From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 18E8D78003C for ; Thu, 11 Jul 2024 04:24:27 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=zGtWcuWwjz8HmTcgb9N/Uw68nrXxhAw02+cj6UESlpc=; c=relaxed/simple; d=groups.io; h=Subject:To:From:User-Agent:MIME-Version:Date:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1720671867; v=1; b=XzY3J4S2P9Fg7WxtEf3T/7y+5ss7B2KUl14LBqg3OIq3lQwKxs87n/t6gqJ2wxq9LY5MXd8m QgxS7ArjHYHFOySFRJrOG10Xt23IJyKcKyUuQ4ugsM0q+UUBZ4Y9MSTT7gtTVSBVZoswaioYl8M YrjyuGJlxzdhRYnOLBQTAd+nJg/tVs8o6Xm99ZukqL8VySYpslivs1bu7OLZAcb/BCq1DWTnWxg BKE5LS4DEVBLEPvelWC2uky6asQw0iVpQCoec3O7/rHVhqs41+yR2h5Lj2GkudrANKZWCIfCv7E prqQjBjIdTaRk+75rN6v+8UC8QuJjeyYkZvRmtHP7tfGg== X-Received: by 127.0.0.2 with SMTP id Mkb4YY7687511xFyjpD5fb3z; Wed, 10 Jul 2024 21:24:26 -0700 Subject: [edk2-devel] The OVMF packages can not work properly when it was compiled with "-D SECURE_BOOT_ENABLE=TRUE" To: devel@edk2.groups.io From: wojiaohanliyang@163.com X-Originating-Location: CN (118.242.3.34) X-Originating-Platform: Windows Chrome 126 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Wed, 10 Jul 2024 06:24:06 -0700 Message-ID: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: dZfEpV2mBTPnOFO97lbsOP3nx7686176AA= Content-Type: multipart/alternative; boundary="gYUo146Y9bJ8OSohC9za" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=XzY3J4S2; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --gYUo146Y9bJ8OSohC9za Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable When I compile the OVMF packages with "-D SECURE_BOOT_ENABLE=3DTRUE -D DEBU= G_ON_SERIAL_PORT=3DTRUE", I found the OVMF can not work properly. *First, I boot a Qemu VM with only OVMF_CODE.fd but not OVMF_VARS.fd:* a. For Non-encrypted VM, the guest hungs in OVMF with the following assert = message. ---------------------------------------------- Reserved variable store memory: 0xBFD7C000; size: 528kb NvVarStore FV headers were invalid. ASSERT [PlatformPei] /dev/shm/edk2/OvmfPkg/Library/PlatformInitLib/Platform= .c(932): ((BOOLEAN)(0=3D=3D1)) ---------------------------------------------- b. For SEV VM, the guest reset in the OVMF in an infinite loop. ---------------------------------------------- SecCoreStartupWithStack(0xFFFCC000, 0x820000) Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE ...... Reserved variable store memory: 0xBFD7C000; size: 528kb SecCoreStartupWithStack(0xFFFCC000, 0x820000) Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE ...... Reserved variable store memory: 0xBFD7C000; size: 528kb SecCoreStartupWithStack(0xFFFCC000, 0x820000) Register PPI Notify: DCD0BE23-9586-40F4-B643-06522CED4EDE ...... Reserved variable store memory: 0xBFD7C000; size: 528kb SecCoreStartupWithStack(0xFFFCC000, 0x820000) ...... ...... ---------------------------------------------- c. For SEV-ES VM, the guest hungs in OVMF with the following assert message= . ---------------------------------------------- Reserved variable store memory: 0xBFD7C000; size: 528kb Invalid MMIO opcode (AF) ASSERT [SecMain] /dev/shm/edk2/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c(= 507): ((BOOLEAN)(0=3D=3D1)) ---------------------------------------------- *Then, I boot a Qemu VM with OVMF.fd (the OVMF_VARS.fd part is included in = OVMF.fd):* a. For SEV/SEV-ES VM, the guest hungs in OVMF with following dump messages. ---------------------------------------------- Loading driver at 0x000BDB92000 EntryPoint=3D0x000BDB95EF4 FaultTolerantWri= teDxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BDE01D98 ProtectUefiImageCommon - 0xBDE01040 - 0x00000000BDB92000 - 0x0000000000005B00 Ftw: FtwWorkSpaceLba - 0x40, WorkBlockSize =C2=A0- 0x1000, FtwWorkSpaceBase= - 0x0 Ftw: FtwSpareLba =C2=A0 =C2=A0 - 0x42, SpareBlockSize - 0x1000 Ftw: NumberOfWorkBlock - 0x1, FtwWorkBlockLba - 0x40 Ftw: WorkSpaceLbaInSpare - 0x0, WorkSpaceBaseInSpare - 0x0 Ftw: Remaining work space size - FE0 !!!! X64 Exception Type - 0D(#GP - General Protection) =C2=A0CPU Apic ID - = 00000000 !!!! ExceptionData - 0000000000000000 RIP =C2=A0- 00000000BDB92459, CS =C2=A0- 0000000000000038, RFLAGS - 0000000= 000010286 RAX =C2=A0- 587E3201A019FB0C, RCX - 587E3200E238F994, RDX - 000000000000000= 1 RBX =C2=A0- 00000000BDE10018, RSP - 00000000BFB79AD8, RBP - 0000000000000FE= 0 RSI =C2=A0- 00000000BDE100A8, RDI - 00000000BDE10128 R8 =C2=A0 - D4642A9DFB7C79BE, R9 =C2=A0- 00000000000003F8, R10 - 00000000BD= B96602 R11 =C2=A0- 0000000000000002, R12 - 00000000BDE100A0, R13 - 000000000000000= 0 R14 =C2=A0- 0000000000000001, R15 - 00000000BFBA76C0 DS =C2=A0 - 0000000000000030, ES =C2=A0- 0000000000000030, FS =C2=A0- 00000= 00000000030 GS =C2=A0 - 0000000000000030, SS =C2=A0- 0000000000000030 CR0 =C2=A0- 0000000080010033, CR2 - 0000000000000000, CR3 - 00000000BF80100= 0 CR4 =C2=A0- 0000000000000668, CR8 - 0000000000000000 DR0 =C2=A0- 0000000000000000, DR1 - 0000000000000000, DR2 - 000000000000000= 0 DR3 =C2=A0- 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 000000000000040= 0 GDTR - 00000000BF5DC000 0000000000000047, LDTR - 0000000000000000 IDTR - 00000000BEF0C018 0000000000000FFF, =C2=A0 TR - 0000000000000000 FXSAVE_STATE - 00000000BFB79730 !!!! Find image based on IP(0xBDB92459) /dev/shm/edk2/Build/OvmfX64/DEBUG_G= CC5/X64/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe/= DEBUG/FaultTolerantWriteDxe.dll (ImageBase=3D00000000BDB92000, EntryPoint= =3D00000000BDB95EF4) !!!! ---------------------------------------------- *Last, I boot a Qemu VM with OVMF_CODE.fd and OVMF_VARS.fd:* a. For SEV/SEV-ES VM, the guest hungs in OVMF with the following assert mes= sage. ---------------------------------------------- Reserved variable store memory: 0xBFD7C000; size: 528kb NvVarStore FV headers were invalid. ASSERT [PlatformPei] /dev/shm/edk2/OvmfPkg/Library/PlatformInitLib/Platform= .c(932): ((BOOLEAN)(0=3D=3D1)) ---------------------------------------------- -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119885): https://edk2.groups.io/g/devel/message/119885 Mute This Topic: https://groups.io/mt/107157379/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --gYUo146Y9bJ8OSohC9za Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable When I compile the OVMF packages with "-D SECURE_BOOT_ENABLE=3DTRUE -D DEBU= G_ON_SERIAL_PORT=3DTRUE", I found the OVMF can not work properly.

