From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+119926+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 2F0327803CE
	for <rebecca@openfw.io>; Sun, 14 Jul 2024 12:25:08 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=28FVHz4EXZ/uFsWHE7wMWEhKkzt3uQZPs3qx/1hCah4=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1720959907; v=1;
 b=zHrsBujDH5/n4+V3rgqU7ROZjsagCRxYjmoheeN6IRYCs7Ynbmu2uO/tEmoqJWpwTai7tCYc
 /WxCI/dnEgsjWgSWWb6jQkH3y/uj5Xjbjn9gK4m8h8IXlhM6fO2FEafhkX8Ym/U9cKNsPqy0E9w
 1LCxA4WFPdG9AOz4AD0vAMqPFDPQgFpELyGUVJBrqzuDubW3mmAVTT4iHiJQlj90eDj8HSS8B6k
 /PUhGxj4TqiGNsd/KVbXoxYpRD/y61ZA834aW3pL8jm+rkVuoXaFp2kOsLirdBJMgFeVz3AtB3q
 YFJ/YR5wJrNmzj2pF8YBk4+6a1Oy63qsJdNsVwvsgs6Dw==
X-Received: by 127.0.0.2 with SMTP id vG6sYY7687511xxqoCegn29V; Sun, 14 Jul 2024 05:25:06 -0700
X-Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.3])
 by mx.groups.io with SMTP id smtpd.web11.15090.1720959905135004687
 for <devel@edk2.groups.io>;
 Sun, 14 Jul 2024 05:25:06 -0700
X-Received: from sh-hanliyang.Hygon.cn (unknown [118.242.3.34])
	by gzga-smtp-mta-g3-5 (Coremail) with SMTP id _____wD3fy6Xw5Nmhb3wCw--.63654S2;
	Sun, 14 Jul 2024 20:24:56 +0800 (CST)
From: wojiaohanliyang@163.com
To: devel@edk2.groups.io
Cc: erdemaktas@google.com,
	jejb@linux.ibm.com,
	jiewen.yao@intel.com,
	min.m.xu@intel.com,
	thomas.lendacky@amd.com,
	kraxel@redhat.com
Subject: [edk2-devel] [PATCH 0/3] Fix boot failure when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages
Date: Sun, 14 Jul 2024 20:24:52 +0800
Message-Id: <20240714122455.136148-1-wojiaohanliyang@163.com>
MIME-Version: 1.0
X-CM-TRANSID: _____wD3fy6Xw5Nmhb3wCw--.63654S2
X-Coremail-Antispam: 1Uf129KBjvJXoW7ArW3ZryDtw4fJw4DtFy5Jwb_yoW8ZrW5p3
	yUtw4YyryDWa1vqwsava48Gw1YkaySvr98Jry7X3WUCasYgryqk3WjyF1rAanrAF1Iq3WD
	Xr4jy3ZrCFZ5uaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jxrc-UUUUU=
X-Originating-IP: [118.242.3.34]
X-CM-SenderInfo: 5zrmxthrkd0zxl1d0wi6rwjhhfrp/xtbBZxocL2V4IGb4BwAAsq
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Sun, 14 Jul 2024 05:25:06 -0700
Resent-From: wojiaohanliyang@163.com
Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: yivBrLZ5t55ZnD8Isf77aNFnx7686176AA=
Content-Transfer-Encoding: 8bit
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=zHrsBujD;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807

This patch series provides fixes for boot VM when use secure boot
supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages.

- Detect FlashNvVarStore before calls PlaformValidateNvVarStore in PlatformInitLib
  and skip the validation process if the FlashNvVarStore doesn't exist. Since the
  PlatformValidateNvVarStore will return false if the FlashNvVarStore doesn't
  exist, this will trigger ASSERT (FALSE) and prevent the guest from moving
  forward.

- Init the whole range of EmuVariableNvStore before copy content from the
  FlashNvVarStore to EmuVariableNvStore. If the Ftw (Fault Tolerant Write) part
  of the EmuVariableNvStore isn't initialized, the FaultToleranteWriteDxe will
  use scrambled address to access memory and leads to crash if the VM is a
  SEV guest.

- Fix the mapping for FlashNvVarStore. If launch a SEV VM with only OVMF.fd,
  the address range for FlashNvVarStore should be mapped as encrypted before
  access FlashNvVarStore in PlatformValidateNvVarStore. If launch a SEV VM with
  both OVMF_CODE.fd and OVMF_VARS.fd, the address range for FlashNvVarStore
  should be mapped as decrypted before access FlashNvVarStore in
  PlatformValidateNvVarStore.

---

These patches based on commit:
d4dbe5e101dc ("SecurityPkg/Tcg2Acpi: Revise debug print")

Han Liyang (3):
 OvmfPkg/PlatformPei: Update mapping of FlashNvVarStore before validate it
 OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data
 OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it

OvmfPkg/Library/PlatformInitLib/Platform.c | 67 +++++++++++
OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 +
OvmfPkg/PlatformPei/AmdSev.c | 105 ++++++++++++++++++
OvmfPkg/PlatformPei/Platform.c | 6 +
OvmfPkg/PlatformPei/Platform.h | 6 +
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
6 files changed, 186 insertions(+)

-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119926): https://edk2.groups.io/g/devel/message/119926
Mute This Topic: https://groups.io/mt/107212891/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-