Secure-Boot related variables include the PK/KEK/DB/DBX and they are stored in NvVarStore (OVMF_VARS.fd). But QEMU command option -pflash is not supported in Tdx guest. So when Tdx guest is booted, EmuVariableFvbRuntimeDxe driver is loaded and the NvVarStore is initialized with empty content. This patch-set is to initialize the NvVarStore with the content of Configuration FV (CFV).
Before the NvVarStore is initialized with the content of CFV, CFV's integrity should be validated. So patch #1/2 are imported to do such validation. Code: https://github.com/mxu9/edk2/tree/secure-boot.v1 Cc: Erdem Aktas <erdemak...@google.com> Cc: James Bottomley <j...@linux.ibm.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Gerd Hoffmann <kra...@redhat.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Min Xu <min.m...@intel.com> *** BLURB HERE *** Min M Xu (3): OvmfPkg: Move TdxValidateCfv from PeilessStartupLib to PlatformInitLib OvmfPkg: Validate Cfv integrity in Tdx guest OvmfPkg: Initialize NvVarStore with Configuration FV in Td guest OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c | 19 +++ OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf | 2 + OvmfPkg/Include/Library/PlatformInitLib.h | 17 ++ OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 153 ------------------ .../PeilessStartupInternal.h | 17 -- OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 153 ++++++++++++++++++ OvmfPkg/Sec/SecMain.c | 8 + OvmfPkg/Sec/SecMain.inf | 2 + 8 files changed, 201 insertions(+), 170 deletions(-) -- 2.29.2.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90586): https://edk2.groups.io/g/devel/message/90586 Mute This Topic: https://groups.io/mt/91835106/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
