From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.148583.1680745382159084483 for ; Wed, 05 Apr 2023 18:43:02 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=W6vvd30l; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1680745382; x=1712281382; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=CH9ptQdTi6aHhURs78FU6+e+xgv+LSZMWetPb2lTEl8=; b=W6vvd30lZ+YukG+nf97nw4+PZrn/ebnOWvWt5UXBBLU6Hae7j/yQ2rx8 Eqf7YMd9E2KCofT9uIxfhkd0OA3sim/44t7FPgqYHMoMELN++eDIFCigT mAPJyLC6/mewyQ9cNoWuGJl1Ggx9SaHVwp/oDzftqDvZn8mjc2H/BaF3F QhkOvMyherXna/8XLC0uuemPIkZsBbWNWYSrMqYRCK3cD4PeaiN4UsiSd F9JqpEVgGdyzxWksTHJXR9najYcL499x/gYnSYuhul+Gc3Gj0FkMkb6WT Gv09b3VdVMQqVYo1TTyLoJzjcs9r5aj2Wk1DLbBR6VmAl6rzpZxtz70K+ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="345206659" X-IronPort-AV: E=Sophos;i="5.98,322,1673942400"; d="scan'208";a="345206659" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2023 18:43:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="689492433" X-IronPort-AV: E=Sophos;i="5.98,322,1673942400"; d="scan'208";a="689492433" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga007.fm.intel.com with ESMTP; 05 Apr 2023 18:43:01 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Wed, 5 Apr 2023 18:43:01 -0700 Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Wed, 5 Apr 2023 18:43:00 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Wed, 5 Apr 2023 18:43:00 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.173) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Wed, 5 Apr 2023 18:43:00 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IVz2UeJOuTpvywV/Ce1vniE/bqp66gocEME1vQYfiHx6hORhr28e6Y5R6Qx7Mt2HpAGiNub1bBaXvL2agrQTrWWZBl8QfTOeNaRrigQXsnp+ejGUPXFaDR/VV20abv28cx1oaTbfQFQ5M6LFOZC/hQ2r3oK/pFFMx5EmP2XjSWFJwoPZVV0MbyAQNauNcXNlfw8URKszbhEazoHi5LjZrV/ehPko/LBkL/fEjoZ20uEKVLJvvs23bmEirrq0y1pkniODm+icDH+yoTHnmHNQalsTWJXYCIuuJOXn52zQ4Xnys62tF31705vpxzx0GjczDsdcLzfMQKlts7Nw9Qhu7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FbEbnVheY97AycKbxcZ+QWJ25i7fQSrgpmPPKteFVBE=; b=c4M1axXoV3wPMyPKNEBu9wz1+MVvjfE5u2biOVxd8SZj0Q4LUTi1ShUPj6IVKJbSvxibCz/jKyJCTWS6i3GZS+5cOxg+wzhB45geq4cMZZ/FHrMcUYXPsFdnPpDG4uUlTiKdNaSyZASYKUuAgj8TQpdq+MKxDadkEL7XNCQEshTAAYA0GlBSgDB1f4N6bIzwYhXo60zqadVFHXCM4R9PDdcRvZlEpUM1jSw3S18Ut6fgkzRf2UEird09Edq/1/QOuUcTAbHIUSaNwRnGEFkQ2W+8K2k3pAqc+nbdVG+PI9CPTRZcmG8HnjN9nnQK9Do4QlCw2OtOy1WWc4h8eqcBZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by DS0PR11MB7405.namprd11.prod.outlook.com (2603:10b6:8:134::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.23; Thu, 6 Apr 2023 01:42:56 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::6364:feb3:108:a5ee]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::6364:feb3:108:a5ee%6]) with mapi id 15.20.6254.035; Thu, 6 