From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.52]) by mx.groups.io with SMTP id smtpd.web11.169435.1680812919347101164 for ; Thu, 06 Apr 2023 13:28:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=a48MHfNp; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.52, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PSxfGzTdSAJVyNVN2CABj9swMnCAkwic9UW6FyaL0yEg0oanAuCZUDYl+6FZyIr7XDBRVB+znrMYR4D3kwXOobMLtVDG1pZj7cwKtWqLEQoYlAt/k2fCSmxBp9WHFlIH1Yh4l7nTBSLSaJNN5k+g6uMXFxbC2ZqrU1ei2cwsPQm33TogGIS0u7AyOn69IA8AfS4bB7xdDe0FE9oapz+21N1wmqZDrhlm19odIXze+S4GakXO5RJJoFFQGj9H/5nc4w+5Fzlsc3ajDpHzQis8jn9mcBg/0PxIHqoXMMIPKseNHsN/0Q8TVAi2rVGEwSxUkrJydcRXXq7rqqR7HjYGog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zaPQmcg7v0qLN2NnhZ+twphJdm21ns5BN81IFBB8UWA=; b=N9Be5h6QrVtSL3gY1TW8lYIveoy55RugCzg6Hp9WE1bi3g2Rbix936SuZ6Ag7mLhB8GPxjkcuDDcsTrMKo+jKdpa1k4Y+ryMc8941NS7YZkrojsaVQ/kmTy8TpVCU5sS5PTRt9OC5hHgsvgWGMj47eKMlvPUQfzSELIthxTYIhxHqmQkrGGoQyq68Q60TEeFz5v/Im7Ey9yBt6pp3jCpGnCR+NN5CTihKJ3q20FSNbzeoHOYVQ7kWEhMhcoltjUiBfZfFdWmCpxppG+fyixZQ9kRQvWYZ1PwmMB+REXeR+f8yPRxVDqfA3WJDPPfUJLAtKjU8w4q9jpXD9w8uLCeHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zaPQmcg7v0qLN2NnhZ+twphJdm21ns5BN81IFBB8UWA=; b=a48MHfNp9LQHfMibTyzRF1jHZ+9/BOOy10kywZgmky6o7ybPezSWt1bRp/HlgbvlKe5LmEQX4vDC++N1mtYXEtMDz0NCbjslc61UDUud3yXaQAeltXRLWkc64ux/wp6Eo7KCAp8d9OAe9FLWpMrk7qddUmDVCtxPHMbuxmnq9aI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH7PR12MB6540.namprd12.prod.outlook.com (2603:10b6:510:213::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.35; Thu, 6 Apr 2023 20:28:37 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::5b56:bf13:70be:ea60]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::5b56:bf13:70be:ea60%6]) with mapi id 15.20.6277.031; Thu, 6 Apr 2023 20:28:34 +0000 Message-ID: <5d170680-0a9e-2d5f-ecc1-e9f587548e3c@amd.com> Date: Thu, 6 Apr 2023 15:28:32 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest To: "Xu, Min M" , Gerd Hoffmann Cc: joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth References: <20230329052310.27-1-min.m.xu@intel.com> <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> <20230331075956.GJ8569@linux-l9pv.suse> <20230331144834.GK8569@linux-l9pv.suse> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: CH0PR13CA0019.namprd13.prod.outlook.com (2603:10b6:610:b1::24) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH7PR12MB6540:EE_ X-MS-Office365-Filtering-Correlation-Id: 