From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 861C5740034 for ; Tue, 23 Apr 2024 14:31:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=hiP8XGcbEf71lfqxnk+Ko0ubXM9Yvy3xD3csUKTbzbk=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20240206; t=1713882692; v=1; b=sVYvA5ewPCWDmySyj3bwZA3JMG8qu3XjlWBQQpNdtoQ9dKjOY33tw44ip8cUXXqbeqVlJMgb 6BRnWDt0fwOhXleB1Ym7kgIJdQWuG5layDYsJhUiYBIii8+5iB4X4qdu/c5m6+d8azhNxDb+y68 PAcOkvEth7YXa1pboM0PGimBa/cxDGxJGsHXkaEVm6c8s2yAY3/JXH8l8p5St9Ir7ut5hBW+9uQ l8TdA3+zf1OTn6gyu/lC4h4Q3JE70kf9T4X+Xp9kLjh+5xmK48Ex+3jKucY40TO1wbO65bLw2FF W/D12cM888zReXce/fNsY1yGfhPPDQfcXESwHHcnFdDUQ== X-Received: by 127.0.0.2 with SMTP id izMAYY7687511x0iUAPsJG7C; Tue, 23 Apr 2024 07:31:32 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.20155.1713882691184976843 for ; Tue, 23 Apr 2024 07:31:31 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-523-R_ApNytrMBqAkkdcK5MFIw-1; Tue, 23 Apr 2024 10:31:26 -0400 X-MC-Unique: R_ApNytrMBqAkkdcK5MFIw-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4F314104B506; Tue, 23 Apr 2024 14:31:26 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.150]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1BAE340BB24; Tue, 23 Apr 2024 14:31:26 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id E80DF1800929; Tue, 23 Apr 2024 16:31:24 +0200 (CEST) Date: Tue, 23 Apr 2024 16:31:24 +0200 From: "Gerd Hoffmann" To: "Aithal, Srikanth" Cc: devel@edk2.groups.io, Konstantin Kostiuk , Oliver Steffen , Jiewen Yao , Ard Biesheuvel , "Lendacky, Thomas" Subject: Re: [edk2-devel] [PATCH v3 4/5] OvmfPkg/VirtHstiDxe: add code flash check Message-ID: References: <20240422104729.502112-1-kraxel@redhat.com> <20240422104729.502112-5-kraxel@redhat.com> <1943e036-9a1f-4b11-ab12-e9df3670d264@amd.com> <601f21e4-752e-4cca-a62c-cf4a414b6e51@amd.com> MIME-Version: 1.0 In-Reply-To: <601f21e4-752e-4cca-a62c-cf4a414b6e51@amd.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 23 Apr 2024 07:31:31 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Di1cpFz0oZtxgww27SJgiZqzx7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=sVYvA5ew; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On Tue, Apr 23, 2024 at 07:14:04PM +0530, Aithal, Srikanth wrote: > Correcting. > > On 4/23/2024 7:09 PM, Aithal, Srikanth wrote: > > Hello, > > > > Todays OVMF/edk2 master branch is breaking AMD SEV-ES guest boot with > > OvmfX64 package, where as sev-es guest boots fine with AmdSev package. > > > > Git bisect pointed to below commit as bad, going back to previous commit > > i.e ddc43e7a SEV-ES guest boots fine with OvmfX64 package: > Git bisect pointed to below commit as bad, going back to previous commit i.e > ddc43e7a SEV-ES guest boots fine. With OVMF/edk2 master branch SEV-ES guest > boots fine with *AmdSev *package: The tests don't make much sense in confidential guests (both sev and tdx). Which why the driver is not included in the AmdSevPkg builds. Not activating the driver in confidential guests should fix that, test patch below. take care, Gerd diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf index 9514933011e8..b5c237288766 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -49,6 +49,7 @@ [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c index b6e53a1219d1..efaff0d1f3cb 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include @@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint ( EFI_STATUS Status; EFI_EVENT Event; + if (PcdGet64 (PcdConfidentialComputingGuestAttr)) { + DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__)); + return EFI_UNSUPPORTED; + } + DevId = VirtHstiGetHostBridgeDevId (); switch (DevId) { case INTEL_82441_DEVICE_ID: -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118142): https://edk2.groups.io/g/devel/message/118142 Mute This Topic: https://groups.io/mt/105667072/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-