Apr 2023 01:42:56 +0000 From: "Min Xu" To: Gerd Hoffmann , Tom Lendacky CC: joeyli , "devel@edk2.groups.io" , "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Michael Roth , "Xu, Min M" Subject: Re: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest Thread-Topic: [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest Thread-Index: AQHZY9/upZdLU6tINE+BmUa1CmQ25K8Yur2ggAC6N4CABBMlUA== Date: Thu, 6 Apr 2023 01:42:56 +0000 Message-ID: References: <20230329052310.27-1-min.m.xu@intel.com> <4tmi32c3kevecoc3y7mb6jlv7d7ygmctt6bgwflvjybqwphjqk@gnnertcj5kz2> <20230331075956.GJ8569@linux-l9pv.suse> <20230331144834.GK8569@linux-l9pv.suse> In-Reply-To: Accept-Language: en-US X-Mentions: thomas.lendacky@amd.com X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR11MB5064:EE_|DS0PR11MB7405:EE_ x-ms-office365-filtering-correlation-id: 7841d8bc-4df7-4f15-fa0e-08db36403ef3 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7Wa/tirgQ0fBoHZ8P3sQ1Zx8FsMS/MlxNjDSX8zs1WUXTeo9QBYE8DAak6lNYdA9ej8X1BxC1r3bGh94s5XzRDs3zudn0ic25F7Tld4H0zbQNxmWGViL2p8tigXHEaydxV4aczDhHGyO6dOdu/GSefVLJyHgOH8nxMPVCqR/IMMSoMLpLYU5WTveDJcfHskE7+lVvaKh4FPo+zGHX5Fu4HKXT8QmI0GoQ9rJv1MQHDoPfsrNP6sdo6wPcY5Qbu1dUNTfY1tZ1C1hqG3dGx6MIaIN61bUXZDc7A7kVx0QLGW8Xt0+tOUmXzEa0EFiey2OSoyGGFCjpZEmfKut5QKiEfPTBIw0YwgaNenfOEy6sEEM/bYowH+wojv3ApZDdTKBRVmBJcBaiDxbADKkeGrvG8UllGJa5S3+uSKCHFYXaa76d2ZNx11s/5HcEzdhmqrRhZdYWEX5P/klGvRelj5kjuH3uoz5PXJgifw/Vn0cVCubgwO4XypZTUvcBx2jOpJqoHgpnyBdr43oK/Cmh5y0sqNZAOn9w2aEPXDtnsWLcHvRHBW/Ykbgojp1YVjT3SH0/dN0cpQaHlsNGujVWms/tXpmk9GEpwM9h8XPgRDDETs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(39860400002)(396003)(136003)(366004)(346002)(376002)(451199021)(6506007)(9686003)(107886003)(186003)(52536014)(110136005)(66556008)(4326008)(64756008)(316002)(83380400001)(26005)(122000001)(54906003)(8676002)(7696005)(33656002)(66446008)(38100700002)(2906002)(71200400001)(478600001)(966005)(66946007)(76116006)(82960400001)(66476007)(5660300002)(41300700001)(38070700005)(86362001)(4744005)(55016003)(8936002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2Gb/lOemntBP/Js1FMnj25SHsOi13I4vOJbEFEUlvWy6NOo1bxmS0mF+Eutl?= =?us-ascii?Q?yXsaiTEQ+RjepAAWed4VtS7213GeROTyQm+ox55/cidIaJxftAS6NRp3dGoP?= =?us-ascii?Q?ea5+Za41Jd5j4tPwiwrwptpSNzUpmVn022mBlCwQ33Gp6XEgwv2i/nKJ4EJj?= =?us-ascii?Q?rUK7w6Kg1JrQQjM1wZl7Xy+MMzD8qvTCt6kOkyZLeC4aMBbgt9JZHAbRCIir?= =?us-ascii?Q?BUEmGRcVFDrREiwZcP5rrEE0iEQHa5CHkPNEph/7I0+EzbDlXgBAqAcfDsB4?= =?us-ascii?Q?vczKIv1EFNPXzMXec+3qNC82W6hZ8jlLb1144/Rz0bO0qEx7bjm4Fr1fVPzc?= =?us-ascii?Q?Ymfyxe8F7+JQqF2Zpn2BG3ispUi4cEv/8E91by3gsjg4d4eoLNRkDewedAUB?= =?us-ascii?Q?Q83Ubh5gTsfzktPcNvhpdz047l8fuTD6ys+mAEKc4erkZ4d83NK1WC2G7qU3?= =?us-ascii?Q?MOzFJyNKF64V7FM/NVny8X9gdWwrrwfQngdF2VWeLnqyjxH8nSq1htStUT/O?= =?us-ascii?Q?xnl68GTiMk3hztZuq4TauDXhaY5ylDwKiLfM+bKFViPdJ1NMrw1wwkXWYaeq?= =?us-ascii?Q?xX7TyPnltts9lhrsplu252upwW44FwhG5q2OCTX9V1G6hyT/ZpM8BWWABV68?= =?us-ascii?Q?jWy+y3Or8vwpQszMgYLOUAtfqg5L2TsPgzR3zp9oHaFQBK3EANmME2joQBhO?= =?us-ascii?Q?3jEVa0tS/xMioXf0ecOQtz81Yyi2ODbn50JNMuPmW5s5DZowSVGEUKyEwWhR?= =?us-ascii?Q?I47wIWFILWcXJRsTg2UhaRZsULclrsCd3wARSVBuO5JVQDZVwjbtnm3Pw1+f?= =?us-ascii?Q?L2BRHKlyEKSidBkS6EzULAOlzv1Dhe4dPifWtm+iTd6cldtXDeWrcMrId6CI?= =?us-ascii?Q?aZC9UCODOIS2aPIy/wc88kknX5JJlA1YRrvwy1Kjs7huDm27HMqsIK7SX8iH?= =?us-ascii?Q?GHN/VYBSCD6iWKK+xSEVUQF/cTPUyC6vClvMupoyWKDBz224h+dlXycpGsnT?= =?us-ascii?Q?+bhVmA4jFbPN4DXfcadczeWvz3u18PnzTymdWNwGFkKkRs2xn06NdN6td7JL?= =?us-ascii?Q?ORmQJPh6RkfvbOzvHwvrpe0SRkRMU5nIp2DLxsH3Of5yq4EqV2Q8qJcmOYtT?= =?us-ascii?Q?9UwIy19BrHxNCHH6dbBlH3M+1tffqEN6W3Ozl6gMGN7HrGjbtOw7bqgKBO6K?= =?us-ascii?Q?20pt6oHCtDtxpdta/mf+SLGNf/jPNTxRLM4a//eBphX3+JGTNGLBeJi+/73J?= =?us-ascii?Q?tPfBPdpM0tz9KJtM0bgwo8W1GK24nY5sbe/ZJKtnTeRiPjgvXxUmDKk82iZB?= =?us-ascii?Q?KVD7tQtVLU7UeUD6P3hBlllg4jUXQiOg1JDxmBSS+68n9SbkK6+r38LXmRKC?= =?us-ascii?Q?8JRg8Tun3QX8+6KzJDqldaTyHNCbgPw5xHlIjoCxDLWoxQZVTYPwDl2BH/ue?= =?us-ascii?Q?xmbnuiiRgLGK530XllSu4EpbUozSNF3UR+Iz7QQWNgM6bKUG2a/3dcvjgFw4?= =?us-ascii?Q?rd0lEDovrtq9Lxw9cX+y3T/0ghU/GPN6GoC41m325d2Ox+d8tzm3xigu3qXR?= =?us-ascii?Q?7aXVD6L9vf6Gmy/+ix8E9G5woqWJHZ/bjKSZLdab?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7841d8bc-4df7-4f15-fa0e-08db36403ef3 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2023 01:42:56.4467 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ws/HlHtdEfzPHwvqE9wP4K2OQqSjBXYk/OHvJnkCyr9afM538WUmVmE1gGgwryFwG2kvxSylngP8dZKtv179hw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB7405 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On April 3, 2023 7:21 PM, Gerd Hoffmann wrote: > > > I agree that the efi variable store is not secure without smm. But > > > after 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE doesn't > > > work with SEV. System just hangs in "NvVarStore FV headers were inval= id." > > Hi, Joeyli > > ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is skip= ped > and an error code is returned. So system will not hang. > > So another solution is simply remove the ASSERT. Then an error message = is > dumped out and system continues. > > > > @Gerd Hoffmann @Tom Lendacky @joeyli What's your thought? >=20 > Maybe we just need to call ReserveEmuVariableNvStore a bit later? >=20 I think we can still call ReserveEmuVariableNvStore at PEI phase, but move = the initialization of EmuVariableNvStore to https://github.com/tianocore/ed= k2/blob/master/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c#L780-L783 @Tom Lendacky At this moment, is SEV guest available to read the content f= rom VarStore? Thanks Min