From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B84F3D8083D for ; Wed, 24 Apr 2024 06:00:38 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=9BoJU1apKHFOiD2AOB8rgrWFaCH8r70e1WB08WNLv+U=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20240206; t=1713938437; v=1; b=VB2D6UEsRAldW5r46aR6Vn1k81SYvL8DHh5k7JeRqS5thcdHFvelAGdnF9LlNydTY7dGffrO 5ahrVxw4vP4dXyMHZDJy1cOh7Qd3W32wNlYXSiB2ZapKcgkOetVDPifyExQ5+tseyc69TcXgjD8 Hrb1AzWXQoX/lPEle8E5eqH22PnC+WgtVTyMStuiSimazid5Vpt7Vj7HwcdjrAY0kO5AqT5Fk6C vPtuutcL7V0sCiYD96QXc9WiCwH7OUXgWYavDG9X7lRpNAz8awpSXZcNBet+E4Y09vO9921U8AW Cw7FgK1BvjiYPA+8Mo0PkGEt8UJd2sbGEErPEwyqryuEw== X-Received: by 127.0.0.2 with SMTP id 7VIKYY7687511xXcvKog8eAC; Tue, 23 Apr 2024 23:00:37 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.9948.1713938435982448102 for ; Tue, 23 Apr 2024 23:00:36 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-373-DLSy24FwMsWv5Yr2ZqjlPQ-1; Wed, 24 Apr 2024 02:00:32 -0400 X-MC-Unique: DLSy24FwMsWv5Yr2ZqjlPQ-1 X-Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A112418065AA; Wed, 24 Apr 2024 06:00:31 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.150]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E345340C6CC0; Wed, 24 Apr 2024 06:00:30 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id B93201800929; Wed, 24 Apr 2024 08:00:29 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Oliver Steffen , Gerd Hoffmann , Ard Biesheuvel , Jiewen Yao , Srikanth Aithal Subject: [edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests Date: Wed, 24 Apr 2024 08:00:29 +0200 Message-ID: <20240424060029.1330637-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 23 Apr 2024 23:00:36 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: hH2EzZ7avQ0v7nP6CjGWAUayx7686176AA= Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=VB2D6UEs; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) The VirtHstiDxe does not work in confidential guests. There also isn't anything we can reasonably test, neither flash storage nor SMM mode will be used in that case. So just skip driver load when running in a confidential guest. Cc: Ard Biesheuvel Cc: Jiewen Yao Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check") Signed-off-by: Gerd Hoffmann Tested-by: Srikanth Aithal --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf index 9514933011e8..b5c237288766 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -49,6 +49,7 @@ [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c index b6e53a1219d1..efaff0d1f3cb 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( EFI_STATUS Status; EFI_EVENT Event; + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__)); + return EFI_UNSUPPORTED; + } + DevId = VirtHstiGetHostBridgeDevId (); switch (DevId) { case INTEL_82441_DEVICE_ID: -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118181): https://edk2.groups.io/g/devel/message/118181 Mute This Topic: https://groups.io/mt/105705705/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-