From: "Laszlo Ersek" <lersek@redhat.com>
To: jejb@linux.ibm.com, devel@edk2.groups.io
Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com,
ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com,
david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com,
frankeh@us.ibm.com,
"Dr . David Alan Gilbert" <dgilbert@redhat.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: Re: [edk2-devel] [PATCH v3 0/6] SEV Encrypted Boot for Ovmf
Date: Fri, 4 Dec 2020 02:55:02 +0100 [thread overview]
Message-ID: <18bbe7d1-a51a-647e-d05a-73e5465d31cc@redhat.com> (raw)
In-Reply-To: <762be18c6132f0f55e029879931ba6bca79323cd.camel@linux.ibm.com>
On 12/04/20 02:05, James Bottomley wrote:
> On Fri, 2020-12-04 at 01:46 +0100, Laszlo Ersek wrote:
>> On 12/03/20 15:27, James Bottomley wrote:
>>> On Thu, 2020-12-03 at 13:26 +0100, Laszlo Ersek wrote:
>>>> Hi James,
>>>>
>>>> On 11/30/20 21:28, James Bottomley wrote:
>>>>> v3:
>>>>>
>>>>> - More grub and boot stripping (I think I got everything out,
>>>>> but there may be something that strayed in the boot panic
>>>>> resolution).
>>>>> - grub.sh tidy up with tabs->spaces.
>>>>> - Move the reset vector GUIDisation patch to the front so it
>>>>> can be applied independently
>>>>> - Update the .dsc and .fdf files for variable policy
>>>>
>>>> In preparation for submitting the github PR for merging this
>>>> series, I first ran PatchCheck.py locally.
>>>>
>>>> It doesn't like that I converted "OvmfPkg/AmdSev/Grub/grub.cfg"
>>>> to LF, in addition to "OvmfPkg/AmdSev/Grub/grub.sh".
>>>>
>>>> PatchCheck.py recognizes the ".sh" suffix, so it's not
>>>> complaining about "OvmfPkg/AmdSev/Grub/grub.sh". But, the config
>>>> file is a problem.
>>>>
>>>> Can you please confirm that grub works fine if the config file
>>>> has CRLF line terminators? Because then I'll just convert the
>>>> config file back to CRLF, and merge the series.
>>>
>>> I converted the entire file with unix2dos and grub does seem to be
>>> fine with the CRLF line endings (probably because it wants to be a
>>> boot loader beyond linux), so I think converting the file to CRLF
>>> is the right way to go.
>>
>> I submitted PR <https://github.com/tianocore/edk2/pull/1175>;, but it
>> was rejected due to ECC failures.
>>
>> I think we all need to have a serious talk about ECC. I'll send a
>> separate email.
>>
>> I'm really sorry.
>
> Is it just complaining that gGrubFileGuid is the same as the FILE_GUID
> in Grub.inf (as the comment in Grub.inf says) but it shouldn't be, so
> the fix is to remove the comment and generate a new FILE_GUID for
> Grub.inf?
>
> James
>
>
Log files (same content, modulo timestamps etc):
https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13-7def1f19d478/_apis/build/builds/16071/logs/115
https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13-7def1f19d478/_apis/build/builds/16072/logs/113
Two plugins failed (search either log for the string "Test Failed" --
there's going to be two instances).
(1) The GUID check plugin is one of both failures.
It's unjustified of course, because you *need* to know the FILE_GUID of
Grub.inf -- that's how you can generate boot option to it in the
Platform BDS library. Making gGrubFileGuid different from what's in
FILE_GUID would *break the code*.
One hack for this is to change the FILE_GUID in Grub.inf (regenerate it
with uuidgen), but then use a DSC-level FILE_GUID override, to make it
match gGrubFileGuid from the DEC file again:
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index bb7697eb324b..1593856faca1 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -779,7 +779,10 @@ [Components]
> }
> !endif
> OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
> - OvmfPkg/AmdSev/Grub/Grub.inf
> + OvmfPkg/AmdSev/Grub/Grub.inf {
> + <Defines>
> + FILE_GUID = ...
> + }
> !if $(BUILD_SHELL) == TRUE
> ShellPkg/Application/Shell/Shell.inf {
> <LibraryClasses>
But it's terrible for code that's actually valid.
So instead, we should add an exception to "OvmfPkg/OvmfPkg.ci.yaml",
near "GuidCheck".
(2) The other failure is from ECC.
I've evaluated the errors it has reported now, and all of them are
unjustifiedly reported.
Again, more exceptions are needed in "OvmfPkg/OvmfPkg.ci.yaml", this
time near "EccCheck".
I will send a short patch series to add the exceptions, and once that's
upstream, we *will* merge this (v3) series.
Thanks
Laszlo
next prev parent reply other threads:[~2020-12-04 1:55 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-30 20:28 [PATCH v3 0/6] SEV Encrypted Boot for Ovmf James Bottomley
2020-11-30 20:28 ` [PATCH v3 1/6] OvmfPkg/ResetVector: convert SEV-ES Reset Block structure to be GUIDed James Bottomley
2020-12-03 8:10 ` [edk2-devel] " Laszlo Ersek
2020-11-30 20:28 ` [PATCH v3 2/6] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF James Bottomley
2020-12-03 8:20 ` [edk2-devel] " Laszlo Ersek
2020-11-30 20:28 ` [PATCH v3 3/6] OvmfPkg/AmdSev: add Grub Firmware Volume Package James Bottomley
2020-12-03 8:39 ` [edk2-devel] " Laszlo Ersek
2020-11-30 20:28 ` [PATCH v3 4/6] OvmfPkg: create a SEV secret area in the AmdSev memfd James Bottomley
2020-12-03 8:42 ` [edk2-devel] " Laszlo Ersek
2020-11-30 20:28 ` [PATCH v3 5/6] OvmfPkg/AmdSev: assign and protect the Sev Secret area James Bottomley
2020-12-01 7:54 ` Ard Biesheuvel
2020-12-01 18:36 ` [edk2-devel] " James Bottomley
2020-11-30 20:28 ` [PATCH v3 6/6] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table James Bottomley
2020-12-03 8:46 ` [edk2-devel] " Laszlo Ersek
2020-12-09 12:02 ` Yao, Jiewen
2020-12-09 15:46 ` James Bottomley
2020-12-09 15:54 ` James Bottomley
2020-12-09 16:33 ` Yao, Jiewen
2020-12-09 16:38 ` James Bottomley
2020-12-09 16:51 ` Yao, Jiewen
2020-12-09 17:04 ` James Bottomley
2020-12-10 9:12 ` Laszlo Ersek
2020-12-10 9:27 ` Yao, Jiewen
2020-12-01 8:05 ` [PATCH v3 0/6] SEV Encrypted Boot for Ovmf Ard Biesheuvel
2020-12-01 8:13 ` Laszlo Ersek
2020-12-01 15:26 ` James Bottomley
2020-12-01 8:05 ` Laszlo Ersek
2020-12-03 12:26 ` [edk2-devel] " Laszlo Ersek
2020-12-03 14:27 ` James Bottomley
2020-12-04 0:46 ` Laszlo Ersek
2020-12-04 1:05 ` James Bottomley
2020-12-04 1:55 ` Laszlo Ersek [this message]
2020-12-04 2:01 ` Laszlo Ersek
2020-12-14 19:57 ` Laszlo Ersek
2020-12-21 15:00 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18bbe7d1-a51a-647e-d05a-73e5465d31cc@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox