Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Min Xu" <min.m.xu@intel.com>
To: joeyli <jlee@suse.com>, Gerd Hoffmann <kraxel@redhat.com>,
	Tom Lendacky <thomas.lendacky@amd.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Aktas, Erdem" <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	Michael Roth <michael.roth@amd.com>,
	"Xu, Min M" <min.m.xu@intel.com>
Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest
Date: Mon, 3 Apr 2023 00:21:38 +0000	[thread overview]
Message-ID: <PH0PR11MB50645BD39A6A57763B64D453C5929@PH0PR11MB5064.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20230331144834.GK8569@linux-l9pv.suse>

On Friday, March 31, 2023 10:49 PM, Joeyli wrote:
> On Fri, Mar 31, 2023 at 10:25:09AM +0200, Gerd Hoffmann wrote:
> > On Fri, Mar 31, 2023 at 03:59:56PM +0800, joeyli wrote:
> > > Hi Gerd,
> > >
> > > On Thu, Mar 30, 2023 at 09:50:53AM +0200, Gerd Hoffmann wrote:
> > > > On Wed, Mar 29, 2023 at 01:23:10PM +0800, Min Xu wrote:
> > > > > From: Min M Xu <min.m.xu@intel.com>
> > > > >
> > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4379
> > > > >
> > > > > PlatformInitEmuVariableNvStore is called to initialize the
> > > > > EmuVariableNvStore with the content pointed by
> > > > > PcdOvmfFlashNvStorageVariableBase. This is because when OVMF is
> > > > > launched with -bios parameter, UEFI variables will be partially
> > > > > emulated, and non-volatile variables may lose their contents
> > > > > after a reboot. This makes the secure boot feature not working.
> > > > >
> > > > > But in SEV guest, this design doesn't work. Because at this
> > > > > point the variable store mapping is still private/encrypted,
> > > > > OVMF will see ciphertext. So we skip the call of
> > > > > PlatformInitEmuVariableNvStore in SEV guest.
> > > >
> > > > I'd suggest to simply build without -D SECURE_BOOT_ENABLE instead.
> > > > Without initializing the emu var store you will not get a
> > > > functional secure boot setup anyway.
> > >
> > > In our case, we already shipped ovmf with -D SECURE_BOOT_ENABLE in a
> > > couple of versions. Removing it will causes problem in VM live migration.
> >
> > Hmm?  qemu live-migrates the rom image too.  Only after poweroff and
> > reboot the guest will see an updated firmware image.
> >
> 
> Thanks for your explanation. Understood.
> 
> > > I will prefer Min M's solution, until SEV experts found better
> > > solution.
> >
> > I'd prefer to not poke holes into secure boot.  Re-Initializing the
> > emu var store from rom on each reset is also needed for security
> > reasons in case the efi variable store is not in smm-protected flash memory.
> >
> 
> I agree that the efi variable store is not secure without smm. But after
> 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE doesn't work
> with SEV. System just hangs in "NvVarStore FV headers were invalid."
Hi, Joeyli
ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is skipped and an error code is returned. So system will not hang.
So another solution is simply remove the ASSERT. Then an error message is dumped out and system continues.

@Gerd Hoffmann @Tom Lendacky @joeyli What's your thought?

Thanks
Min

next prev parent reply	other threads:[~2023-04-03  0:21 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-29  5:23 [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest Min Xu
2023-03-30  7:50 ` Gerd Hoffmann
2023-03-31  7:59   ` joeyli
2023-03-31  8:25     ` Gerd Hoffmann
2023-03-31 14:48       ` joeyli
2023-04-03  0:21         ` Min Xu [this message]
2023-04-03 11:20           ` Gerd Hoffmann
2023-04-06  1:42             ` Min Xu
2023-04-06 20:28               ` Lendacky, Thomas
2023-04-07  1:56                 ` Min Xu
2023-04-07 14:49                   ` [edk2-devel] " joeyli
2023-04-07 17:00                   ` Lendacky, Thomas
2023-04-11 10:04                     ` Gerd Hoffmann
2023-04-11 18:03                       ` Lendacky, Thomas
2023-04-12  7:24                         ` Gerd Hoffmann
2023-04-12 15:23                           ` Lendacky, Thomas
2023-04-13  6:05                             ` Gerd Hoffmann
2023-04-13 13:58                               ` Lendacky, Thomas
2023-04-14 10:20                                 ` Gerd Hoffmann
2023-04-20 15:16                                   ` Lendacky, Thomas
2023-04-21  9:18                                     ` Gerd Hoffmann
2023-04-21 20:49                                       ` Lendacky, Thomas
2023-04-24  9:45                                         ` Gerd Hoffmann
2023-04-26 20:43                                           ` Lendacky, Thomas
2023-04-28  8:41                                             ` Gerd Hoffmann
2023-05-01 19:06                                               ` Lendacky, Thomas
2023-04-07  9:41           ` joeyli
2023-04-07 11:54             ` Min Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PH0PR11MB50645BD39A6A57763B64D453C5929@PH0PR11MB5064.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox