From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (EUR03-AM7-obe.outbound.protection.outlook.com [40.107.105.61]) by mx.groups.io with SMTP id smtpd.web11.3695.1680860477333044529 for ; Fri, 07 Apr 2023 02:41:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@suse.com header.s=selector1 header.b=XRSHTeFk; spf=pass (domain: suse.com, ip: 40.107.105.61, mailfrom: jlee@suse.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ehQTGK9/Bb7wNus6t4YPydUqzE4A41+4fXGoEtGP/flwVuxQWS+cIiV7KurLL0/0wzpE1cooU+WOETAgeHavPRFWaFuMgfYtHcHG1wTHu4zTPuHjIgZKChgj/yQr9ps6Yz715w7o+2dJKg2LDvQdO6an1i77STV6VqhQ2wjAKMK9B8ZULsUuIG4QmOG1aQoZvVk48mUJYJ8N/ZhwhFMKJB1L/zCQn1FwKL444PChZDyWKpkjMNrMGctIxo52n753+wznmHVYe3VXJ17W2a8Ksf6LdgOfduA0b/RPE0aeCmT4HFY5ap1SHsH63TY1Thg7ht5HHd8G5NrAF3rgR9VlDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6r6osyI6hRYaFxj2pbqK55L4BAcaSw01/iuwh7B0Rtw=; b=N1uY7WM2Sd8RoUVIHvt4bPV7s6hJZQhCNcmwxclMRyRto4YPLmBu08sGvZ7k/6NyHGm3fF79swXOeixO8OfoTvcU3XdGx/cWViqAXvKN7XGnFtoUUCFQ/TZbJPlbLve17yUqTOnaY71CrJS3Pz4MAqey6KDXqKyOlrvuyiE2Sq18SWpWWUZJyQ5fawkNg/j6z5nEIbt4TspRtXIRy1SZ2w3xDo6q9kFxeSmktl53M0vydRjEDDnhU+HL7J3G7ZeB90NWL868XeEej9jX6fwYRramXSH7WO9QIBXsxrRYp9/CxiXJ/9yy5PTD7HLe/pzCc6rXn6Y2gH7O1GpKCv2PNA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6r6osyI6hRYaFxj2pbqK55L4BAcaSw01/iuwh7B0Rtw=; b=XRSHTeFkt4/u6lscFUUetzBq9Oqop/eTaS9OjwP4HlTlHi3ydidtQl/Dn5kGC2slhX7lC7vyUiA4v09Zoq4UIsd4zPrSM5AdPCkUA66Y/mbbNAAuX6wq8vP6ESPK+R4pfFNhnfa1++qlPWbrvSLQmyBY4k+AHkI/FGbaGdfgtt37OV8i2nEHt+AR74sFyTmc3t7LSdLbgxyZvKaIq4QZ3jbfH/tAPtMGTOfWWIf+Kloo28Qgo1v7OfbkR5gLCEUdnXYDJDiP9658wTgvK2BStEbHpXItfI34WW/6s3DVer83ft1jGNdOr+hJWL1cWg/48OAPQMu8TieXvpLmz4dwAA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB8PR04MB7164.eurprd04.prod.outlook.com (2603:10a6:10:129::23) by DB9PR04MB9331.eurprd04.prod.outlook.com (2603:10a6:10:36d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.33; Fri, 7 Apr 2023 09:41:13 +0000 Received: from DB8PR04MB7164.eurprd04.prod.outlook.com ([fe80::2d2:b31e:7a15:db70]) by DB8PR04MB7164.eurprd04.prod.outlook.com ([fe80::2d2:b31e:7a15:db70%6]) with mapi id 15.20.6277.029; Fri, 7 Apr 2023 09:41:13 +0000 Date: Fri, 7 Apr 2023 17:41:06 +0800 From: "joeyli" To: "Xu, Min M" Cc: Gerd Hoffmann , Tom Lendacky , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest Message-ID: <20230407094106.GO8569@linux-l9pv.suse> References: <20230329052310.27-1-min.m.xu@intel.com> <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> <20230331075956.GJ8569@linux-l9pv.suse> <20230331144834.GK8569@linux-l9pv.suse> In-Reply-To: User-Agent: Mutt/1.11.4 (2019-03-13) X-ClientProxiedBy: FR0P281CA0218.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:ac::14) To DB8PR04MB7164.eurprd04.prod.outlook.com (2603:10a6:10:129::23) Return-Path: JLee@suse.