From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.52]) by mx.groups.io with SMTP id smtpd.web10.14913.1680886851202727217 for ; Fri, 07 Apr 2023 10:00:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=NwTV2rZi; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.52, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EIOzV/kBPM9DJxva4B8Z0Ax14Ab8qbK+K7n6yaYEYqQJXigikfflv7d+vG+xqeJOee3PyCWhc2eREAYVnGP3GRDBvvyc+Xd518sAvV+g7KjEQPb4Lj9xBAVE2VUH3cB2AZMudQNH94ElCDfPknDAZyGt0VdW5ZBsIhheuN0GFAoEoVYt2oLkumdphNp5Mb+vYwMWRGmXwgPnTgyF3J+jBwaKutRP7klYURc7IGsAmyx8MdWWfhe6t+78W1ZIQ5s2RylDoDDbIGJokxQNJjnnybM03hSjUNU2I+zhKHGYww1OvjgtGurFPsp9ELtRqbGjyNdbhgrCqE1Cx8awjom4mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=roEir4C9vcqBofDuG74c2SBaX0BGaAwZ66+3gga/9vc=; b=gByIWiBED2fhXqXLYgV+xLIPNSX+FVKbLrqTf4MRgA7LWpwJsjETBpxmosFRb4Wc9Zg2CJmuA6lKAh8uyZF9AvRBjoPeHcKAupN3t9oMuf8UT6aiEFuRFXIX34Ga1lcVsDBM63tfdYGcPAml2md7awtjdl5enrkqC41grsZ5SqfIgcEkCja13scSl/3Y0DZgqJJfbH8ixE8yegAq9FoKz/CVccCZbm1rO18dBwYVLB7u1voKii+EO4JlnOq2l0yMhZPboaA/l/PikW+vEsbKNbuxLIcf0MoQ1TvnbpsAXQC7KVXtpaM0YYc/2tsz1/Ixz7y7BvKeTvFooHLKO7YWIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=roEir4C9vcqBofDuG74c2SBaX0BGaAwZ66+3gga/9vc=; b=NwTV2rZiozOhTRqBGWx31DT624o5l7iOgBITYvpYAaC6aoKs6Z28OG+pgtD7GoPvRdDjnkcFexyxym/KNf4bBtKCiodTSg30R4lsGLQE/KraO4JO0IRcn8NNHVPzFqjwYPVbsbrjfnR+NjF197Koltb71EmStcGJg2rf7/yhxFQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH7PR12MB7020.namprd12.prod.outlook.com (2603:10b6:510:1ba::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.33; Fri, 7 Apr 2023 17:00:49 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::5b56:bf13:70be:ea60]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::5b56:bf13:70be:ea60%6]) with mapi id 15.20.6277.031; Fri, 7 Apr 2023 17:00:49 +0000 Message-ID: <7a06aa46-4c10-fc85-48a6-826a4d82991e@amd.com> Date: Fri, 7 Apr 2023 12:00:46 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest To: "Xu, Min M" , Gerd Hoffmann Cc: joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth References: <20230329052310.27-1-min.m.xu@intel.com> <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> <20230331075956.GJ8569@linux-l9pv.suse> <20230331144834.GK8569@linux-l9pv.suse> <5d170680-0a9e-2d5f-ecc1-e9f587548e3c@amd.com> From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: SA0PR11CA0009.namprd11.prod.outlook.com (2603:10b6:806:d3::14) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH7PR12MB7020:EE_ X-MS-Office365-Filtering-Correlation-Id: 5642db77-81d2-4284-8bf0-08db3789a301 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nxsGxlR1qRyf4t7QQoPFSnjPtKvmXTKvPoJfH+JCV67UXZBdUnl7A6tmCz27BSTVymkIFtBYU5RgfnP8ZqzH0vtXz2ke0PxQBqEs8DkdccT6KRrNmr2m1twnCU5mE33wqhlxl/9j3kXYeaOeM9sXVaiUEmiF47inX+qKiKUfqv8ff1ZcQ5rS1471Haig4xP46YxH3zSA03hpODw3OTogGlTzhgSnI9Zc18t6b0Pqf8RkF4XrhetxD5SxY/+0d4SS1a75hMRGf307bDVbOFW/21jRIICieNt4c3tJGHDvw3fui0iUjbXnklztUtUFmxfnCewdMqqbn1AIc4daWIziGNQ8CNEoYsRS4lmbF44SS+c01O3zyim2WnJEL3/irylCF25CF3pXFKKgTmPP8MR0X0hXhmvWs9puylQLn9Jh5l9JqgV+nlfE3iwugHIaqoV7d6kuMrcViLuT7NzfQd+rpjH657OhPjKRu7h568J6Ch+hPTfLM5l+evQ8i33jhKY7riArXbQypGoXehoPtcxaLJK7LRs7DhF7gO0NGNKxMVkL4o188SB7I4WoL9vpTdHfnZ3zESR7TKzlwpFXMNFeN1bqCnFAXQBZbKdtYMkQnWyo1Ka8J04D0WgMmDpX59mGkyom614poqnVbGnilx0atw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(4636009)(346002)(39860400002)(136003)(366004)(376002)(396003)(451199021)(31686004)(26005)(186003)(6666004)(53546011)(54906003)(86362001)(8936002)(8676002)(5660300002)(31696002)(2906002)(66556008)(19627235002)(316002)(4326008)(478600001)(66946007)(66476007)(6512007)(83380400001)(6506007)(2616005)(36756003)(41300700001)(38100700002)(966005)(6486002)(110136005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Wld4ek85UGdYUEdVTEdQSjd5cWtQSnN3RTExTXRNUXlZMkd4QVdjMEQ3TTYw?= =?utf-8?B?ZFp5UXNTcjFWZkU4Sk9yMXZXOHZNaE9haytsaE5pK2xHNUdwUzJUMVZHNGFW?= =?utf-8?B?NjdzNGVoRW14VU1Fa0hzd0htRDhvZGQ2VW9tNXdEL1B0cnp0MXJ5RmN6elJC?= =?utf-8?B?dnlSRkQ3c3Y3OHNlYlVXaUpKRzJYcFg4Y1F5ejU1WHJKQTlPSHN0VjBxbWVr?= =?utf-8?B?REJ0aVpEY0xZU0tEQk5wWi8vVmp4dkZUMkh4dnZqeDVPUHVQTWc1U3lpczdt?= =?utf-8?B?MUlWS0tsZkIwM2JQTHlNcElrcFJPbkFSWlQzWWVFSnZ5RERLbUtyaTB6QkR3?= =?utf-8?B?MWM0QmswL09LT3hYWi9GUTlVTnBYQnhKa0tQMHJaVEt4U1FpTmZNZTEremdq?= =?utf-8?B?ZU9tc3hQZVNZTXJQU3VRNEZHNUphUnE2dmFWYTN4d3lHa2M2OHErV3lDdCtD?= =?utf-8?B?T0g0QjBQVTZyMUluYjBLWXR1a1FSQTIyZWVmWlJtdzdCT3pQenRHOWZVRW5m?= =?utf-8?B?RUVuamZoWWVIbktXVVo0dWZjTnNYSEEwSU9uUFhhVFhYOHdoTlBFWVQ0QTFn?= =?utf-8?B?MlJsT01VY2ZFZmt5WjZiQkoyc3h2MWhOeE1Kcko0THRUelUxKzBnaWUyUkFs?= =?utf-8?B?c1dsR29qYVhkb0FRWm93RTdnT1p1bW9vSk9vbTNNTi95citVMjJCY3AybFFL?= =?utf-8?B?L2NXSWhiWlA3Tyt5b3lHVTRzS2NibXZ4ZTFhRVVGTFlhOEVIeEt0SlZ5WFdM?= =?utf-8?B?alRqTjR0RmZNME5NSFF5c05vTmNGb3pmcS9KZVlrd2dYVG9WY3h2KzExamRv?= =?utf-8?B?Wm5Ma2RDelk0UmtlRGhzZjhseWtNeHpEazlkL2N2c2hydUZGRW55VU9mMjdN?= =?utf-8?B?YlVMaU1BSFIvWGY3MU42T29lOVJaQ0xQN0M5c3VxbkE5Sy81NWcxb3NnZC9q?= =?utf-8?B?S1kycnNUZ1VjSjNIUzAwL1UySS80aVJPSWx3VklBMUVCaHJpWEFXa01zdlVx?= =?utf-8?B?RE5ESkhkR3VNNitwQ2N1OUc4S2dNb0tHak01dTdaSkdYOVJmbDhFN0dGUFZP?= =?utf-8?B?MkJDeUdPQWt3aHYvMS9VOVBCVDZ0b0Z2TFBhS1J4dWNENmo1SzRwdWRoWkxB?= =?utf-8?B?K1AwbVZaQjJqd0huN0VzUFE1ajEvZ1FNQlBKd0xvSHEwWmtCZUtYdDNMNVRx?= =?utf-8?B?bWNpY3BFVVUwQ3BNQmRyeWt4d0RSeVE0NlI0cEVkZlNWTE9SZ2xmSDBZc3ha?= =?utf-8?B?RldqSnRMd0JtU1VLNDgwOVptV2Z4Y2NGV3RLRzdveVB3TitXWkpzWWh4TllZ?= =?utf-8?B?YzRCQ3E4c1ZDTzdDc3h3dHFtQ1BnZmhLT2U5YXR6WXpVMkFxQ2lKK1h3RjZ6?= =?utf-8?B?NjNtU0RlOUJsZWJQK2JmNGNERGkwQVBtTUc0Q0pIVUh3MWRudTAzSSs3WStH?