On Wed, Mar 29, 2023 at 01:23:10PM +0800, Min Xu wrote: > From: Min M Xu <min.m...@intel.com> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4379 > > PlatformInitEmuVariableNvStore is called to initialize the > EmuVariableNvStore with the content pointed by > PcdOvmfFlashNvStorageVariableBase. This is because when OVMF is launched > with -bios parameter, UEFI variables will be partially emulated, and > non-volatile variables may lose their contents after a reboot. This makes > the secure boot feature not working. > > But in SEV guest, this design doesn't work. Because at this point the > variable store mapping is still private/encrypted, OVMF will see > ciphertext. So we skip the call of PlatformInitEmuVariableNvStore in > SEV guest.
I'd suggest to simply build without -D SECURE_BOOT_ENABLE instead. Without initializing the emu var store you will not get a functional secure boot setup anyway. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102158): https://edk2.groups.io/g/devel/message/102158 Mute This Topic: https://groups.io/mt/97922617/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-