public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: 韩里洋 <wojiaohanliyang@163.com>,
	devel@edk2.groups.io, erdemaktas@google.com, jejb@linux.ibm.com,
	jiewen.yao@intel.com, min.m.xu@intel.com
Subject: Re: [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it
Date: Fri, 19 Jul 2024 09:35:26 +0200	[thread overview]
Message-ID: <cvs2v2m7m5kl7fvswmzi6jrict36ocdeirlt4x3uoyy2f56jd2@jav7brnbaj3h> (raw)
In-Reply-To: <b5d88a34-371d-9102-419c-450bdc69d930@amd.com>

On Thu, Jul 18, 2024 at 07:57:27PM GMT, Tom Lendacky wrote:
> On 7/16/24 21:30, 韩里洋 wrote:
> > Hi Tom,
> > 
> > 
> > 
> > 
> > Thank you for your response.
> > 
> > In fact, I'm unable to proceed with the development of the fix patch locally as I don't have a SEV-SNP hardware for experimentation. However, it has proven to be crucial for effectively testing and completing the patch.
> > 
> > Given your expertise and potentially available hardware, would your team be able to take over the fixing of this issue? (bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4807 )
> 
> Secure Boot is not supported under SEV-ES and SEV-SNP because SMM is
> required in order for Secure Boot to be secure.

The other option is initializing the variable store from ROM on each
boot.  Which implies there are no persistent EFI variables, which has
its own set of drawbacks.  But this is what the IntelTdx build is doing
and AmdSev should be able to do this too.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119980): https://edk2.groups.io/g/devel/message/119980
Mute This Topic: https://groups.io/mt/107212942/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  reply	other threads:[~2024-07-19  7:35 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-14 12:24 [edk2-devel] [PATCH 0/3] Fix boot failure when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages wojiaohanliyang
2024-07-14 12:24 ` [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it wojiaohanliyang
2024-07-15 14:15   ` Lendacky, Thomas via groups.io
2024-07-15 14:32     ` Lendacky, Thomas via groups.io
2024-07-17  2:30       ` 韩里洋
2024-07-19  0:57         ` Lendacky, Thomas via groups.io
2024-07-19  7:35           ` Gerd Hoffmann [this message]
2024-08-01 23:47             ` Andrew Fish via groups.io
2024-07-14 12:24 ` [edk2-devel] [PATCH 2/3] OvmfPkg/PlatformInitLib: Init the EmuVariableNvStore before copy data wojiaohanliyang
2024-07-14 12:24 ` [edk2-devel] [PATCH 3/3] OvmfPkg/PlatformPei: Update mapping of FlashNvVarStore before validate it wojiaohanliyang
  -- strict thread matches above, loose matches on Subject: below --
2024-07-14 12:22 [edk2-devel] [PATCH 0/3] Fix boot failure when use secure boot supported (-D SECURE_BOOT_ENABLE=TRUE) OVMF packages wojiaohanliyang
2024-07-14 12:22 ` [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it wojiaohanliyang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cvs2v2m7m5kl7fvswmzi6jrict36ocdeirlt4x3uoyy2f56jd2@jav7brnbaj3h \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox