From: wojiaohanliyang@163.com
To: devel@edk2.groups.io
Subject: [edk2-devel] The OVMF packages can not work properly when it was compiled with "-D SECURE_BOOT_ENABLE=TRUE"
Date: Wed, 10 Jul 2024 06:24:06 -0700 [thread overview]
Message-ID: <cJHd.1720617846337823298.2DC6@groups.io> (raw)
[-- Attachment #1: Type: text/plain, Size: 4703 bytes --]
When I compile the OVMF packages with "-D SECURE_BOOT_ENABLE=TRUE -D DEBUG_ON_SERIAL_PORT=TRUE", I found the OVMF can not work properly.
*First, I boot a Qemu VM with only OVMF_CODE.fd but not OVMF_VARS.fd:*
a. For Non-encrypted VM, the guest hungs in OVMF with the following assert message.
----------------------------------------------
Reserved variable store memory: 0xBFD7C000; size: 528kb
NvVarStore FV headers were invalid.
ASSERT [PlatformPei] /dev/shm/edk2/OvmfPkg/Library/PlatformInitLib/Platform.c(932): ((BOOLEAN)(0==1))
----------------------------------------------
b. For SEV VM, the guest reset in the OVMF in an infinite loop.
----------------------------------------------
SecCoreStartupWithStack(0xFFFCC000, 0x820000)
Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE
......
Reserved variable store memory: 0xBFD7C000; size: 528kb
SecCoreStartupWithStack(0xFFFCC000, 0x820000)
Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE
......
Reserved variable store memory: 0xBFD7C000; size: 528kb
SecCoreStartupWithStack(0xFFFCC000, 0x820000)
Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE
......
Reserved variable store memory: 0xBFD7C000; size: 528kb
SecCoreStartupWithStack(0xFFFCC000, 0x820000)
......
......
----------------------------------------------
c. For SEV-ES VM, the guest hungs in OVMF with the following assert message.
----------------------------------------------
Reserved variable store memory: 0xBFD7C000; size: 528kb
Invalid MMIO opcode (AF)
ASSERT [SecMain] /dev/shm/edk2/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c(507): ((BOOLEAN)(0==1))
----------------------------------------------
*Then, I boot a Qemu VM with OVMF.fd (the OVMF_VARS.fd part is included in OVMF.fd):*
a. For SEV/SEV-ES VM, the guest hungs in OVMF with following dump messages.
----------------------------------------------
Loading driver at 0x000BDB92000 EntryPoint=0x000BDB95EF4 FaultTolerantWriteDxe.efi
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BDE01D98
ProtectUefiImageCommon - 0xBDE01040
- 0x00000000BDB92000 - 0x0000000000005B00
Ftw: FtwWorkSpaceLba - 0x40, WorkBlockSize - 0x1000, FtwWorkSpaceBase - 0x0
Ftw: FtwSpareLba - 0x42, SpareBlockSize - 0x1000
Ftw: NumberOfWorkBlock - 0x1, FtwWorkBlockLba - 0x40
Ftw: WorkSpaceLbaInSpare - 0x0, WorkSpaceBaseInSpare - 0x0
Ftw: Remaining work space size - FE0
!!!! X64 Exception Type - 0D(#GP - General Protection) CPU Apic ID - 00000000 !!!!
ExceptionData - 0000000000000000
RIP - 00000000BDB92459, CS - 0000000000000038, RFLAGS - 0000000000010286
RAX - 587E3201A019FB0C, RCX - 587E3200E238F994, RDX - 0000000000000001
RBX - 00000000BDE10018, RSP - 00000000BFB79AD8, RBP - 0000000000000FE0
RSI - 00000000BDE100A8, RDI - 00000000BDE10128
R8 - D4642A9DFB7C79BE, R9 - 00000000000003F8, R10 - 00000000BDB96602
R11 - 0000000000000002, R12 - 00000000BDE100A0, R13 - 0000000000000000
R14 - 0000000000000001, R15 - 00000000BFBA76C0
DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030
GS - 0000000000000030, SS - 0000000000000030
CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 00000000BF801000
CR4 - 0000000000000668, CR8 - 0000000000000000
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000BF5DC000 0000000000000047, LDTR - 0000000000000000
IDTR - 00000000BEF0C018 0000000000000FFF, TR - 0000000000000000
FXSAVE_STATE - 00000000BFB79730
!!!! Find image based on IP(0xBDB92459) /dev/shm/edk2/Build/OvmfX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe/DEBUG/FaultTolerantWriteDxe.dll (ImageBase=00000000BDB92000, EntryPoint=00000000BDB95EF4) !!!!
----------------------------------------------
*Last, I boot a Qemu VM with OVMF_CODE.fd and OVMF_VARS.fd:*
a. For SEV/SEV-ES VM, the guest hungs in OVMF with the following assert message.
----------------------------------------------
Reserved variable store memory: 0xBFD7C000; size: 528kb
NvVarStore FV headers were invalid.
ASSERT [PlatformPei] /dev/shm/edk2/OvmfPkg/Library/PlatformInitLib/Platform.c(932): ((BOOLEAN)(0==1))
----------------------------------------------
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119885): https://edk2.groups.io/g/devel/message/119885
Mute This Topic: https://groups.io/mt/107157379/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 7403 bytes --]
next reply other threads:[~2024-07-11 4:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-10 13:24 wojiaohanliyang [this message]
2024-07-11 6:42 ` [edk2-devel] The OVMF packages can not work properly when it was compiled with "-D SECURE_BOOT_ENABLE=TRUE" wojiaohanliyang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cJHd.1720617846337823298.2DC6@groups.io \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox