From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.17446.1680067417223862399
 for <devel@edk2.groups.io>;
 Tue, 28 Mar 2023 22:23:37 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=iisFsvHS;
 spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1680067417; x=1711603417;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=rjS3UOzpL1X4fEM/XGrSdCnMbufyhny5BkCr2BG5Z0U=;
  b=iisFsvHSIGl16Omjt9fCBhX8RyXGNc4KEpCAiDQHtVysRBI+zm37jAku
   10nmu4/QnGX3HYVH+tyOFPrcFvsX1RArHEgoXELzU1mJ1FQ8vtYbOP1uk
   4Qt8yY5Vu1xoilKEwYP8pAy9/WX4NF78UA8E8y1M4rxKU7RwE3sugbez4
   tloAl4R3SorTif8/JKrcdnnm1TyDZerJi9yOYujSPuY48hDcAgVTlcNo0
   W2GiiL+AyPgVdzePFheiOhjMU+1X9uXWCyE/eXgD9OPjhswkUrbGCtbc2
   stvVqYW62oEk41qTPiZ0R6m14c3AA7xV704EI00oRvPMFljh2EXgJCgJN
   A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10663"; a="403403181"
X-IronPort-AV: E=Sophos;i="5.98,299,1673942400"; 
   d="scan'208";a="403403181"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2023 22:23:36 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10663"; a="795083576"
X-IronPort-AV: E=Sophos;i="5.98,299,1673942400"; 
   d="scan'208";a="795083576"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.48])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2023 22:23:34 -0700
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Michael Roth <michael.roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Joey Lee <jlee@suse.com>
Subject: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest
Date: Wed, 29 Mar 2023 13:23:10 +0800
Message-Id: <20230329052310.27-1-min.m.xu@intel.com>
X-Mailer: git-send-email 2.39.1.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Min M Xu <min.m.xu@intel.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4379

PlatformInitEmuVariableNvStore is called to initialize the
EmuVariableNvStore with the content pointed by
PcdOvmfFlashNvStorageVariableBase. This is because when OVMF is launched
with -bios parameter, UEFI variables will be partially emulated, and
non-volatile variables may lose their contents after a reboot. This makes
the secure boot feature not working.

But in SEV guest, this design doesn't work. Because at this point the
variable store mapping is still private/encrypted, OVMF will see
ciphertext. So we skip the call of PlatformInitEmuVariableNvStore in
SEV guest.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Joey Lee <jlee@suse.com>
Tested-by: Joey Lee <jlee@suse.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/PlatformPei/Platform.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 148240342b4b..be9ba3e00124 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -223,7 +223,20 @@ ReserveEmuVariableNvStore (
   PcdStatus     = PcdSet64S (PcdEmuVariableNvStoreReserved, VariableStore);
 
  #ifdef SECURE_BOOT_FEATURE_ENABLED
-  PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
+  //
+  // PlatformInitEmuVariableNvStore is called to initialize the EmuVariableNvStore
+  // with the content pointed by PcdOvmfFlashNvStorageVariableBase. This is because
+  // when OVMF is launched with -bios parameter, UEFI variables will be partially emulated,
+  // and non-volatile variables may lose their contents after a reboot. This makes the secure
+  // boot feature not working.
+  // But in SEV guest, this design doesn't work. Because at this point the variable store
+  // mapping is still private/encrypted, OVMF will see ciphertext. So we skip the call
+  // of PlatformInitEmuVariableNvStore in SEV guest.
+  //
+  if (!MemEncryptSevIsEnabled ()) {
+    PlatformInitEmuVariableNvStore ((VOID *)(UINTN)VariableStore);
+  }
+
  #endif
 
   ASSERT_RETURN_ERROR (PcdStatus);
-- 
2.39.1.windows.1