= =?utf-8?B?RjhwUmx0N2kxYURDc013MzdITzVjTHFidVAyNXAwZEY3L3VWazhoZUxPSmZB?= =?utf-8?B?eWd4MGtiLzUzNkdBUlNHZ0JkMi84S2N4MmJucEcyMDdGMzdwV2FWRmJ3Z1kx?= =?utf-8?B?RWRLYXlrUWh1L2c0OWl4ekp6TTRtQ3R1L0lzSDhNMXZIVmdvb2d5cUxaN255?= =?utf-8?B?QlV1Y1IvbklhSEgxQTZqMGNITkgwakNQdzlVbk9uMk8vT2ZpQVVCOUlIWUxP?= =?utf-8?B?aldtMmNMUXVCTmpicmhZVGZNcTF5K2hCeDZadWdxYkNZZjZNckhyZ21RY25l?= =?utf-8?B?Y0RERDFmb2h6d1Jnd0VvRmY4a1NUY1NSWWI2Qis5dXlwR3lzd01udUloOU5Y?= =?utf-8?B?QVByNXptODI3NnJQZ3B6VHpad2g0Y1BjK2dBSFVabHUrMEVIVDgzb0UzeFdD?= =?utf-8?B?cHI5UUZ4eE5MU1prL2lMNHA5UllIeUVMOFZlTmtRazdwNnpUVUNPUDVCNEdU?= =?utf-8?B?WHJLOXFReElZRUhuQ2prbnE1RVBWVmo3U2ZOdzhvZGpVcVlZZFdsN0FlZWE5?= =?utf-8?B?ZzRDME5lWmN4QnIzeUN5SE5XcHFOU3N2VGhaQVdXVXJsQ1lLZHZ6ejRqUWNu?= =?utf-8?B?MVRmbG1KSXFhSmdhTmE2N20xdnZ6YVdtaXBJMDBnOWc5MEhJREU2QW9BNFkz?= =?utf-8?Q?vc/nFFJ8pDmo2KqGCLTzRsc9X?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5642db77-81d2-4284-8bf0-08db3789a301 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2023 17:00:49.0085 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uu00blc4ISsUfm+hh+sR73nHJG9BZrisnWpdLl+Ba2Jq6IvC43SRFfOcggTvmasDWx2vuOZ0ya0kNfQFL//Qlg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7020 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/6/23 20:56, Xu, Min M wrote: > On Friday, April 7, 2023 4:29 AM, Tom Lendacky wrote: >> On 4/5/23 20:42, Xu, Min M wrote: >>> On April 3, 2023 7:21 PM, Gerd Hoffmann wrote: >>>>>> I agree that the efi variable store is not secure without smm. But >>>>>> after 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE >> doesn't >>>>>> work with SEV. System just hangs in "NvVarStore FV headers were >> invalid." >>>>> Hi, Joeyli >>>>> ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is >>>>> skipped >>>> and an error code is returned. So system will not hang. >>>>> So another solution is simply remove the ASSERT. Then an error >>>>> message is >>>> dumped out and system continues. >>>>> >>>>> @Gerd Hoffmann @Tom Lendacky @joeyli What's your thought? >>>> >>>> Maybe we just need to call ReserveEmuVariableNvStore a bit later? >>>> >>> I think we can still call ReserveEmuVariableNvStore at PEI phase, but >>> move the initialization of EmuVariableNvStore to >>> >> https://github.com/tianocore/edk2/blob/master/OvmfPkg/EmuVariableFvbR >> u >>> ntimeDxe/Fvb.c#L780-L783 @Tom Lendacky At this moment, is SEV guest >>> available to read the content from VarStore? >> >> It's quite possible. If you can work up a quick patch, I'll test it out. >> > Yes, the patch is uploaded here https://bugzilla.tianocore.org/show_bug.cgi?id=4379#c17 Hi Min, Thanks for the quick turn-around, but that patch didn't work for me. I've update the bugzilla. Thanks, Tom > > Thanks > Min