Re: [edk2-devel] Regression found with latest edk2/OVMF SECUREBOOT/SMM build

["dann frazier" <dann.frazier@canonical.com>]

On Fri, Feb 11, 2022 at 06:31:35PM +0000, Aaron Young wrote:
>   Hello, my apologies if this has already been discovered/discussed/addressed, but we are seeing a reproducible exception with latest (c9b7c6e0cc7da76b74bcdd8c90cef956d5ae971c) OVMF x86_64 build with SECURE_BOOT/SMM enabled:
> 
>   Exception:
> 
> !!!! X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!
> RIP  - 00000000000E0000, CS  - 0000000000000038, RFLAGS - 0000000000010046
> RAX  - 0000000000000000, RCX - 000000007FED2920, RDX - 0000000000000000
> RBX  - 000000007DB93D98, RSP - 000000007FF26718, RBP - 000000007FFE1630
> RSI  - 000000007E9EE018, RDI - 0000000000000000
> R8   - 000000007FED3230, R9  - 0000000000000210, R10 - 000000000000002D
> R11  - 000000007FF26482, R12 - 000000007EAC2201, R13 - 000000007FFFD2B0
> R14  - 000000007FF26A88, R15 - 2000000000000000
> DS   - 0000000000000020, ES  - 0000000000000020, FS  - 0000000000000020
> GS   - 0000000000000020, SS  - 0000000000000020
> CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000007FF16000
> CR4  - 0000000000000668, CR8 - 0000000000000000
> DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
> DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
> GDTR - 000000007FED9000 000000000000004F, LDTR - 0000000000000000
> IDTR - 000000007FF20000 00000000000001FF,   TR - 0000000000000040
> FXSAVE_STATE - 000000007FF26370
> !!!! Can't find image information. !!!!
> 
> 
>  OVMF Debug Log tail:
> 
> Stacks                   - 0x7FF21000
> mSmmStackSize            - 0x6000
> PcdCpuSmmStackGuard      - 0x1
> mXdSupported - 0x1
> One Semaphore Size    = 0x40
> Total Semaphores Size = 0x1140
> PhysicalAddressBits = 40, 5LPageTable = 0.
> 5LevelPaging Needed             - 0
> 1GPageTable Support             - 0
> PcdCpuSmmRestrictedMemoryAccess - 1
> PhysicalAddressBits             - 36
> Initialize IDT IST field for SMM Stack Guard
> InstallProtocolInterface: 26EEB3DE-B689-492E-80F0-BE8BD7DA4BA7 7FFC6100
> SMM IPL registered SMM Entry Point address 7FFE5274
> SmmInstallProtocolInterface: EB346B97-975F-4A9F-8B22-F8E92BB3D569 7FFC6040
> SmmInstallProtocolInterface: 69B792EA-39CE-402D-A2A6-F721DE351DFE 7FFC6020
> CpuSmm: SpinLock Size = 0x40, PcdCpuSmmMpTokenCountPerChunk = 0x40
> SmmInstallProtocolInterface: 5D5450D7-990C-4180-A803-8E63F0608307 7FFC6200
> SmmInstallProtocolInterface: 1D202CAB-C8AB-4D5C-94F7-3CFCC0D3D335 7FFC6140
> SMM CPU Module exit from SMRAM with EFI_SUCCESS
> SMM IPL closed SMRAM window
> InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7DB93E18
> SmmInstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7FFE16C0
> Loading SMM driver at 0x0007FECA000 EntryPoint=0x0007FECFE6C FvbServicesSmm.efi
> 
> 
>  Failure bisected to this commit:
> 
>  commit ade62c18f4742301bbef474ac10518bde5972fba
> Author: Brijesh Singh via groups.io <brijesh.singh=amd.com@groups.io>
> Date:   Thu Dec 9 11:27:42 2021 +0800
> 
>     OvmfPkg/MemEncryptSevLib: add support to validate system RAM
>     
>     BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

I hit the same thing preparing a 202202-rc1 for Debian. Strangely it
only seems to impact our 2M images - FD_SIZE_4MB is OK:

!!!! X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!
RIP  - 000000000000FF00, CS  - 0000000000000038, RFLAGS - 0000000000000002
RAX  - 0000000000000000, RCX - 000000000FF77040, RDX - 0000000000000000
RBX  - 000000000FFF2690, RSP - 000000000FFCA6B8, RBP - 0000000000000000
RSI  - 000000000FFFB701, RDI - 000000000FFC0000
R8   - 000000000FF771C8, R9  - 0000000003070002, R10 - 000000000000002D
R11  - 000000000FF78FFF, R12 - 000000000DE37498, R13 - 000000000E9EE018
R14  - 000000000FF79000, R15 - 000000000FFFC6F8
DS   - 0000000000000020, ES  - 0000000000000020, FS  - 0000000000000020
GS   - 0000000000000020, SS  - 0000000000000020
CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000000FFBB000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000000FF7E000 000000000000004F, LDTR - 0000000000000000
IDTR - 000000000FFC4000 00000000000001FF,   TR - 0000000000000040
FXSAVE_STATE - 000000000FFCA310
!!!! Can't find image information. !!!!
FAIL

======================================================================
FAIL: test_ovmf_ms_secure_boot_unsigned (__main__.BootToShellTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/dannf/git/edk2/debian/tests/shell.py", line 75, in run_cmd_check_secure_boot
    i = child.expect(
  File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 343, in expect
    return self.expect_list(compiled_pattern_list,
pexpect.exceptions.TIMEOUT: Timeout exceeded.
<pexpect.pty_spawn.spawn object at 0x7f0f477483d0>
command: /usr/bin/qemu-system-x86_64
args: ['/usr/bin/qemu-system-x86_64', '-machine', 'q35,accel=tcg', '-no-user-config', '-nodefaults', '-m', '256', '-smp', '2,sockets=2,cores=1,threads=1', '-display', 'none', '-serial', 'stdio', '-chardev', 'pty,id=charserial1', '-device', 'isa-serial,chardev=charserial1,id=serial1', '-drive', 'file=/usr/share/OVMF/OVMF_CODE.ms.fd,if=pflash,format=raw,unit=0,readonly=on', '-drive', 'file=/tmp/tmpbbbbskit,if=pflash,format=raw,unit=1,readonly=off', '-global', 'ICH9-LPC.disable_s3=1', '-drive', 'file=/tmp/tmpaq_0333l,format=raw']
buffer (last 100 chars): b"TR - 0000000000000040\r\r\nFXSAVE_STATE - 000000000FFCA310\r\r\n!!!! Can't find image information. !!!!\r\r\n"
before (last 100 chars): b"TR - 0000000000000040\r\r\nFXSAVE_STATE - 000000000FFCA310\r\r\n!!!! Can't find image information. !!!!\r\r\n"
after: <class 'pexpect.exceptions.TIMEOUT'>

  -dann

> 
>   Our build procedure:
> 
> git clone git@linux-git.oraclecorp.com:QEMU/edk2.git edk2
> cd edk2
> git submodule update --init
> source ./edksetup.sh
> make -C BaseTools
> build -t GCC48 -D HTTP_BOOT_ENABLE -D FD_SIZE_4MB -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D TPM2_ENABLE -a X64 -p OvmfPkg/OvmfPkgX64.dsc
> 
>   QEMU command:
> 
> /usr/bin/qemu-system-x86_64 -name guest=Guest8 -m 8192 -smp 8,maxcpus=16 -machine q35,accel=kvm -drive file=/Src/EDK2/edk2-latest1/Build/OvmfX64/DEBUG_GCC48/FV/OVMF_CODE.fd,index=0,if=pflash,format=raw,readonly -drive file=/Src/EDK2/edk2-latest1/Build/OvmfX64/DEBUG_GCC48/FV/OVMF_VARS.fd,index=1,if=pflash,format=raw -drive file=/root/Test/Disks/Guest8.img,format=raw,if=virtio -debugcon file:ovmf_debug.log -global isa-debugcon.iobase=0x402 -monitor stdio -nodefaults -global ICH9-LPC.disable_s3=1 -serial telnet:127.0.0.1:4556,server -vnc 0.0.0.0:1
> 
>   -Aaron Young
>   aaron.young@oracle.com
> 
> 
> 
> 
>