From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (EUR04-DB3-obe.outbound.protection.outlook.com [40.107.6.85]) by mx.groups.io with SMTP id smtpd.web10.49503.1680249611115214448 for ; Fri, 31 Mar 2023 01:00:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@suse.com header.s=selector1 header.b=zo/sGmAa; spf=pass (domain: suse.com, ip: 40.107.6.85, mailfrom: jlee@suse.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aYm9Vpa0s/NZhLOEQKFV8C8yzO5aFm9Gg5m47GoNwFuLd4qJknJ7Ew0N6rT8GRLvhL26pcFaT9NCmO/NAp0YpF0V2LfFrwbSOSiKkX4+ZhM5LNRt7h7WGKdgx+hKXs8Vj67MLUmsDkhdFLEG6QEtujWVO4qtpOmvcKth1ICHrNKDVQf9QNtrDw1eV728qLwqOrISRsg3KopeAKCx+8o5wKmJTy6H2MdthJ3wuwYYEYkkhCwtIXsgyqLdE4ZO91Wezrp4VNceXRFg+LDxU9jKi/qNevig+4QK3oD2AHA7/dtIRNnutVsdj7j6VVmYH4a5UkZPk0yLJHrf4nUgUuLKWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iMTGOL1D5UjcK+1YNOxiUD/DuYXSnlc3/HBe4ylDPXY=; b=b8L9ffLUIbBlAwKUegioC0V8PJsr3MVQzIBSm16C+I3pEjimUdS2o+oIeDiruONho59WrNwQc6SPnlmFMnfl4QV8fTLBMuDPtdSImL0JAvCnvpMMWxGjzWiIwVGq9kFMcd3lWD+3s2J72BIbd1WF7k7LBAhmOPvVlCAdLSk5dN+hoLKinciJt6t2/sZhJ+2LPXn2MyLC0s872W4i4DhoNaPQ1PC9SW8rjhn56dCV0IylPRscXLrDMOBS5jlaJfwIKzLes8O9o/rPuh/RTi/+Nf7dx1aBve7rslobWRl7uj5nxYb7s6KehhgVpc6Y4fa/f2N17zq0LUt56w74+kVykA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iMTGOL1D5UjcK+1YNOxiUD/DuYXSnlc3/HBe4ylDPXY=; b=zo/sGmAaQHxgora2EnXTPdStpqCxncYqVxYdgCuHBaeVrCDqyX4OC3IPPNUTNHRXVUtUFilGBR6bwTcY5stwITzAAoUlaUolmNPjReZonIN0+p4TPC2blKj5qTMcjZlgTk10B14FCN5qbpMQ0Ebt4lU72uQvFrHLPBNeBkHH4I5iRecsrzb8XWy2y33/FcPU99OLFGd69vgxVWT9S+BTYf5u/Dr87VrXzmqSJ860l44dEgMxs6bDv5aXZkcGqsdLGYOwPAI4uKPGRg0C9/2E+ZOExp4wdACmVKj/YXIzhI98NR/0y5zHsCGQI8vDfNU6fbx4XL5j2ZD954KDvOASIg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB8PR04MB7164.eurprd04.prod.outlook.com (2603:10a6:10:129::23) by AM9PR04MB7681.eurprd04.prod.outlook.com (2603:10a6:20b:286::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.23; Fri, 31 Mar 2023 08:00:08 +0000 Received: from DB8PR04MB7164.eurprd04.prod.outlook.com ([fe80::ea33:6d90:451b:6a1c]) by DB8PR04MB7164.eurprd04.prod.outlook.com ([fe80::ea33:6d90:451b:6a1c%6]) with mapi id 15.20.6254.021; Fri, 31 Mar 2023 08:00:08 +0000 Date: Fri, 31 Mar 2023 15:59:56 +0800 From: "joeyli" To: Gerd Hoffmann Cc: Min Xu , devel@edk2.groups.io, Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Michael Roth Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest Message-ID: <20230331075956.GJ8569@linux-l9pv.suse> References: <20230329052310.27-1-min.m.xu@intel.com> <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> In-Reply-To: <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> User-Agent: Mutt/1.11.4 (2019-03-13) X-ClientProxiedBy: TYWP286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:178::12) To DB8PR04MB7164.eurprd04.prod.outlook.com (2603:10a6:10:129::23) Return-Path: JLee@suse.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB8PR04MB7164:EE_|AM9PR04MB7681:EE_ X-MS-Office365-Filtering-Correlation-Id: 55797ca7-d449-474a-3e4d-08db31bdf225 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ra/5xsmebI19CJEhtcJPdsGH9jkCVVxiot5MUo++Ras9i9ZhfRqiyJh6wFwHNQIz54Fd7yWnVamHCKmOlJTVopakfJCuTQjxLv9Xelxs8LlDTIUBDMjS0976OVuXuU5nmbD+tr8Sr10UjPVlkf2INbsjEABu7x/SNGgPwna+PEbz6hi2bnQjWj4QgDzi2j4KN25ADqAyicbId1+FgIloNEeVdUZLIi851d5MIgCHcKBQIrwfjpl4UfZlj2Qo34qVFv/9eIQYb89Bct3xmdtyDX0HWpP6GHXjT/VQNEN9e9uMMuSgTEMgCGoeujrf2D+mjHr0Nis20408ongQTAA39VclbEC9UOcpEG7trkAyH6NgTRX2ueUx76xpUGDjpfmaB2MO5EjJI7k/gCyMFTXqqlVZK9m3qPwaQbve4n1vXQB6AEe7FDcKrJAiS2Jb45Cu/Ku5XdydvMIsOh++mCnU1QOIXeRJ6Bw079KbjT7Gg2uQIbpx1HnY3Ri2FH2tOP8dCihva3AwJHVqmXksjCJbC5+UHOzuYomoXC57JavRzGyF6d8c+EKtRZsOIl+20+BC5zfs5zO6KVMU3Jn5e0HRD9gA3PiC/OlPMznF02mKqh0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR04MB7164.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(136003)(39860400002)(376002)(366004)(396003)(346002)(451199021)(1076003)(186003)(6666004)(6512007)(6506007)(26005)(41300700001)(54906003)(66476007)(66556008)(478600001)(66946007)(316002)(6486002)(6916009)(8676002)(966005)(38100700002)(2906002)(33656002)(36756003)(4326008)(86362001)(5660300002)(8936002)(9686003)(43062005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?c1J7vlIOYi4cNiPaZKFAeAmByTvzslHcXVaeNbq9qXlLPAVteJFgaSLRq1Jn?= =?us-ascii?Q?Wtr9q9rTU4wO7mFsA+m2e0FbM2rRtuwltMKQbdx9pStGoiio2M7QHaiqbArU?= =?us-ascii?Q?jtPYW5XaePI6M5YPZvbBYkAfuWtUGaeHy93cfwKZf8MR3ZPMlPqCfO7nBJ9L?= =?us-ascii?Q?0pfQBcKWYcBgQWzhjv5xD5fo7nejE38lVmcdO90WLsWC1hUDLhWQPv/Aewek?= =?us-ascii?Q?wV8pCp2sBKeGcGo9D+31LO5e5E4GkDb84524z2ZVDG4TdokS93xUupwlYIDK?= =?us-ascii?Q?ABKTAb03cmdrUq6NwVsWdupKzS4tlK+LoXCNUu30vEKKvk+ROkW+F/GP0gUd?= =?us-ascii?Q?ajy30xstlMpvF/tgyClYS47XjqBMLPksfLJWtXGCWMlipvGfCmnBNLbuHkj1?= =?us-ascii?Q?M7JU9UUm/xlrvSBmXsEAHWw7d5Cz0GF/ZT0FSC2/5j/z8G1abhoLh8P4elGu?= =?us-ascii?Q?Xvc5GfIL1Q97lqbj6lcIfsJOGN0OZg30RFnv3PpO23JW7fqoC9I9L5ZLPLVs?= =?us-ascii?Q?BaeGvxWRuWS7XWt0FZMndBGTQ5TVLHBPSHeGu7dgx6iaZ9cTzMIPIpqjc6UO?= =?us-ascii?Q?2xszwGgTTiUD9xq4aNM+ABtO9mwBvxhSBbJ4pkgCrlni80wBQvLfFb2qYpT5?= =?us-ascii?Q?bj7lGwUaMZRvcxrRT+WWXcM8GlCXYUyYXI90sUKYCy2HqWMjj1XRzc5X9BMp?= =?us-ascii?Q?OOcnpm+g0g+HHaeluFRUTocKNa//2S43jDsGCOkNLttdtgffNKY5Yw5MJTLi?= =?us-ascii?Q?gFmoIOPIZq2f67gxVepEZTj1+JKGHd1rsQZRyFsIgg26L6RIu2ubAMGzdNBp?