From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+119924+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 68763780091
	for <rebecca@openfw.io>; Sun, 14 Jul 2024 12:22:45 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=kBS5ENji2L7jcyWeCfdtwguHuuOuiMD0kktO6bJKI7g=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1720959765; v=1;
 b=RH12j39GmKZnXTfq1CmQ8WppajWUi0QEnfdqtZc8RM1BVkhQgs+TH8Q+9CmzDfPHAE1e1EGp
 JPsCtLqRcW7scI/FJWObNZPOCCs7BsIdkoTLCs1KD33+eRfQHMWh4RC367eziSpkRLiGmg1YHHr
 qDqHL4bFsyug1DxtnpIKlLfR/WYHdKyYgP8Qu7/SZsz4g+GYR0usYAtDYR+WP5Mckto+JQwmxw3
 QLpfS06yRltf4RYGxu36MNGiY1ixf51a14/AHZH8eySaUerGLHZXhga1IIxsmA2gXN+5QAZzP93
 VHd1apG/Z8uo90oCfoBGndY1+Uyvu0Y0b3MmIIkgHbzcw==
X-Received: by 127.0.0.2 with SMTP id KAdCYY7687511xCvtrdN9WlQ; Sun, 14 Jul 2024 05:22:44 -0700
X-Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.2])
 by mx.groups.io with SMTP id smtpd.web10.15256.1720959761987754653
 for <devel@edk2.groups.io>;
 Sun, 14 Jul 2024 05:22:42 -0700
X-Received: from sh-hanliyang.Hygon.cn (unknown [118.242.3.34])
	by gzga-smtp-mta-g3-5 (Coremail) with SMTP id _____wDnTxAHw5Nmo4nwCw--.62321S2;
	Sun, 14 Jul 2024 20:22:32 +0800 (CST)
From: wojiaohanliyang@163.com
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH 0/3] Fix boot failure when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages
Date: Sun, 14 Jul 2024 20:22:27 +0800
Message-Id: <20240714122230.123680-1-wojiaohanliyang@163.com>
MIME-Version: 1.0
X-CM-TRANSID: _____wDnTxAHw5Nmo4nwCw--.62321S2
X-Coremail-Antispam: 1Uf129KBjvJXoW7ArW3ZryDtw4fJw4DtFy5Jwb_yoW8ZrW5p3
	yUtw4YyryDWa1vqwsava48Gw1YkaySvr98Jry7X3WUCasYgryqk3WjyF1rAanrAF1Iq3WD
	Xr4jy3ZrCFZ5uaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07Ugo7_UUUUU=
X-Originating-IP: [118.242.3.34]
X-CM-SenderInfo: 5zrmxthrkd0zxl1d0wi6rwjhhfrp/xtbBhQQcL2WXv47a9wAAsc
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Sun, 14 Jul 2024 05:22:42 -0700
Resent-From: wojiaohanliyang@163.com
Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: xaLKQtBXWUbl59y9zNuJW1FYx7686176AA=
Content-Transfer-Encoding: 8bit
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=RH12j39G;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807

This patch series provides fixes for boot VM when use secure boot
supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages.

- Detect FlashNvVarStore before calls PlaformValidateNvVarStore in PlatformInitLib
  and skip the validation process if the FlashNvVarStore doesn't exist. Since the
  PlatformValidateNvVarStore will return false if the FlashNvVarStore doesn't
  exist, this will trigger ASSERT (FALSE) and prevent the guest from moving
  forward.

- Init the whole range of EmuVariableNvStore before copy content from the
  FlashNvVarStore to EmuVariableNvStore. If the Ftw (Fault Tolerant Write) part
  of the EmuVariableNvStore isn't initialized, the FaultToleranteWriteDxe will
  use scrambled address to access memory and leads to crash if the VM is a
  SEV guest.

- Fix the mapping for FlashNvVarStore. If launch a SEV VM with only OVMF.fd,
  the address range for FlashNvVarStore should be mapped as encrypted before
  access FlashNvVarStore in PlatformValidateNvVarStore. If launch a SEV VM with
  both OVMF_CODE.fd and OVMF_VARS.fd, the address range for FlashNvVarStore
  should be mapped as decrypted before access FlashNvVarStore in
  PlatformValidateNvVarStore.

---

These patches based on commit:
d4dbe5e101dc ("SecurityPkg/Tcg2Acpi: Revise debug print")

Han Liyang (3):
 OvmfPkg/PlatformPei: Update mapping of FlashNvVarStore before validate it
 OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data
 OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it

OvmfPkg/Library/PlatformInitLib/Platform.c | 67 +++++++++++
OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 +
OvmfPkg/PlatformPei/AmdSev.c | 105 ++++++++++++++++++
OvmfPkg/PlatformPei/Platform.c | 6 +
OvmfPkg/PlatformPei/Platform.h | 6 +
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
6 files changed, 186 insertions(+)

-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119924): https://edk2.groups.io/g/devel/message/119924
Mute This Topic: https://groups.io/mt/107212891/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-