First, I boot a Qemu VM with only OVMF_CODE.fd but not OVMF_VARS.= fd:

    a. For Non-encrypted VM, the guest hu= ngs in OVMF with the following assert message.

    &nb= sp;   ----------------------------------------------
   = ;     Reserved variable store memory: 0xBFD7C000; size: 528kb
        NvVarStore FV headers were invalid.
&nbs= p;       ASSERT [PlatformPei] /dev/shm/edk2/OvmfPkg/Library/= PlatformInitLib/Platform.c(932): ((BOOLEAN)(0=3D=3D1))
    &= nbsp;   ----------------------------------------------

&nbs= p;   b. For SEV VM, the guest reset in the OVMF in an infinite loop.
        -------------------------------------= ---------
        SecCoreStartupWithStack(0xFFFCC0= 00, 0x820000)
        Register PPI Notify: DCD0BE2= 3-9586-40F4-B643-06522CED4EDE
        ......
=         Reserved variable store memory: 0xBFD7C000; siz= e: 528kb
        SecCoreStartupWithStack(0xFFFCC00= 0, 0x820000)
        Register PPI Notify: DCD0BE23= -9586-40F4-B643-06522CED4EDE
        ......
&= nbsp;       Reserved variable store memory: 0xBFD7C000; size= : 528kb
        SecCoreStartupWithStack(0xFFFCC000= , 0x820000)
        Register PPI Notify: DCD0BE23-= 9586-40F4-B643-06522CED4EDE
        ......
&n= bsp;       Reserved variable store memory: 0xBFD7C000; size:= 528kb
        SecCoreStartupWithStack(0xFFFCC000,= 0x820000)
        ......
     = ;   ......
        --------------------------= --------------------

    c. For SEV-ES VM, the guest h= ungs in OVMF with the following assert message.