= =?us-ascii?Q?4fSM8dC2XxUei9Tgx2daDwdHlitvjOsNYw4ObO/5or4yBKS6Ly/XAqaG3EC3?= =?us-ascii?Q?WwBbiqPazBqyQ6Um3G/jGkQOLHoMthrvWpSY6m+3VZhCEsYrpafEGqWa7jFw?= =?us-ascii?Q?r/cEYb10Jfr1q12qqDCGFXNDhjyteRiRXpR4IvwfD4d0RmFM45pq9XRCdc30?= =?us-ascii?Q?4R8T683KLxm94iI7Aqiil/IxtrnrR7flT1rGyAhtrlMKks0iletcaL4Ce8tl?= =?us-ascii?Q?txAes8fjxePv46fWHsYyV7QO5G7QpZicAQEMWU0V/u2bV/8d7EbbYnj05FEX?= =?us-ascii?Q?AL07sXb7k1dg1sA8qvCDUwYerQAJrZheE4aEBiyTHRihBaudKhQ6Jm1iZuD1?= =?us-ascii?Q?amoAo3By9v3ihl9PMEUkScZpePNqJRGwRtGiYhJfo8RW2r1SGLGwE7kda4um?= =?us-ascii?Q?81lZQSGd1I8gi6TQhlwqPzyIqyiGXQjHSYYz64p4/OdGnczZYHaFcTmuaM4r?= =?us-ascii?Q?RbH+yA5fawFEJSrabukh1BdxxG4UE7u3zK6W9SIJf3N3lJWT1WT8cRQcz/El?= =?us-ascii?Q?fAfVLLFiYGrTrvMkP3PkyVI0oxVystPt0XkBWxo6EJeBy5oTtvKj0nGtS142?= =?us-ascii?Q?CQaemaXo10C0PPCANVlp4C8/YXqtpn4XZKkndZOWuAIQHChymeSgDUSyZTYp?= =?us-ascii?Q?HtrqnrCFXwDUCEhIRLVDjzwKlFfFhFLA/4pX8jgUFpApjElR1iuQoz1PzyLV?= =?us-ascii?Q?uPrNDDdEF4S+7KzDEG8=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 55797ca7-d449-474a-3e4d-08db31bdf225 X-MS-Exchange-CrossTenant-AuthSource: DB8PR04MB7164.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2023 08:00:08.5547 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: d3eOww06oirEXn41tnYgMNnLi5iJWflua2Fa8gBumb2yAGQwY8c27o/DvQ43H6AY X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7681 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Gerd, On Thu, Mar 30, 2023 at 09:50:53AM +0200, Gerd Hoffmann wrote: > On Wed, Mar 29, 2023 at 01:23:10PM +0800, Min Xu wrote: > > From: Min M Xu > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4379 > > > > PlatformInitEmuVariableNvStore is called to initialize the > > EmuVariableNvStore with the content pointed by > > PcdOvmfFlashNvStorageVariableBase. This is because when OVMF is launched > > with -bios parameter, UEFI variables will be partially emulated, and > > non-volatile variables may lose their contents after a reboot. This makes > > the secure boot feature not working. > > > > But in SEV guest, this design doesn't work. Because at this point the > > variable store mapping is still private/encrypted, OVMF will see > > ciphertext. So we skip the call of PlatformInitEmuVariableNvStore in > > SEV guest. > > I'd suggest to simply build without -D SECURE_BOOT_ENABLE instead. > Without initializing the emu var store you will not get a functional > secure boot setup anyway. > In our case, we already shipped ovmf with -D SECURE_BOOT_ENABLE in a couple of versions. Removing it will causes problem in VM live migration. I will prefer Min M's solution, until SEV experts found better solution. Thank! Joey Lee