On 4/21/23 04:18, Gerd Hoffmann wrote:
Hmm, good question. Can the guest figure what memory ranges are part
of the launch measurement?
I have a patch here (attached below) which refines flash detection and
can detect whenever varstore flash is writable or not. I suspect that
doesn't help much though as flash probing requires mappings already
being correct.
Sorry for the delay, but, yeah, doesn't help. SEV and SEV-ES assert and
SEV-SNP terminates because of accessing a shared page (in the RMP) as a
private page (we don't support the generated 0x404 error code in the #VC
handler).
Can you try this?
https://github.com/kraxel/edk2/commits/devel/secure-boot-pcd
It works for the split vars/code launch, but fails for the combined
vars/code launch:
EMU Variable FVB Started
EMU Variable FVB: Using pre-reserved block at 7FE7C000
EMU Variable FVB: Basic FV headers were invalid
EMU Variable FVB: SecureBoot: restore FV from ROM
EMU Variable FVB: Basic FV headers were invalid
ASSERT [EmuVariableFvbRuntimeDxe]
/root/kernels/ovmf-gerd-build-X64/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c(781):
((BOOLEAN)(0==1))
So the mapping isn't correct at this point either.
Thanks,
Tom
It moves the varstore copy from platform init to emu variable driver,
which should be late enough that sev setup should be complete.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103432): https://edk2.groups.io/g/devel/message/103432
Mute This Topic: https://groups.io/mt/97922617/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
