On 4/6/23 20:56, Xu, Min M wrote:
On Friday, April 7, 2023 4:29 AM, Tom Lendacky wrote:
On 4/5/23 20:42, Xu, Min M wrote:
On April 3, 2023 7:21 PM, Gerd Hoffmann wrote:
I agree that the efi variable store is not secure without smm. But
after 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE
doesn't
work with SEV. System just hangs in "NvVarStore FV headers were
invalid."
Hi, Joeyli
ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is
skipped
and an error code is returned. So system will not hang.
So another solution is simply remove the ASSERT. Then an error
message is
dumped out and system continues.
@Gerd Hoffmann @Tom Lendacky @joeyli What's your thought?
Maybe we just need to call ReserveEmuVariableNvStore a bit later?
I think we can still call ReserveEmuVariableNvStore at PEI phase, but
move the initialization of EmuVariableNvStore to
https://github.com/tianocore/edk2/blob/master/OvmfPkg/EmuVariableFvbR
u
ntimeDxe/Fvb.c#L780-L783 @Tom Lendacky At this moment, is SEV guest
available to read the content from VarStore?
It's quite possible. If you can work up a quick patch, I'll test it out.
Yes, the patch is uploaded here
https://bugzilla.tianocore.org/show_bug.cgi?id=4379#c17
Hi Min,
Thanks for the quick turn-around, but that patch didn't work for me. I've
update the bugzilla.
Thanks,
Tom
Thanks
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102714): https://edk2.groups.io/g/devel/message/102714
Mute This Topic: https://groups.io/mt/97922617/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
