K2Hbz6w5A3tvJGPpVn3d5ei5io+57FDhZWt7AgsLpxVYEpuNa+E+5SfFV1JL6l+xCIP4NEzbF83An+XVtqZstY1rpZVndBl71+WDid6mZ/Xgjr67tYK6q/Fdq/4PFITr1uZcPuGpVs3PW6BYRMkehVwhPdqw8i89iRJ9gi1LNb+5ATcz7AJ+jY8pvpqWs=
X-MS-TrafficTypeDiagnostic: MW2PR12MB2460:
X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2460;
 20:B8qsV5VTYw0AFkU2wgADsEjnWp//M461Z3fw4/29mCLMfhXFcMXNWG8bOscMI9zG7vAaCF+DaIHq/SbgppoSwAEW70TENOyqhphKAcw2dOe2l5enBN91uqtftHk2DVTxAM3ngE7I/qpt/Ddj/HE2R5jMgTmV+znzw4M/Czx/0wS5VauB6xX8BOhi+FvbniRHxGJTRwSQtkaAIS+GVf5Kkonftn+zwvMvM9xX8ycoETgvfFa2OuPrnwsD/c42bpj9PF6E5hISX9SBmhj2rsJPCHDYoxJjn13tMgFN0ZwdS6XT12M3GSAdc6c1VWOycS9KqvwkXRw30i8BeVA/5SH1f8DgYDktLTwgxBJ7HEz3M3xYlEBsSoklN4pWAA9rK7u8UDqxd4OROpXnCQvevsis6afPRZBJoQVjBMAfscQJ0EOFhSmZM0KP5dQHIlHIapSl4IQXmH7BUY6kMdZE+/wNStMqMo4PYAOCYQlBArsVDb6eqX7JB9gDqvS+T2rpgHDa;
 4:pIlTJZM3nCZSEs7o34B15CsJFp61ratuwmWvmsB5/o1txVqvsAgRpd3Y+7Ad/0x3yi85CM/yt2a5JWSTLSxROgXjIaNlIgUtVvb+qTSKUAauogC3y+FKiP2Hgm0r8CO6tP/E3598WHUqFQJqtMBB7qiOsVzFwGfhrms6temivEYtiYlkv7YUpr36VAaF6mEeW9MsQkWwifmOqNAzjMYJ9eT/F/bikd9iW8AJi+rNAVXmq+RfK5bsIfyGNZvhlZmsDMMhbWhCgL3kXaH1pfDjpbUKaBOEEvixmxky9lEq5yZmmK9YKgKiJq1rO2U8jwBB
X-Microsoft-Antispam-PRVS: <MW2PR12MB2460DB06D40A0ED421654F71E5490@MW2PR12MB2460.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
 RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011)(7699016);
 SRVR:MW2PR12MB2460; BCL:0; PCL:0; RULEID:; SRVR:MW2PR12MB2460; 
X-Forefront-PRVS: 071518EF63
X-Forefront-Antispam-Report: SFV:NSPM;
 SFS:(10009020)(396003)(366004)(346002)(39860400002)(136003)(376002)(189003)(199004)(68736007)(52116002)(2361001)(4326008)(486006)(44832011)(2351001)(36756003)(3846002)(106356001)(2906002)(6116002)(7696005)(51416003)(50226002)(478600001)(26005)(386003)(186003)(86362001)(16526019)(956004)(305945005)(97736004)(7736002)(6666003)(66066001)(5660300001)(6486002)(50466002)(8936002)(47776003)(48376002)(8676002)(105586002)(476003)(53936002)(25786009)(2616005)(53416004)(81156014)(81166006)(6916009)(54906003)(16586007)(316002)(14444005)(217873001);
 DIR:OUT; SFP:1101; SCL:1; SRVR:MW2PR12MB2460; H:sbrijesh-desktop.amd.com; FPR:;
 SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; 
Received-SPF: None (protection.outlook.com: amd.com does not designate
 permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MW2PR12MB2460;
 23:TNM9ogHmFHuuklOcy0rxNgJvdvtAyrRGC2C2YeD2m?=
 =?us-ascii?Q?gKQBuwFPONKDXe4nVlIU1tzlUPhRoGApuIsFLEiTQmy23zKiiwz1ZVCb3PGQ?=
 =?us-ascii?Q?q9M7XAys0W5irmVyLawbTnhH+MFYtAMwBXN7mRq1lBlR9Atnfu3An8lf8oh/?=
 =?us-ascii?Q?X/+cSRWdJdaI5oJP0NVhMTzPYwnz4dmgozhuZ9/94FPSh4am+keCyivL1mb6?=
 =?us-ascii?Q?Ll479usf+e4SO/EqGobP668SUvqzE8lfpH+DAf0SSwUyvyWOcqSg3XBMJF0C?=
 =?us-ascii?Q?vXgYTbkWKUecXWUgIcLfrQ5qG4D3UNuh+rlZ7jUs93BC44W+PCAWbjSWzQq/?=
 =?us-ascii?Q?/dPqi6RQ/J3hJ7lUgxnYm0NcerHh9yF4DDMFjLDRTNLHmR4YSBN6egOtq4vw?=
 =?us-ascii?Q?eL7EbzXsYg7aX5FOIvk3mmxTBR93YVkbEglacEtUieH+46CNN4WsmqkAQvm9?=
 =?us-ascii?Q?KrfcgJwUJTXSRHg9LHtAXln/F41fYOOHSG6TvGWeB8agRSy2R/YdwyjrSPzU?=
 =?us-ascii?Q?P++MHbUXXflyelRHvXOdK8OXjvcOy3cx9T3SkKlr029ohaKbCjiDp78m2Imp?=
 =?us-ascii?Q?ONzB0kSCVvNGX1/B01s6/Pk2lk4850TYM33yYlRX0gnZcZQxrmc6vPu1ViVB?=
 =?us-ascii?Q?iWgi1n1Eca4htYW2IE0ZE6ii9+kWs8gT2qx7u0yQ0sQASZN7d8cYjKMqh+rc?=
 =?us-ascii?Q?epp7Iy/AAbOFyS8P92aasWYBfs3qLJPWx6VAyCteSDB5yamxtS9V1czIIrzH?=
 =?us-ascii?Q?nGrq/MD4HUpMiw7yaIAxggfe7Pv4dq5UBrTXVBmgMF61IbqSlwjWuFusoA6y?=
 =?us-ascii?Q?PRiffbjSBHDDWUysJiLX1uxbnqjHfaSInmrwiHW1xpinoFtnQqHIrgmzzc/V?=
 =?us-ascii?Q?SU/M53ymgN6vhbK0LEh4NVokRP/SuQR0TzsQDlJDGtEBS8oWZnU5qGIuPiI4?=
 =?us-ascii?Q?Sb6STq999TjrCwUolknDQ/rVAjHdvaq/tko4t//N6F6p3OnBrs8WZKsvDEdm?=
 =?us-ascii?Q?XroDd1pyhH3xYEHR9YCFbTw0ojnCa0YK8Zu96l1BjnHX6HJwLYbhmBszhVnC?=
 =?us-ascii?Q?OPLW1x/K5v0oSMB6XTikee8DQD9jyVb5O1AHpKi93hMwtON8tMGTbMNFivXH?=
 =?us-ascii?Q?pMUka9WMSb4znHiCwtYcrUIAdXYf/bN2xPmyjEUlseWJBu9Dlbg7xQgsPYWB?=
 =?us-ascii?Q?GZm6Gy/jeqTs+aEPT/147crIfpkl+jUM6TCut+BoTEYgRp0+/z0ek2bAA=3D?=
 =?us-ascii?Q?=3D?=