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB8PR04MB7164:EE_|DB9PR04MB9331:EE_ X-MS-Office365-Filtering-Correlation-Id: 491d1aeb-5397-4757-2e76-08db374c39fd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pmp4cPOcUJEEbi6rhbUYW3SGn6+t7acFNNeMaZ4sqw742420zfX9xFflBJcJlq0Y2NyJ3+X3JLwGJkWrLkn69jCFQJbs7zWoWtVuFUDgCntrI/rXIGKePDMRGNvaq56LlxTWidwfPc0LNKaL/Piq99GW+uKfgogI1+VvIqkeC4hPf73OQj1ge/qm8s6FKlTHyseIyYJPCSaygZ7SWYK2SekemcqYlI8ROAYH/6WXNQmyAxyHTf6PUCK5bJiZE8woYFXzu09z3mUB7EW5EIAO5/uAbrlSf4VmVYSyci5KABPL+lydgrLPoqBvZhAOLtnCtBmABk+vD1qJDdCgnw9VGL9WHdr3fWs5hpkIMrATa6fvsa0bRLJTFi9lGjB5JDAdUPHwj1/fwn4pdriwJXC1P/oeFMVBmQ5gPi40EpGxBUo2/ZjggkRmAn3RzaERwv31fNfXUNxQxsRRKn063CPwXqQbU4iWXSNDIGiRxPOcSeGqR+LcIFmBxykf6cNS7Wm4kJpEyQVWPllEVnK/ZMSwY1+RaSV+zpUR7MMUzaIq9u8rLI0b7mPiXD9x45giBS6gYQNUD9VMG9L1Kk47Hb7yiIWNQgNeOgEHaPyft5pf9io= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR04MB7164.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(136003)(396003)(376002)(346002)(366004)(39860400002)(451199021)(2906002)(33656002)(6486002)(36756003)(6666004)(41300700001)(66556008)(6916009)(4326008)(1076003)(6506007)(66476007)(26005)(5660300002)(66946007)(8936002)(186003)(6512007)(8676002)(54906003)(478600001)(53546011)(966005)(83380400001)(9686003)(86362001)(316002)(38100700002)(43062005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?B9dRkQt4K0gKHkkcsdJhWJSU1Q4oq1F2JZdO9+xHwYNuNmGgTvrNcLcjzNBx?= =?us-ascii?Q?t/tw/Nk8wmgU4ODepGSyrjDy1GKUJJtCJGDBMm01WGQ2XXyDwMe5UlNMbwwA?= =?us-ascii?Q?smdor/5zG5NAMzv3TCJ4en+W3YD5+b8ITmMnmjG0N5QLIpVWLsqKv/M9KUDy?= =?us-ascii?Q?jpOZ1jVM5wIYkPbx+SM/9dUEYT9pXH30J3xExkNDoxm3Dqh6WiXHOwCRMetA?= =?us-ascii?Q?CAQBNJ1+ih2mONfAIeSzcfsSAUO82OBuYahB9wEzc8MX4BicMqMOAjdYY2wV?= =?us-ascii?Q?lkBa8d7IQ+mfk1D31+3QCDo9TyCCeidvKx9RixttW/h97suomtPNVd0Es8du?= =?us-ascii?Q?ay8CBIxO4lPdUfx8hB0NGkcyo7WNOJ/LHYk9Ds6ppPUupB3yiC9HbcebowuI?= =?us-ascii?Q?DIMA+YafMMaK5f84WUT8xBZRmqBF8GX/qRiIFRPs1auEwzW+hRq9ugtlFDsz?= =?us-ascii?Q?Di9tie4smzK82dhfeHoAJJczlVQnKyN2KfSD86Zxt8q3S9Ul1vPJXWq1IW8L?= =?us-ascii?Q?InayuLW6q0RB4VtWKzNX1upGGYf/+4gxCabJcnQv5mj5ymc3vsFXtZJ9eiRN?= =?us-ascii?Q?rLRmAU0450DQUlsxagNkoqTcLlQlmCDk+EwP3sY4IjZho3YfFqHaxM279NUw?= =?us-ascii?Q?dx79jkRecoZdnqIOdegJvqGU4H0T5aDBvufkmKtQ/LWJUPnF5pMzhWvb0MBP?= =?us-ascii?Q?9k97Foi+dfvj/2hWcRdj3QRX13v+ski40VNbUkpsg1x/WCdR+LZKUsY6qh6i?= =?us-ascii?Q?x3vTaDV2d2SniAc/2ADd87b3qsp9CSOkykympU/73XsOBeHvlCeVHP7N5anj?= =?us-ascii?Q?2BQZJaX3iYT9WtbB/+uAifEEydTlzckUQlBP8GC+48IQHsWecn/Se1WxtPDb?= =?us-ascii?Q?W3vWXlsBnnbp5iOASV3nDQ9/05eZozFCw5VNl6Gs9PlNFgvMd0OK0fbBP6vC?= =?us-ascii?Q?3nemlJeLQEeicscjMQPn2isi/Be8vdY2QKRA5psA6CxBVUF2ofeAFlYvr3nr?= =?us-ascii?Q?Ynl4O3lnyreo0v6CN5xB5AVxSqzRAINwkQfQnzkBtfEqwFVWXys7I5usT+wU?= =?us-ascii?Q?8qq7Yi5p7dbQaF+ykoTN00u4IMGZFsvDjvgIRFLflCEzPkXkBLsx2dJDgugZ?= =?us-ascii?Q?LUDBOYC44RhrJk/8k8B0wPG81JIWX7DxBNm+86cpMuXIw8oN/v2dP/pc6LDa?= =?us-ascii?Q?inD5lDlKJ2ziGufaHAwSrNH1Y+WAGvBRCKAbdAlWp7k/sGSrmQV2YUk739x7?= =?us-ascii?Q?KRXOKyV96N8wpFyAiEzZsjc5ZcNTX4L1wEEjGbUZX8BFfwwhX3jnsnl/ipNG?= =?us-ascii?Q?JluYqmDa86DCppTfxg6U9TZufuTTyB6UXab69d9ysRfWujD3hQykgOm+x2Me?= =?us-ascii?Q?e2H3QIkXfv66EZYXLdizqqrW1E11ZQNjC2AC8OM8z+oDyTEt4b56dvXAANuw?= =?us-ascii?Q?FWMkWJZ+6gIpNzaUfYXYVtoFe6I4EBz9dlZ1WHFkvWoa+0HSEw1FOXJahGgp?= =?us-ascii?Q?jW/vvTIdLaHqyV5vYJ07oCJZEDekiVokY2MbnfAquovavbmznyz8d5abgpJg?= =?us-ascii?Q?4Jwqgn7CDz1BgnOwB4Y=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 491d1aeb-5397-4757-2e76-08db374c39fd X-MS-Exchange-CrossTenant-AuthSource: DB8PR04MB7164.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2023 09:41:13.5191 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: aFhNwaOypLFYBXZ5pAUW6b2bQMiMRUH2hWum/dn2v9M/OsYkzUnDOTGSZOfG7wQ/ X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB9331 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Apr 03, 2023 at 12:21:38AM +0000, Xu, Min M wrote: > On Friday, March 31, 2023 10:49 PM, Joeyli wrote: > > On Fri, Mar 31, 2023 at 10:25:09AM +0200, Gerd Hoffmann wrote: > > > On Fri, Mar 31, 2023 at 03:59:56PM +0800, joeyli wrote: > > > > Hi Gerd, > > > > > > > > On Thu, Mar 30, 2023 at 09:50:53AM +0200, Gerd Hoffmann wrote: > > > > > On Wed, Mar 29, 2023 at 01:23:10PM +0800, Min Xu wrote: > > > > > > From: Min M Xu > > > > > > > > > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4379 > > > > > > > > > > > > PlatformInitEmuVariableNvStore is called to initialize the > > > > > > EmuVariableNvStore with the content pointed by > > > > > > PcdOvmfFlashNvStorageVariableBase. This is because when OVMF is > > > > > > launched with -bios parameter, UEFI variables will be partially > > > > > > emulated, and non-volatile variables may lose their contents > > > > > > after a reboot. This makes the secure boot feature not working. > > > > > > > > > > > > But in SEV guest, this design doesn't work. Because at this > > > > > > point the variable store mapping is still private/encrypted, > > > > > > OVMF will see ciphertext. So we skip the call of > > > > > > PlatformInitEmuVariableNvStore in SEV guest. > > > > > > > > > > I'd suggest to simply build without -D SECURE_BOOT_ENABLE instead. > > > > > Without initializing the emu var store you will not get a > > > > > functional secure boot setup anyway. > > > > > > > > In our case, we already shipped ovmf with -D SECURE_BOOT_ENABLE in a > > > > couple of versions. Removing it will causes problem in VM live migration. > > > > > > Hmm? qemu live-migrates the rom image too. Only after poweroff and > > > reboot the guest will see an updated firmware image. > > > > > > > Thanks for your explanation. Understood. > > > > > > I will prefer Min M's solution, until SEV experts found better > > > > solution. > > > > > > I'd prefer to not poke holes into secure boot. Re-Initializing the > > > emu var store from rom on each reset is also needed for security > > > reasons in case the efi variable store is not in smm-protected flash memory. > > > > > > > I agree that the efi variable store is not secure without smm. But after > > 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE doesn't work > > with SEV. System just hangs in "NvVarStore FV headers were invalid." > Hi, Joeyli > ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is skipped and an error code is returned. So system will not hang. > So another solution is simply remove the ASSERT. Then an error message is dumped out and system continues. > Ah! You are right. I forgot that I enabled debug mode. > @Gerd Hoffmann @Tom Lendacky @joeyli What's your thought? > Removing ASSERT in debug mode can workaround problem. Looks that it just hide a problem. Thanks! Joey Lee