From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.59]) by mx.groups.io with SMTP id smtpd.web12.10771.1644938306441832987 for ; Tue, 15 Feb 2022 07:18:26 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=SpdexHo6; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.59, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G3jgxD+mbr37BngeXozyZPVqFgwroZl8N7xbefhqErseRF1f9D1iShsSUYEyukqr9G1BicIplSv45ti32QaxGiyGcVVBfCuAIhDKsuOjbCbYepYmBew+HcnIiXG8tTytreX66k6T4iB7tbkiUNigX0rV1YLpqQDdJjgt//I4EAkxnkacD77Y1G4eowlliCc51Rb5VMMrr4xCfBCudn3TOPn/XGC8jiE/aBxfOi40OEzxoHyhCJis7BK4wBUDER7QTDHdqkYyr88SwZ3UdndMDyleaxSK18enlWr3M+1IpkdxX85E1EiPUX1RrNlvbTk++0IxT1lcrrYiPfnUyR09kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1fYo8jyMgxkOjCdwq3GDYfGSiV6LgUfm2vclphMHU/g=; b=ntpXMVLq0KbnHp6Slv6P8Krbg/ox9bTJRy6Jq7N7pQkYRV+Q8+UFZJrr+1cDKbCdPFBG86LH2Nvv9xHUg7AsGDmoOtSlVtu9hqHgc29EcRP16BIPJkQrAfZ9BLjqaLc9rX+0O5TwBaxwmKJZmZgiS501PPZak5hMZfrmZ1UlvELdtFuCSAX2P59S4PnWaZr+t0bSjsdt8/sZc/MFd9Q4Q4IcIWsxGdABcudDPIPq+8oUJJ9mGc47f+7gECNrQBuj9MnmykBINhlNLR8uy5/KHLY+dZutwudW2AsGQOS4Ui2IeNTZgVVxqAMYELriI0dMziH23Nwq0emXV9vedkeXKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1fYo8jyMgxkOjCdwq3GDYfGSiV6LgUfm2vclphMHU/g=; b=SpdexHo67p1FrBeFo1vgrwnL9LExJzk5FT4U6IeC23tSWLguzEAkVNgwkRkhbG9vOy/ySbZIY1WaVRHAqvDHqLAN3NN37I8eP1EwioAE5e6D98+gwSC9WmWIQtOiNEAJ0EzJT3vtlIjONeA9t1lBT3hRUR3DLlDA1e5OdVhh3zU= Received: from DM6PR21CA0026.namprd21.prod.outlook.com (2603:10b6:5:174::36) by DM6PR12MB5005.namprd12.prod.outlook.com (2603:10b6:5:1be::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.15; Tue, 15 Feb 2022 15:18:24 +0000 Received: from DM6NAM11FT054.eop-nam11.prod.protection.outlook.com (2603:10b6:5:174:cafe::5f) by DM6PR21CA0026.outlook.office365.com (2603:10b6:5:174::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.6 via Frontend Transport; Tue, 15 Feb 2022 15:18:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT054.mail.protection.outlook.com (10.13.173.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.4975.11 via Frontend Transport; Tue, 15 Feb 2022 15:18:24 +0000 Received: from sbrijesh-desktop.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.18; Tue, 15 Feb 2022 09:18:23 -0600 From: "Brijesh Singh" To: CC: James Bottomley , Min Xu , "Jiewen Yao" , Tom Lendacky , "Jordan Justen" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Brijesh Singh , Aaron Young , Dann Frazier , Michael Roth Subject: [PATCH 1/1] OvmfPkg/FvbServicesSmm: use the VmgExitLibNull Date: Tue, 15 Feb 2022 09:16:38 -0600 Message-ID: <20220215151638.1671473-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Return-Path: brijesh.singh@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 186203da-b959-47f6-2f39-08d9f09668f1 X-MS-TrafficTypeDiagnostic: DM6PR12MB5005:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1051; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iHX5BTSnrtKUlacv6FT5utuFj123PuTObetAuukOruxoApZnxP1g6hoDF4QeTpHWVzbT092XKI04V3KqjUSNro7suZmQeVxJzX8Qfhv+WN2g8rmMktBTLyNWWeHpT2awGmTD4F+QWUP/hNXG+W4LKi+6Zt0G0eHdUnjFKgv6BcI/DMCGx1XlGFcSHaJrJuSiUJ+tv/9r3SnFfDIOX8WhZkcaROPMpZxOFKZtiYc/ORwo1AWk9f5EK4TDoXTigFPfbE9/l4Ilt4blsgGYS6+RLhxFsdPJoyjZdLdVK4jVuFO3ZX1DmOc8fDQn5RJIp7GtfkWDiPMMi1DNC72gnrSyhSA1qm741GSR1SYLC+xbtzoCDkT+7pAeJ9dJiDhp+gW+o9oE8kugO139t3zKDbdVXbN8z+iaksyGqD46+JUjw5pH/muVjntv88EQsOgU1ftQo7I7cVHCNwhb/EmthxfV+gpzTSAtYQxayw/1S6yf8kydvah+JSU9lbeOKBJyB168ryZeY4KtBDXcXS00R9QqygX8YF9PDcsxLzcfRnvvPsSWkU4NHoeGOpFJpd2wy1pc70OeshfLRCCAI68pfRF7p4FtrWfJMDvMFSh3jsWftc0Y+CN4tObj1DQ8wwDZEZx9Qf0UmG3n+UdXpaPdxkMuYz1nuFlLJFBHNwdMQLgvEMuT2Y330m1Ou7V7O221rYVKvXO5M/vS1K/b3NxnKuXl0YpZePqEhilcx/W6FVwRFU5Qk9Vu6BZvRRkXDaSa6eJTT6Nh+zs2spi0v8bne6IQsh0OUWhSJgXayWH4rv37sHU= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(356005)(4326008)(81166007)(508600001)(40460700003)(86362001)(5660300002)(8936002)(70206006)(44832011)(7416002)(8676002)(70586007)(36756003)(2906002)(26005)(316002)(7696005)(47076005)(36860700001)(1076003)(186003)(82310400004)(966005)(83380400001)(426003)(336012)(54906003)(6666004)(6916009)(19627235002)(16526019)(2616005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2022 