X-Microsoft-Antispam-Message-Info: tXY4LwHJ0HdCi4pOJ2y1GxhUL3V6XMufAXDdwBRbaxDL1kXbVNZ8obwNbsg9LotoQMnIuZM62KTXU0sgKVkNIPkFl/Jte4Onwm6ApSFBL6x3pM6Apt+DenIYnsjsFjJTs+sv10LhS4pumQlKXo7mw8IjN2zf5pEm2fxT6gPO7RC4pVolMFKtivA8FnBRDg080VZcABac6KuqA7xAHUsTqqCHKNCIpKf+2Ywp1FtOi1VAhQRDeWbChbBvA68e791PChe1HGQw7/GV1bfr4XGT6HRBDe/WOKRmo6LjCG9UR03LTN9Xr+enxOrpDbtMUmU3qV7RAzBtPcFhwzPdmA2cnhRGQdDHa/ps9cqZYY6gLK0=
X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2460;
 6:SL+vNFNaoKxrxg436VzIcTKU+1ZBYOMHqd1B3uRxy9cGq7ynYU5ATEgDbxybLl7lybfbdvFNwep2/KyZ3BZKGOQgo2Ggu3mBgJYOOLKcbtdARai/wtalhM02nAmy5B/h8CqNZnxcFcJhJ4DhcmokOuZby0OBMkK82uZpPVP45WczHr8PrK/V+TguGsTjVPmA2I6DgPMzzKGTl6y5ra5cPxKzMq1zQSACk+wmJUi5WMHC37CBYaZn4pl7N2xuYVbqJBA6v/BrG+zok7coEG2f48u+2VV3J110P36CnqOSQa95ShTEInv++M7uBXwU67i74pYPV6UqepDuMLnWgXi9GdekzDWiii4OM1UJ3CnjvHLbBvvBsiCMxLiR+B+GhFL0BUI2w1bfXIbV7bzXnEal5qpUjojLhMmN93Bykr/WVYo8z32V4IUg0ZJQdbAf/mmx3YgflNtd1gNBxCCmfosZxg==;
 5:n8sZyvXXDVTC6tjMNpGdfBePgXA15hWVJqliXr708cpMGHXiVCIP75Hli7JpXx0uQZ7ynlwPjVdGAPwEN6O/XFoFMa3sQz6OKcwV5u94SuqyzQf/qqz4jLAns5h/8OlUluyCM0mOffYO2uvryzZEWlCRUA/CcA9ERKiHFMM8heY=;
 24:cMdhlDFecdYuK9dVJMwssHR1iti8jfzdPzkFdJEcFOlTwi/hKBJI556RMRtg3cLA0rrTxXrQGf2B5c3tivHtiFOW4O+JSOLbAAhj6YOeHao=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; MW2PR12MB2460;
 7:AiH3dX58ho+uDZl6BU8visGSgg9ukIcxJQVU+wWnaCgI+VGIkCKOT6msG9wtkSERsCG2hEz8fcjavnGOunZw7Iw7TTsR6auMeZDJmU90X9uFQuoMUHat/ijwn7WZ9bodlwUwq89r8vSgPbZjuXOheV4CYSjLtPAVzMYTvUIJZE/0uNOh+RlHA435KKXF+mfvmba7o3HRRnB8kVY0cYtQT8a2UnASNFLFMvi9AEF0oWkqJU5BDxsmx+1EmWUwJc1h;
 20:p9A2shWdJ5gapu8YTdIQDoZvIh4tC1W1VFJN385GlXMnjr0nW9AcPJhmyhvshJyud6Xv3uvSWPyUam6L1q43lOnj26Ev1/9ZrrXccCpF8u1mW2uge/yUzYRgZMx5EIY8GHGYNrzaX0bO0XF5Kck9pVXBlxSbr9Nl/mV8x7PtWtl2u7zG8uMDsF/jCfszl2lTgwqi/6hpxBcYJQKaml0YGyA7e0L1dxl1CJsJeKjtIULL3tNpzPbSEn4v/LU0d7CF
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2018 19:46:14.9686 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 273c65d5-c5c3-469e-32e8-08d5db9d7a79
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR12MB2460
Subject: [RFC PATCH 1/1] OvmfPkg/QemuFlash: Fix Runtime variable access when SEV is enabled
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 19:46:17 -0000
Content-Type: text/plain

Problem statement:
------------------
Fedora-28 contains 4.16 kernel -- which has all the required support to
run as an SEV guest.  When the installer is launched from SEV guest then
it fails to install the bootloader. The installer was failing to update
the 'BootOrder' UEFI runtime variable.

Root Cause Analysis
--------------------
Since QemuFlash storage memory is accessed by both guest and hypervisor
hence we need to map this memory range as unencrypted. AmdSevDxe maps the
range as "unencrypted" but later FtwNotificationEvent() in
MdeModule/Universal/Variable/RuntimeDxe/VariableDxe.c resets the mapping
and the memory region gets remapped as "encrypted". After that, any access
to the flash will end up going through the encryption engine. I did try
hacking EDK2 to restore the C-bit but that was not sufficient because UEFI
runtime services are mapped as "encrypted" in OS page table hence we end up
accessing the flash as encrypted when OS requests to update the variables.

A possible solution
---------------------
To solve the issue, after QemuFlash is probed, I allocate an encrypted
buffer and initialize this buffer with the contents from the flash memory.
When SEV is enabled, we use newly allocated encrypted buffer in
FwInstance->FvBase instead of the original flash region. The idea is if
caller grabs the FwInstance->FvBase pointer and tries to access the
FvVolumeHeader then it should get the data from the encrypted buffer.
But if caller wants read/writes to/from the flash device then we internally
use the original "unencrypted" flash region to access the data. With this
patch, I have verified that OS is able to update the runtime variable and
FC-28 installer is successfully able to complete the installation process.

If you all agree with approach then I can rework any feedbacks and remove
the rfc tag from the patch. If you have better suggestions then I am open
to explore those as well.

Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 .../FvbServicesRuntimeDxe.inf                      |  1 +
 .../FwBlockService.c                               | 37 +++++++++++++++++++---
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
index d7b4ec06c4e6..6bb5c2093790 100644
--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
+++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
@@ -54,6 +54,7 @@ [LibraryClasses]
   DevicePathLib
   DxeServicesTableLib
   MemoryAllocationLib
+  MemEncryptSevLib
   PcdLib
   UefiBootServicesTableLib
   UefiDriverEntryPoint
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c
index 558b395dff4a..e82b4ff70961 100644
--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c
+++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c
@@ -36,6 +36,7 @@
 #include <Library/DxeServicesTableLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/MemEncryptSevLib.h>
 
 #include "FwBlockService.h"
 #include "QemuFlash.h"
@@ -966,6 +967,7 @@ FvbInitialize (
   UINTN                               Length;
   UINTN                               NumOfBlocks;
   RETURN_STATUS                       PcdStatus;
+  EFI_PHYSICAL_ADDRESS                CryptedAddress;
 
   if (EFI_ERROR (QemuFlashInitialize ())) {
     //
@@ -986,6 +988,24 @@ FvbInitialize (
   BaseAddress = (UINTN) PcdGet32 (PcdOvmfFdBaseAddress);
   Length = PcdGet32 (PcdOvmfFirmwareFdSize);
 
+  //
+  // When SEV is enabled, allocate a encrypted buffer which will contain a
+  // encrypted copy of the Flash image.
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = gBS->AllocatePages (
+                    AllocateAnyPages,
+                    EfiRuntimeServicesData,
+                    EFI_SIZE_TO_PAGES(PcdGet32 (PcdOvmfFirmwareFdSize)),
+                    &CryptedAddress
+                    );
+    ASSERT_EFI_ERROR (Status);
+
+    CopyMem((VOID *)CryptedAddress, (VOID *)BaseAddress, Length);
+
+    BaseAddress = CryptedAddress;
+  }
+
   Status = InitializeVariableFvHeader ();
   if (EFI_ERROR (Status)) {
     DEBUG ((EFI_D_INFO,
@@ -1091,24 +1111,33 @@ FvbInitialize (
   //
   InstallProtocolInterfaces (FvbDevice);
 
-  MarkMemoryRangeForRuntimeAccess (BaseAddress, Length);
+  MarkMemoryRangeForRuntimeAccess (
+    (UINTN) PcdGet32 (PcdOvmfFdBaseAddress),
+    Length
+    );
 
   //
   // Set several PCD values to point to flash
   //
   PcdStatus = PcdSet64S (
     PcdFlashNvStorageVariableBase64,
-    (UINTN) PcdGet32 (PcdOvmfFlashNvStorageVariableBase)
+    BaseAddress
     );
   ASSERT_RETURN_ERROR (PcdStatus);
   PcdStatus = PcdSet32S (
     PcdFlashNvStorageFtwWorkingBase,
-    PcdGet32 (PcdOvmfFlashNvStorageFtwWorkingBase)
+    BaseAddress +
+    PcdGet32(PcdFlashNvStorageVariableSize) +
+    PcdGet32(PcdOvmfFlashNvStorageEventLogSize)
     );
+
   ASSERT_RETURN_ERROR (PcdStatus);
   PcdStatus = PcdSet32S (
     PcdFlashNvStorageFtwSpareBase,
-    PcdGet32 (PcdOvmfFlashNvStorageFtwSpareBase)
+    BaseAddress +
+    PcdGet32(PcdFlashNvStorageVariableSize) +
+    PcdGet32(PcdOvmfFlashNvStorageEventLogSize) +
+    PcdGet32(PcdFlashNvStorageFtwWorkingSize)
     );
   ASSERT_RETURN_ERROR (PcdStatus);
 
-- 
2.7.4