From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 68763780091 for ; Sun, 14 Jul 2024 12:22:45 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=kBS5ENji2L7jcyWeCfdtwguHuuOuiMD0kktO6bJKI7g=; c=relaxed/simple; d=groups.io; h=From:To:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1720959765; v=1; b=RH12j39GmKZnXTfq1CmQ8WppajWUi0QEnfdqtZc8RM1BVkhQgs+TH8Q+9CmzDfPHAE1e1EGp JPsCtLqRcW7scI/FJWObNZPOCCs7BsIdkoTLCs1KD33+eRfQHMWh4RC367eziSpkRLiGmg1YHHr qDqHL4bFsyug1DxtnpIKlLfR/WYHdKyYgP8Qu7/SZsz4g+GYR0usYAtDYR+WP5Mckto+JQwmxw3 QLpfS06yRltf4RYGxu36MNGiY1ixf51a14/AHZH8eySaUerGLHZXhga1IIxsmA2gXN+5QAZzP93 VHd1apG/Z8uo90oCfoBGndY1+Uyvu0Y0b3MmIIkgHbzcw== X-Received: by 127.0.0.2 with SMTP id KAdCYY7687511xCvtrdN9WlQ; Sun, 14 Jul 2024 05:22:44 -0700 X-Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.2]) by mx.groups.io with SMTP id smtpd.web10.15256.1720959761987754653 for ; Sun, 14 Jul 2024 05:22:42 -0700 X-Received: from sh-hanliyang.Hygon.cn (unknown [118.242.3.34]) by gzga-smtp-mta-g3-5 (Coremail) with SMTP id _____wDnTxAHw5Nmo4nwCw--.62321S2; Sun, 14 Jul 2024 20:22:32 +0800 (CST) From: wojiaohanliyang@163.com To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH 0/3] Fix boot failure when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages Date: Sun, 14 Jul 2024 20:22:27 +0800 Message-Id: <20240714122230.123680-1-wojiaohanliyang@163.com> MIME-Version: 1.0 X-CM-TRANSID: _____wDnTxAHw5Nmo4nwCw--.62321S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ArW3ZryDtw4fJw4DtFy5Jwb_yoW8ZrW5p3 yUtw4YyryDWa1vqwsava48Gw1YkaySvr98Jry7X3WUCasYgryqk3WjyF1rAanrAF1Iq3WD Xr4jy3ZrCFZ5uaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07Ugo7_UUUUU= X-Originating-IP: [118.242.3.34] X-CM-SenderInfo: 5zrmxthrkd0zxl1d0wi6rwjhhfrp/xtbBhQQcL2WXv47a9wAAsc Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sun, 14 Jul 2024 05:22:42 -0700 Resent-From: wojiaohanliyang@163.com Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: xaLKQtBXWUbl59y9zNuJW1FYx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=RH12j39G; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807 This patch series provides fixes for boot VM when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages. - Detect FlashNvVarStore before calls PlaformValidateNvVarStore in PlatformInitLib and skip the validation process if the FlashNvVarStore doesn't exist. Since the PlatformValidateNvVarStore will return false if the FlashNvVarStore doesn't exist, this will trigger ASSERT (FALSE) and prevent the guest from moving forward. - Init the whole range of EmuVariableNvStore before copy content from the FlashNvVarStore to EmuVariableNvStore. If the Ftw (Fault Tolerant Write) part of the EmuVariableNvStore isn't initialized, the FaultToleranteWriteDxe will use scrambled address to access memory and leads to crash if the VM is a SEV guest. - Fix the mapping for FlashNvVarStore. If launch a SEV VM with only OVMF.fd, the address range for FlashNvVarStore should be mapped as encrypted before access FlashNvVarStore in PlatformValidateNvVarStore. If launch a SEV VM with both OVMF_CODE.fd and OVMF_VARS.fd, the address range for FlashNvVarStore should be mapped as decrypted before access FlashNvVarStore in PlatformValidateNvVarStore. --- These patches based on commit: d4dbe5e101dc ("SecurityPkg/Tcg2Acpi: Revise debug print") Han Liyang (3): OvmfPkg/PlatformPei: Update mapping of FlashNvVarStore before validate it OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it OvmfPkg/Library/PlatformInitLib/Platform.c | 67 +++++++++++ OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 105 ++++++++++++++++++ OvmfPkg/PlatformPei/Platform.c | 6 + OvmfPkg/PlatformPei/Platform.h | 6 + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + 6 files changed, 186 insertions(+) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119924): https://edk2.groups.io/g/devel/message/119924 Mute This Topic: https://groups.io/mt/107212891/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-