From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2F0327803CE for ; Sun, 14 Jul 2024 12:25:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=28FVHz4EXZ/uFsWHE7wMWEhKkzt3uQZPs3qx/1hCah4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1720959907; v=1; b=zHrsBujDH5/n4+V3rgqU7ROZjsagCRxYjmoheeN6IRYCs7Ynbmu2uO/tEmoqJWpwTai7tCYc /WxCI/dnEgsjWgSWWb6jQkH3y/uj5Xjbjn9gK4m8h8IXlhM6fO2FEafhkX8Ym/U9cKNsPqy0E9w 1LCxA4WFPdG9AOz4AD0vAMqPFDPQgFpELyGUVJBrqzuDubW3mmAVTT4iHiJQlj90eDj8HSS8B6k /PUhGxj4TqiGNsd/KVbXoxYpRD/y61ZA834aW3pL8jm+rkVuoXaFp2kOsLirdBJMgFeVz3AtB3q YFJ/YR5wJrNmzj2pF8YBk4+6a1Oy63qsJdNsVwvsgs6Dw== X-Received: by 127.0.0.2 with SMTP id vG6sYY7687511xxqoCegn29V; Sun, 14 Jul 2024 05:25:06 -0700 X-Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.3]) by mx.groups.io with SMTP id smtpd.web11.15090.1720959905135004687 for ; Sun, 14 Jul 2024 05:25:06 -0700 X-Received: from sh-hanliyang.Hygon.cn (unknown [118.242.3.34]) by gzga-smtp-mta-g3-5 (Coremail) with SMTP id _____wD3fy6Xw5Nmhb3wCw--.63654S2; Sun, 14 Jul 2024 20:24:56 +0800 (CST) From: wojiaohanliyang@163.com To: devel@edk2.groups.io Cc: erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com, kraxel@redhat.com Subject: [edk2-devel] [PATCH 0/3] Fix boot failure when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages Date: Sun, 14 Jul 2024 20:24:52 +0800 Message-Id: <20240714122455.136148-1-wojiaohanliyang@163.com> MIME-Version: 1.0 X-CM-TRANSID: _____wD3fy6Xw5Nmhb3wCw--.63654S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ArW3ZryDtw4fJw4DtFy5Jwb_yoW8ZrW5p3 yUtw4YyryDWa1vqwsava48Gw1YkaySvr98Jry7X3WUCasYgryqk3WjyF1rAanrAF1Iq3WD Xr4jy3ZrCFZ5uaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jxrc-UUUUU= X-Originating-IP: [118.242.3.34] X-CM-SenderInfo: 5zrmxthrkd0zxl1d0wi6rwjhhfrp/xtbBZxocL2V4IGb4BwAAsq Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sun, 14 Jul 2024 05:25:06 -0700 Resent-From: wojiaohanliyang@163.com Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: yivBrLZ5t55ZnD8Isf77aNFnx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=zHrsBujD; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807 This patch series provides fixes for boot VM when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages. - Detect FlashNvVarStore before calls PlaformValidateNvVarStore in PlatformInitLib and skip the validation process if the FlashNvVarStore doesn't exist. Since the PlatformValidateNvVarStore will return false if the FlashNvVarStore doesn't exist, this will trigger ASSERT (FALSE) and prevent the guest from moving forward. - Init the whole range of EmuVariableNvStore before copy content from the FlashNvVarStore to EmuVariableNvStore. If the Ftw (Fault Tolerant Write) part of the EmuVariableNvStore isn't initialized, the FaultToleranteWriteDxe will use scrambled address to access memory and leads to crash if the VM is a SEV guest. - Fix the mapping for FlashNvVarStore. If launch a SEV VM with only OVMF.fd, the address range for FlashNvVarStore should be mapped as encrypted before access FlashNvVarStore in PlatformValidateNvVarStore. If launch a SEV VM with both OVMF_CODE.fd and OVMF_VARS.fd, the address range for FlashNvVarStore should be mapped as decrypted before access FlashNvVarStore in PlatformValidateNvVarStore. --- These patches based on commit: d4dbe5e101dc ("SecurityPkg/Tcg2Acpi: Revise debug print") Han Liyang (3): OvmfPkg/PlatformPei: Update mapping of FlashNvVarStore before validate it OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it OvmfPkg/Library/PlatformInitLib/Platform.c | 67 +++++++++++ OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 105 ++++++++++++++++++ OvmfPkg/PlatformPei/Platform.c | 6 + OvmfPkg/PlatformPei/Platform.h | 6 + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + 6 files changed, 186 insertions(+) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119926): https://edk2.groups.io/g/devel/message/119926 Mute This Topic: https://groups.io/mt/107212891/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-