32da43b6-57e4-41cd-356d-08db36dd7e5c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hy2LVLJFKLgwmF0qHECypXbQ+VK5cxsTyXPJe+zfG+UvhS8VPPiPEiU8LEKDaj3x6fftT9DY3x9B6BbVLH+6t9UttmsXiqdhcDqmcep67ay7qZOkC/Nod4XZOjfLGCftPBCqdqmyEeaRz21UWo38sten7bUyNnPrI4DayG+vgvZrrIVLMNGlEZd7bous2qx0AeaEI2dy14guX6RLbuzfWik0F2uCkq0yoNT7NU0EA8mloMncpUNaU4QRcpdtYBO35/dK8LfCu7teiiSl7fnyvVxtaGbrcxEboZtyUFd5chwC8b13L4dIt4bMqrFSytTk9vTBKNeEjMWCWu5SQFM5ANAUkYMRQA369cTSP1cyTZma85e+ZD3u/xw/xv3GZP7rflWrs/TT7Wnx6W6YlFXRkWCwJJeyzuuF4ws0mB1Xw7YB+dXAX06Uz0x7H1t42uGr4lZQGhBSwPTbYGsp5gfKV7YjStERWrcZ6y8dpyzwh2vbK8gYGPAVpxOIhPidOFfdQZ9qKk3lFJhfmRup9XVaDjfxQBBGrx+ubS0uOk8z0JqxaDZXFNFvoM6K/HPj+1ifCnmeb+LUFGzHMQu1pFrMSGtw7XYM5ozde2dMqpc0KOpiNZXYMMF1ImlzU7/Tur/yRci0U7RTUmEDwD6UjOtqyQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(39860400002)(376002)(346002)(366004)(396003)(136003)(451199021)(2616005)(6506007)(2906002)(6512007)(186003)(53546011)(83380400001)(8676002)(66946007)(4326008)(41300700001)(66476007)(66556008)(54906003)(26005)(110136005)(316002)(478600001)(5660300002)(966005)(6486002)(8936002)(38100700002)(36756003)(31696002)(86362001)(31686004)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RTZxM3dXcUVRc084dnZ2Y3NFVzFjNEVybFgwQW1sTkt1VnpPb2tHeU8wSzFm?= =?utf-8?B?cTZQU1VVN2ZueGJ5TkFkZ2R1aUhoeEhPRXVndTlRcmJJVmtGV0syNUx4WVNv?= =?utf-8?B?NEV6QjlMSExtR2YrcFU1WkVvRVUydzcwVG1kRXZlb0lLZWYwcWpWdjU4MW9B?= =?utf-8?B?eUFxdDZGY1FzL1lILzB6NGgrTmN6UTBwNnU1YU9pKzQvSWVtM2t0MGI2NUhR?= =?utf-8?B?QUNPWE5IL0dWNHVZZWI3dUo5OUtuUm0xTzZ1bXQzYlNiUVArSzd3dU5EN3do?= =?utf-8?B?NGxHQWhmdjIveXAxQ1o0enZIZDVsSUJiOGRHT29nN25Odzl0Vnl0ZEhFU0pU?= =?utf-8?B?RmVPUDVOTTFuZ2FWR2k5NjBocEx1bVFlT1ZFUnJrN2N6NktaNjNCcUxCL1pz?= =?utf-8?B?TkZLcmRlSHovMG5Xa28zZ2hhTFRLRFZTNEYzUEdFY2J5TnQ5U1pveEI2Nmdu?= =?utf-8?B?NlhIREpGOFhNaDlTZUgrby9oUktnS0JpTzJTMmZNL2hkQnoybVFiUXZCSjNJ?= =?utf-8?B?MFc2T3hSVnpXSEh1SjJMeDJOV092b1EwQ1dDUzhYTEQyZGdtNHlvOUJMbW1B?= =?utf-8?B?NFU3WFArT2RUa3FCdjV3SnVpZG8wbkxzV3lNNHJoMDBZZWc2SHBSRlVkc2hj?= =?utf-8?B?dmxCZjZzMUtJYlNKVURFeGp6NmRwQ09UT3lOdWlkR200bFVYOWpOYy82SVdz?= =?utf-8?B?a3F1YU5Gdi9iRnFSMThRZWkvcHVRNm83WnBTdFJJMHdHWGE1WDh3bC8wOWNO?= =?utf-8?B?Yk85Y0FvdmEraTE0V29IWWdhVm44NEw1dnlGbGpjVXFMWnFmcTdUcXJwVUQy?= =?utf-8?B?WmgxQ29MNmpza0dpOUcyRlRHd3Q1Z2crSWFSVW5mcWp3RUp1a2FmUUpDdFY2?= =?utf-8?B?WWkrNDdqb29lRTQ4Y2Y1MDFKbzBidy9mMXFSWXFJYjAxblhld0lLN2x5SnBp?= =?utf-8?B?RjNNOE1RWWdnM2tvc1dDcVRLYXJKcC94NGZpM0pRVTlNN0wybHQxRHBKREVT?= =?utf-8?B?L2pOK3FaSFdyQjhNNmNoZzBZWFhkVWR1R1hhNFdkVmw0cU1YanpQWUJVWi9s?= =?utf-8?B?bXlQbm9xVlRpWkZDOVVUZElxQWhydG8zeE9DK0hjTSsxMTd6SVF3c1VVSmxJ?= =?utf-8?B?Ym1qZ0swSWZwRGd1djF1OWUvMFlaQ2sxNzFFRFlSUmlvS1JXREtuVUJ5NENC?= =?utf-8?B?V3oxa3FjUFBSVjhZSlhLalJEbS9lVkNseDlXSUxOU0tQSVBYTlJOd1kvckM0?= =?utf-8?B?Tmllc2pZdXRZQmNnTEdQdUdtUTdUV3RubWZJVnJNaUdna2FBZkpNb09iTTNX?= =?utf-8?B?ZENmdWlmcnBqM2V4WW41dFZNWVNWRWVVMkZSRTcwOU8vTDBBUTF4djlJMTJ6?= =?utf-8?B?LzJSUjcxWVEyTlM1S3BLZXRSMUhIUUNMSWxMSXVIS0xiVlBjemdOWHpWeGtO?= =?utf-8?B?UG5ENEdBN3NxMzY4eC9KK3puTjZIemdQQW14aUh3alhYQkJKenJvMzM3azFl?= =?utf-8?B?OGUySWRGaU1Ic2FWdHdBQnFPV2MxRE5JRmo0bTRkOUZNR2hPUFhGZFZNSGhj?= =?utf-8?B?NDUxamtxTnlDNXMyVUZ2ZDFGa25mMDFjRmdranliUHpBdHJvRUgzZ2MvRnVH?= =?utf-8?B?REM2aWhMa3NYTnVzbkF4d3JDMWJxTEthOC9Pc0NqbEZrTHFJaWptYW5Jb1o0?= =?utf-8?B?VHdzaFlXZHRTeEZGcWErelVSVE12RzZ6MmZNRjI1b3NvSWFYd0h6NlRtQnRa?= =?utf-8?B?TjdvZWN1Y0trVCtvNVEyZnVEa0t0RTdHajFxZ3c4KytIbHRPSDNmV3UwellI?= =?utf-8?B?VnA2aVBoemlNMGdCT04xT3NSZHJreHFsdkFVa1Z1ZW9RRmdmSnZuSU9kS2Nu?= =?utf-8?B?ei9PUytiMkZnRENiTnNyYSsyT3E2UVQ5VmpoR2dKcXBXazIzeWlVNjM2M2JX?= =?utf-8?B?Z3p2OGJZY1NSdWgwS3BJdVhIbHVDZ29RTm53TlJQZm5QbmhIREYvdThycnJY?= =?utf-8?B?QVBrSDV0dGhSMkpLK3l2TkV6bFNxWEs2VlkydU1aSktWZXdZQWVZQ1k3alJU?= =?utf-8?B?cjlRN1RGMmtQbnROSXA2UTcwbE9zMWdPcmhZWHowcVU3TTZVSFZHcU00VFRU?= =?utf-8?Q?iBgCNUYzLE/KRgHIJn4mAgbkG?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 32da43b6-57e4-41cd-356d-08db36dd7e5c X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Apr 2023 20:28:34.1251 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HWHhd4FMTqW3AoniNCWwEOxJpLdfjvnkLxws03ToQtk7FdqZ73QaHZVR4y6WV10Pt9HET9s4WGyiYftQkV49ig== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6540 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/5/23 20:42, Xu, Min M wrote: > On April 3, 2023 7:21 PM, Gerd Hoffmann wrote: >>>> I agree that the efi variable store is not secure without smm. But >>>> after 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE doesn't >>>> work with SEV. System just hangs in "NvVarStore FV headers were invalid." >>> Hi, Joeyli >>> ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is skipped >> and an error code is returned. So system will not hang. >>> So another solution is simply remove the ASSERT. Then an error message is >> dumped out and system continues. >>> >>> @Gerd Hoffmann @Tom Lendacky @joeyli What's your thought? >> >> Maybe we just need to call ReserveEmuVariableNvStore a bit later? >> > I think we can still call ReserveEmuVariableNvStore at PEI phase, but move the initialization of EmuVariableNvStore to https://github.com/tianocore/edk2/blob/master/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c#L780-L783 > @Tom Lendacky At this moment, is SEV guest available to read the content from VarStore? It's quite possible. If you can work up a quick patch, I'll test it out. Thanks, Tom > > Thanks > Min