15:18:24.5252 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 186203da-b959-47f6-2f39-08d9f09668f1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT054.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5005 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3835 The commit ade62c18f4742301bbef474ac10518bde5972fba caused a boot failure when OVMF is build with SECURE_BOOT/SMM enabled. This happen because the above commit extended the BaseMemEncryptSevLib.inf to include VmgExitLib. The FvbServicesSmm uses the functions provided by the MemEncryptSevLib to clear the memory encryption mask from the page table. It created a dependency, as shown below OvmfPkg/FvbServicesSmm.inf ---> MemEncryptSevLib class ---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance ---> VmgExitLib ---> "OvmfPkg/VmgExitLib" instance ---> LocalApicLib class ---> UefiCpuPkg/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf instance ---> TimerLib class ---> "OvmfPkg/AcpiTimerLib/DxeAcpiTimerLib.inf" instance ---> PciLib class ---> "OvmfPkg/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf" instance The LocalApicLib provides a constructor, execution of the constructor causes an exception. The SEV-ES and SEV-SNP do not support the SMM, so skip including the VmgExitLib chain. Use the module override to use the VmgExitLibNull to avoid the inclusion of unneeded LocalApicLib dependency chain in FvbServicesSmm. We ran similar issue for AmdSevDxe driver, see commit 19914edc5a0202cc7830f819ffac7e7b2368166a After the patch, the dependency look like this: OvmfPkg/FvbServicesSmm.inf ---> MemEncryptSevLib class ---> "OvmfPkg/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf" instance ---> VmgExitLib ---> "UefiCpuPkg/Library/VmgExitLibNull" instance Fixes: ade62c18f4742301bbef474ac10518bde5972fba Reported-by: Aaron Young Cc: Dann Frazier Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Signed-off-by: Brijesh Singh --- OvmfPkg/CloudHv/CloudHvX64.dsc | 5 ++++- OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- OvmfPkg/OvmfPkgX64.dsc | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.ds= c index 8ac9227c5f50..3172100310b1 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -906,7 +906,10 @@ [Components] # # Variable driver stack (SMM) # - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { + + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 29eea82571c5..85abed24c1a7 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -956,7 +956,10 @@ [Components] # # Variable driver stack (SMM) # - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { + + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 56d3c49ab21a..a9c1daecc1a8 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -974,7 +974,10 @@ [Components.X64] # # Variable driver stack (SMM) # - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { + + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f0924c0f9d0a..718399299f57 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -971,7 +971,10 @@ [Components] # # Variable driver stack (SMM) # - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf { + + VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf + } MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { --=20 2.25.1