From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id DF1587803D7 for ; Fri, 19 Jul 2024 07:35:38 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=dTb2Ug74quq920CiP/N38VixWE5MLHcyP8p2SV7EKZs=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition:Content-Transfer-Encoding; s=20240206; t=1721374538; v=1; b=yJ8onQ4yOiYxibQ29CRmIsca5EjBYtm1z+91dd17x1wu3pVD3mnWHTJsTauyw79/28DaLuJP 7z/4gsdcUFmZo+dpA+F6kuosUDTk481SrglVaQv1Fbgo+dlszDYrsk5Sk7mW5DjahBy64ZG/fzh 64Gv487tL8XuYfAxxtTfEIEWnvwj6IA1JlFX9MlNS6gEFZsotHgry2y1SqjFxEtgAGI6eU8lQCi 91Ktmh4/SJJyF8qMMdTozS4RbwJ6+7isZOrbnJoVGGQddrtC692zid/5mi4r0CI6+Z3OcVJMwuH 2DPdBcRYadZCLSUGFKG0qoUnrEA2SNDEOQAr8Crh71RIA== X-Received: by 127.0.0.2 with SMTP id PB9RYY7687511xpNs6GnjL7Q; Fri, 19 Jul 2024 00:35:37 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.14073.1721374536395738547 for ; Fri, 19 Jul 2024 00:35:36 -0700 X-Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-524-JJp1cVCTMw2q7VTWdIi1rA-1; Fri, 19 Jul 2024 03:35:31 -0400 X-MC-Unique: JJp1cVCTMw2q7VTWdIi1rA-1 X-Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E31E31955F41; Fri, 19 Jul 2024 07:35:29 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.162]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 130FA19560B2; Fri, 19 Jul 2024 07:35:29 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id B2D241800D65; Fri, 19 Jul 2024 09:35:26 +0200 (CEST) Date: Fri, 19 Jul 2024 09:35:26 +0200 From: "Gerd Hoffmann" To: Tom Lendacky Cc: =?utf-8?B?6Z+p6YeM5rSL?= , devel@edk2.groups.io, erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: Re: [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it Message-ID: References: <20240714122455.136148-1-wojiaohanliyang@163.com> <20240714122455.136148-2-wojiaohanliyang@163.com> <5c722bb7-e1cb-9f4d-f9e2-48b0a99db781@amd.com> <7dc6b311-69d0-69c6-77ee-65b945ee1b5c@amd.com> <1a14dc5e.26b5.190be867682.Coremail.wojiaohanliyang@163.com> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 19 Jul 2024 00:35:36 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 9sueKLjMFu3F2YSz5xvwM6zBx7686176AA= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=yJ8onQ4y; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On Thu, Jul 18, 2024 at 07:57:27PM GMT, Tom Lendacky wrote: > On 7/16/24 21:30, 韩里洋 wrote: > > Hi Tom, > > > > > > > > > > Thank you for your response. > > > > In fact, I'm unable to proceed with the development of the fix patch locally as I don't have a SEV-SNP hardware for experimentation. However, it has proven to be crucial for effectively testing and completing the patch. > > > > Given your expertise and potentially available hardware, would your team be able to take over the fixing of this issue? (bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4807 ) > > Secure Boot is not supported under SEV-ES and SEV-SNP because SMM is > required in order for Secure Boot to be secure. The other option is initializing the variable store from ROM on each boot. Which implies there are no persistent EFI variables, which has its own set of drawbacks. But this is what the IntelTdx build is doing and AmdSev should be able to do this too. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119980): https://edk2.groups.io/g/devel/message/119980 Mute This Topic: https://groups.io/mt/107212942/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-