From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.45]) by mx.groups.io with SMTP id smtpd.web10.10098.1680878961325738670 for ; Fri, 07 Apr 2023 07:49:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@suse.com header.s=selector1 header.b=FneBL/fO; spf=pass (domain: suse.com, ip: 40.107.21.45, mailfrom: jlee@suse.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PPzwwI9q1WrnlA5kt5mIA4b+1s5lxReLDh/PHdRektCzLzkpl9TaToYBMCW9ZUbcyqAQ2o7aS1BBcg7zwNqzv/BUiBKetBDR/XtBWAHxXsctHKeIo1KCCjnkUupGVD1dUiddDaljL/rD+tk5hyX6Dpot/wgSQTvL2lWPhoBn+k8GgC4GlWTTl2cGy88+1KVZHFaIhMbdM+pGkBDohgGt9yB+CGtTH5jNQmZxNSyQwAUTZcI9LlL8/BxZI02rP+1DFTB1xOqFnjLxymW/OEH/QvWIPtJbj6pPY5qAqmogKik+xjxS0IfHOG0eAJ1d7X+1gxQRlVUy9jxqXDqrJ1eEcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t8SDeqg7bgBg1Os4wHdciySHY4RyNLiRSI4n7ZhyPMw=; b=AxwFnJh1hRy8Op9G+WA75kLziIG+BW4W/+/oKoT2aZHgAZqE1ZdIfhZ2KEyzsbAihSg9Ha6qkuV+twZ9u53T/WV7QbQwifyCiYRfMF/s6TtV/XoA7MopS4k8FA8keZ3yBv7GTCx35XT7UbieBWjCrx4FizQYF67vFvpqmIvq9ugRXzXgrdFTqmFQKLYX9NQn8iKieFI/xAsui6yLkOW7FZus4YlI48U6y/sZ+81lsmsPafjskPzjwBvP2a07ldlf/aHyPrkumI+qcKTRpzQAFSdPgMcORHp413frrz6WO2HW1/ByVXyrqewY/BIHybRHhd2Df+EyhXj3lKIhHzzUgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t8SDeqg7bgBg1Os4wHdciySHY4RyNLiRSI4n7ZhyPMw=; b=FneBL/fOKBtcnSM6fsQI7imcDm3AlYC3GFZ2y3L+le+YodD8T2pufFE3LwXSFCblqmzp57aNXpRy4z26gzPcPQ7M5oJqwZUw5dQGuYTDTCwCrdVkOknKBVj60x7d0ukXthpx7oQvBNFMnu3j7S70tBBbrGZ0AUaemi2JUKBUrCo+z4s/vtYdwGQn8/MqSU5Fa8ByRcc8LdTWRj8kqsFke7jdoS7rCi/HI46JhXTyUaKZ7dVTOHOH/viNdAOScL56BtwqqE2Du91N2OLVF+b3DmEKebKa4qKB5KaJvP9BXEPGlho4LGRUe9d8g/KqZ5O+GxzHRZ84mhO1jNnvEmuCzg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB8PR04MB7164.eurprd04.prod.outlook.com (2603:10a6:10:129::23) by AS8PR04MB7862.eurprd04.prod.outlook.com (2603:10a6:20b:2a1::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.34; Fri, 7 Apr 2023 14:49:18 +0000 Received: from DB8PR04MB7164.eurprd04.prod.outlook.com ([fe80::2d2:b31e:7a15:db70]) by DB8PR04MB7164.eurprd04.prod.outlook.com ([fe80::2d2:b31e:7a15:db70%6]) with mapi id 15.20.6277.029; Fri, 7 Apr 2023 14:49:18 +0000 Date: Fri, 7 Apr 2023 22:49:11 +0800 From: "joeyli" To: devel@edk2.groups.io, min.m.xu@intel.com Cc: Tom Lendacky , Gerd Hoffmann , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth Subject: Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest Message-ID: <20230407144911.GP8569@linux-l9pv.suse> References: <20230329052310.27-1-min.m.xu@intel.com> <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> <20230331075956.GJ8569@linux-l9pv.suse> <20230331144834.GK8569@linux-l9pv.suse> <5d170680-0a9e-2d5f-ecc1-e9f587548e3c@amd.com> In-Reply-To: User-Agent: Mutt/1.11.4 (2019-03-13) X-ClientProxiedBy: FR3P281CA0099.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a1::16) To DB8PR04MB7164.eurprd04.prod.outlook.com (2603:10a6:10:129::23) Return-Path: JLee@suse.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB8PR04MB7164:EE_|AS8PR04MB7862:EE_ X-MS-Office365-Filtering-Correlation-Id: f32f1543-129b-49e5-d4de-08db377743a0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BEvN8l74qq/XPVN/NvXMt16v2NUCnI8whH8VQjJr6PAKNAszTz/nxXkOurnKjlpCPuSye9yAWZVSfqXrwhNdYgv54wAsYWssfH3XM/K9KlhwLmZMU5ABpF9DJ+VVvIcy2+dpU1aFCPswyXEqDUUhOaAptM0IIbiOX8L3ifixogsoyB9KmKk/3LELP4JJt/pqmmswz3FMGB+9UfOFtWbYtyz2HsUl4ygiHjNllHX+z+5H6wGEJSEtQhJp3i4+qP52Hrb42l93fsh28ilp6qmR2R1FdFrZWuDJNvSqDR1QoMlsGqZHOaixTdgmvW5GVZKLBKFx7riYWDpGE9LavCTMPXKAxbqZC5qki+m56DkIngKfhCqZzwfLnZSe5HqT6KHkHXXrwIZEWv6lTpyqqOKNijBtntuayw+GKvFKe1qpNGgfBZ8KI0GaBSn92LlCWMBYVpAIk+xMxgM7bHR7BCVxo43zVWm47/PkJu7Ob2Z5q4NyDesysUeNwTAXZMhCgJxxWalWPZkwvgY0ktpAxxMQX19Ghe+jQzdRS+Z1lM5gmxSzWivol96bHX8z7C6c+7yZwHAADegS1eeDxsH8Sk3U75Crv04Zhg6qFETjf2j2lYUs5eiGxUSkP6zaQVAad+/o2nnVYDeqaG7XNmvGDkfKuQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR04MB7164.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(39860400002)(376002)(136003)(396003)(346002)(366004)(451199021)(316002)(54906003)(478600001)(83380400001)(33656002)(6666004)(6512007)(36756003)(26005)(1076003)(9686003)(6506007)(53546011)(186003)(38100700002)(86362001)(6486002)(966005)(8936002)(41300700001)(66476007)(4326008)(8676002)(66946007)(66556008)(2906002)(5660300002)(19627235002)(43062005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?GiOrUKB6rQuF3iRcLJ0mn4GsnMyd7TDV3jhY9Cxs5dmbbKKPxP6/fqtznJGQ?= =?us-ascii?Q?uKtn4an3zZMGXE1ZcxNgGnBvGBP51gMJxWYtQtUPplk11w/1mvNdx5A3uKC1?= =?us-ascii?Q?xzFUJLDg2HuOQiGsDBFNxtlZDx8S7jaUCvHMXZCOvSfWnFHphqkLTD+DsDj7?= =?us-ascii?Q?1GV69+0moDBhd1trxQLMAtJg/ZcfnFtw+TldO1BTxMUv4gj6Ad0hiVnlsO3P?= =?us-ascii?Q?Ec0lqG03TScuLFLFvntNOrqQ8Ef+VVEP/Zi4xewY/Y7skMusI0+FxM7b+3vy?= =?us-ascii?Q?oswHlgstZ3FVBZV8hxuqF1Z0yxfww9czfAkh4dYNHERh4EVbndcpsTvETESD?= =?us-ascii?Q?nE+XbjnuYZgSdHT96EVe8tqWzIgM9S/ePOqaot7N0LicHngcfg/6W6MjtdLP?= =?us-ascii?Q?zRQAkAveQVCDCKPK407foVVNSdArEzdbB+mxlOWXr5gZXWdjuabxdzLSpN5B?= =?us-ascii?Q?YO6R9QKc4Fmye7kFDnGMtD2v4INfrhObRw4BzcZtQkJNe3pqb4vUC209auAB?= =?us-ascii?Q?zusvaO7ebqgaPfIRd7shOY8UBlpaaKf/lnsrwgGSQRqogdegIJ6bkaYqXEPb?= =?us-ascii?Q?GBEW1kGR6b3lr2XfhxTdidagPTuuf9S9miiQ9gGUPH6iVN9Ku7ocoJUUpOzb?= =?us-ascii?Q?7F71rY9nrktaHkrfEMP1VkxAo/CpcfQT3xaXqGqdlmH5WZQG9U2M+vPNQ8jI?= =?us-ascii?Q?BzoYfrDiKL6JFJO7PpP4rS8CB1GCJ8p2Yomh7OIvk9b8hmGSkPkV2xcqXcXV?= =?us-ascii?Q?HPAK2RzQ3O4NwXNrOcq5CcjkeuS5JRFo61rW82NOBkRs+lhIpM54D21onLhS?= =?us-ascii?Q?9BGDEQ6Wq33c6+e7yDTm/Zf44TYggTcJuxztlFySTIZRWHFNbL2P0TZ7p+l+?= =?us-ascii?Q?AhYmsgFPxpYaexKdEb6N044Q7gqoUaXD7xYhrihgqWFCp5ntScoH/4Viu5/e?= =?us-ascii?Q?AfDqPHK8Me9zNvRYRxBwNcmd6/eaUl8kq9mqpqGwX7I1Tl8CxxFa4uIlz/vn?= =?us-ascii?Q?