    &n= bsp;   ----------------------------------------------
  &nbs= p;     Reserved variable store memory: 0xBFD7C000; size: 528kb        Invalid MMIO opcode (AF)
    =     ASSERT [SecMain] /dev/shm/edk2/OvmfPkg/Library/CcExitLib/CcEx= itVcHandler.c(507): ((BOOLEAN)(0=3D=3D1))
        = ----------------------------------------------

Then, I b= oot a Qemu VM with OVMF.fd (the OVMF_VARS.fd part is included in OVMF.fd):<= /strong>

    a. For SEV/SEV-ES VM, the guest hungs in = OVMF with following dump messages. 

      &n= bsp; ----------------------------------------------
    &nbs= p;   Loading driver at 0x000BDB92000 EntryPoint=3D0x000BDB95EF4 FaultT= olerantWriteDxe.efi
        InstallProtocolInterfa= ce: BC62157E-3E33-4FEC-9920-2D3B36D750DF BDE01D98
     =   ProtectUefiImageCommon - 0xBDE01040
       = ;   - 0x00000000BDB92000 - 0x0000000000005B00
     = ;   Ftw: FtwWorkSpaceLba - 0x40, WorkBlockSize  - 0x1000, FtwWork= SpaceBase - 0x0
        Ftw: FtwSpareLba   &n= bsp; - 0x42, SpareBlockSize - 0x1000
        Ftw: = NumberOfWorkBlock - 0x1, FtwWorkBlockLba - 0x40
      &= nbsp; Ftw: WorkSpaceLbaInSpare - 0x0, WorkSpaceBaseInSpare - 0x0
 = ;       Ftw: Remaining work space size - FE0
  &nb= sp;     !!!! X64 Exception Type - 0D(#GP - General Protection) &n= bsp;CPU Apic ID - 00000000 !!!!
        ExceptionD= ata - 0000000000000000
        RIP  - 0000000= 0BDB92459, CS  - 0000000000000038, RFLAGS - 0000000000010286
&nbs= p;       RAX  - 587E3201A019FB0C, RCX - 587E3200E238F99= 4, RDX - 0000000000000001
        RBX  - 0000= 0000BDE10018, RSP - 00000000BFB79AD8, RBP - 0000000000000FE0
  &n= bsp;     RSI  - 00000000BDE100A8, RDI - 00000000BDE10128
        R8   - D4642A9DFB7C79BE, R9  - 0000= 0000000003F8, R10 - 00000000BDB96602
        R11 &= nbsp;- 0000000000000002, R12 - 00000000BDE100A0, R13 - 0000000000000000
        R14  - 0000000000000001, R15 - 00000000B= FBA76C0
        DS   - 0000000000000030, ES &= nbsp;- 0000000000000030, FS  - 0000000000000030
    &nb= sp;   GS   - 0000000000000030, SS  - 0000000000000030
&= nbsp;       CR0  - 0000000080010033, CR2 - 000000000000= 0000, CR3 - 00000000BF801000
        CR4  - 0= 000000000000668, CR8 - 0000000000000000
        DR= 0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000<= br />        DR3  - 0000000000000000, DR6 - 000000= 00FFFF0FF0, DR7 - 0000000000000400
        GDTR - = 00000000BF5DC000 0000000000000047, LDTR - 0000000000000000
  &nbs= p;     IDTR - 00000000BEF0C018 0000000000000FFF,   TR - 0000= 000000000000
        FXSAVE_STATE - 00000000BFB797= 30
        !!!! Find image based on IP(0xBDB92459)= /dev/shm/edk2/Build/OvmfX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/FaultTol= erantWriteDxe/FaultTolerantWriteDxe/DEBUG/FaultTolerantWriteDxe.dll (ImageB= ase=3D00000000BDB92000, EntryPoint=3D00000000BDB95EF4) !!!!
  &nb= sp;     ----------------------------------------------

Last, I boot a Qemu VM with OVMF_CODE.fd and OVMF_VARS.fd:

    a. For SEV/SEV-ES VM, the guest hungs in OVMF wi= th the following assert message.

        ---= -------------------------------------------
       = ; Reserved variable store memory: 0xBFD7C000; size: 528kb
   = ;     NvVarStore FV headers were invalid.
    &nbs= p;   ASSERT [PlatformPei] /dev/shm/edk2/OvmfPkg/Library/PlatformInitLi= b/Platform.c(932): ((BOOLEAN)(0=3D=3D1))
        -= ---------------------------------------------
_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#119885) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--gYUo146Y9bJ8OSohC9za--