Re: [edk2-devel] [PATCH v3 4/5] OvmfPkg/VirtHstiDxe: add code flash check

Tue, 23 Apr 2024 07:31:40 -0700 

On Tue, Apr 23, 2024 at 07:14:04PM +0530, Aithal, Srikanth wrote:
> Correcting.
> 
> On 4/23/2024 7:09 PM, Aithal, Srikanth wrote:
> > Hello,
> > 
> > Todays OVMF/edk2 master branch is breaking AMD SEV-ES guest boot with
> > OvmfX64 package, where as sev-es guest boots fine with AmdSev package.
> > 
> > Git bisect pointed to below commit as bad, going back to previous commit
> > i.e ddc43e7a SEV-ES guest boots fine with OvmfX64 package:
> Git bisect pointed to below commit as bad, going back to previous commit i.e
> ddc43e7a SEV-ES guest boots fine. With OVMF/edk2 master branch SEV-ES guest
> boots fine with *AmdSev *package:

The tests don't make much sense in confidential guests (both sev and
tdx).  Which why the driver is not included in the AmdSevPkg builds.

Not activating the driver in confidential guests should fix that, test
patch below.

take care,
  Gerd

diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf 
b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
index 9514933011e8..b5c237288766 100644
--- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
@@ -49,6 +49,7 @@ [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
 
 [Pcd]
+  gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
   gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
 
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c 
b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
index b6e53a1219d1..efaff0d1f3cb 100644
--- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiLib.h>
+#include <Library/PcdLib.h>
 #include <Library/PlatformInitLib.h>
 
 #include <IndustryStandard/Hsti.h>
@@ -140,6 +141,11 @@ VirtHstiDxeEntrypoint (
   EFI_STATUS                           Status;
   EFI_EVENT                            Event;
 
+  if (PcdGet64 (PcdConfidentialComputingGuestAttr)) {
+    DEBUG ((DEBUG_INFO, "%a: confidential guest\n", __func__));
+    return EFI_UNSUPPORTED;
+  }
+
   DevId = VirtHstiGetHostBridgeDevId ();
   switch (DevId) {
     case INTEL_82441_DEVICE_ID:



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118142): https://edk2.groups.io/g/devel/message/118142
Mute This Topic: https://groups.io/mt/105667072/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to