+Wd1jKzgdrG6p858xgXN9Yt+54yQJChcMmOL5Mz4ayYEIZPucXSA1tNALZGS?= =?us-ascii?Q?zv5Q6wmH2vMP/uJY83mfjMEqxmA2CLpE0mE8s+9BTv9nxXtUgcUNSQGwjd7n?= =?us-ascii?Q?Ifbkh4+Kl83RoGtM2sJBBgI6nprGOJMMdLZJUcFiHEA/61o92ah+mBp8EAS8?= =?us-ascii?Q?UZyxj8RCZnq7jH2qDSWzwwUP7YFrs+bWjvmVhcHzq+kK8c36d9czejKsp8mO?= =?us-ascii?Q?gpqDpzZZzffdTtUhSD+xle7b9u8TWmaLSSlYvjgpOZr0q0LbL1EXIYKSHWIj?= =?us-ascii?Q?8XSKlwqUvlDIIsyx9vaKabhoavp731qUhjeKaLaFw7LgThwUsekb+RiR4j4f?= =?us-ascii?Q?98QHqydM5Ip4nYf4EFmy3PZVia4CwRot0PiuHW5X9xH/Cs2TFIDS5XI9e7FW?= =?us-ascii?Q?6CqDOeFtyUz6hq9dHmvFtEJoMlc+XWBHudexjBAZcGHM2QPfCgOa7QSbaGpY?= =?us-ascii?Q?UMtMRuIaZRSOEzglyLKt0Ly4N/+EMnx7V6fhPzT6TajtUEuYg/51cLrvJ7Gx?= =?us-ascii?Q?4AQPYDtPEDYkDVKtAww=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: f32f1543-129b-49e5-d4de-08db377743a0 X-MS-Exchange-CrossTenant-AuthSource: DB8PR04MB7164.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2023 14:49:18.0581 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: v+pSzkCddByiHNy8sivcaVA16t/44kNfEz5/WiddvjRJSxVAH5u6nU6nqEWuriRv X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB7862 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Min Xu, On Fri, Apr 07, 2023 at 01:56:05AM +0000, Min Xu via groups.io wrote: > On Friday, April 7, 2023 4:29 AM, Tom Lendacky wrote: > > On 4/5/23 20:42, Xu, Min M wrote: > > > On April 3, 2023 7:21 PM, Gerd Hoffmann wrote: > > >>>> I agree that the efi variable store is not secure without smm. But > > >>>> after 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE > > doesn't > > >>>> work with SEV. System just hangs in "NvVarStore FV headers were > > invalid." > > >>> Hi, Joeyli > > >>> ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is > > >>> skipped > > >> and an error code is returned. So system will not hang. > > >>> So another solution is simply remove the ASSERT. Then an error > > >>> message is > > >> dumped out and system continues. > > >>> > > >>> @Gerd Hoffmann @Tom Lendacky @joeyli What's your thought? > > >> > > >> Maybe we just need to call ReserveEmuVariableNvStore a bit later? > > >> > > > I think we can still call ReserveEmuVariableNvStore at PEI phase, but > > > move the initialization of EmuVariableNvStore to > > > > > https://github.com/tianocore/edk2/blob/master/OvmfPkg/EmuVariableFvbR > > u > > > ntimeDxe/Fvb.c#L780-L783 @Tom Lendacky At this moment, is SEV guest > > > available to read the content from VarStore? > > > > It's quite possible. If you can work up a quick patch, I'll test it out. > > > Yes, the patch is uploaded here https://bugzilla.tianocore.org/show_bug.cgi?id=4379#c17 > I have tested new patch. The issue is not produced, but after I applied debug patch. Looks that the InitializeFvAndVariableStoreForSecureBoot() not be called. I have put detail log on bugzilla. Thanks a lot! Joey Lee