Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: f0d2bc3ab268c8e3c6da4158208df38bc9d3677e
https://github.com/tianocore/edk2/commit/f0d2bc3ab268c8e3c6da4158208df38bc9d3677e
Author: Tom Lendacky <[email protected]>
Date: 2024-11-23 (Sat, 23 Nov 2024)
Changed paths:
M OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
Log Message:
-----------
OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Do not use flash with SEV-SNP
SEV-SNP does not support the use of the Qemu flash device as SEV-SNP
guests are started using the Qemu -bios option instead of the Qemu -drive
if=pflash option. Perform runtime detection of SEV-SNP and exit early from
the Qemu flash device initialization, indicating the Qemu flash device is
not present. SEV-SNP guests will use the emulated variable support.
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 52fa7e78d282f8434b41aff24b3a5a745611ff87
https://github.com/tianocore/edk2/commit/52fa7e78d282f8434b41aff24b3a5a745611ff87
Author: Tom Lendacky <[email protected]>
Date: 2024-11-23 (Sat, 23 Nov 2024)
Changed paths:
M OvmfPkg/PlatformPei/Platform.c
Log Message:
-----------
OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP memory acceptance
When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and
initializing the emulated variable store happens before memory has been
accepted under SEV-SNP. This results in a #VC exception for accessing
memory that hasn't been validated (error code 0x404). The #VC handler
treats this error code as a fatal error, causing the OVMF boot to fail.
Move the call to ReserveEmuVariableNvStore() to after memory has been
accepted by AmdSevInitialize().
Signed-off-by: Tom Lendacky <[email protected]>
Commit: d502cc7702e4d537c2bcbe5256e26cba6d4ca8c6
https://github.com/tianocore/edk2/commit/d502cc7702e4d537c2bcbe5256e26cba6d4ca8c6
Author: Tom Lendacky <[email protected]>
Date: 2024-11-23 (Sat, 23 Nov 2024)
Changed paths:
M OvmfPkg/Library/PlatformInitLib/Platform.c
M OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
Log Message:
-----------
OvmfPkg/PlatformInitLib: Retry NV vars FV check as shared
When OVMF is built with SECURE_BOOT_ENABLE, the variable store will be
populated and validated in PlatformValidateNvVarStore(). When an SEV
or an SEV-ES guest is running, this may be encrypted or unencrypted
depending on how the guest was started. If the guest was started with the
combined code and variable contents (OVMF.fd), then the variable store
will be encrypted. If the guest was started with the separate code and
variables contents (OVMF_CODE.fd and OVMF_VARS.fd), then the variable
store will be unencrypted.
When PlatformValidateNvVarStore() is first invoked, the variable store
area is initially mapped encrypted, which may or may not pass the variable
validation step depending how the guest was launched. To accomodate this,
retry the validation step on failure after remapping the variable store
area as unencrypted.
Signed-off-by: Tom Lendacky <[email protected]>
Commit: 6142f0a8a53557ba50300c762a15bf3c18382162
https://github.com/tianocore/edk2/commit/6142f0a8a53557ba50300c762a15bf3c18382162
Author: Tom Lendacky <[email protected]>
Date: 2024-11-23 (Sat, 23 Nov 2024)
Changed paths:
M OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
Log Message:
-----------
OvmfPkg/EmuVariableFvbRuntimeDxe: Issue NV vars initializitation message
Add a debug message that indicates when the NV variables are being
initialized through the template structure.
Signed-off-by: Tom Lendacky <[email protected]>
Compare: https://github.com/tianocore/edk2/compare/a6f1433e9598...6142f0a8a535
To unsubscribe from these emails, change your notification settings at
https://github.com/tianocore/edk2/settings/notifications
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
