On 4/5/23 20:42, Xu, Min M wrote:
On April 3, 2023 7:21 PM, Gerd Hoffmann wrote:
I agree that the efi variable store is not secure without smm. But
after 58eb8517ad7b be introduced, the -D SECURE_BOOT_ENABLE doesn't
work with SEV. System just hangs in "NvVarStore FV headers were invalid."
Hi, Joeyli
ASSERT is triggered in DEBUG version. In RELEASE version ASSERT is skipped
and an error code is returned. So system will not hang.
So another solution is simply remove the ASSERT. Then an error message is
dumped out and system continues.
@Gerd Hoffmann @Tom Lendacky @joeyli What's your thought?
Maybe we just need to call ReserveEmuVariableNvStore a bit later?
I think we can still call ReserveEmuVariableNvStore at PEI phase, but move the
initialization of EmuVariableNvStore to
https://github.com/tianocore/edk2/blob/master/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c#L780-L783
@Tom Lendacky At this moment, is SEV guest available to read the content from
VarStore?
It's quite possible. If you can work up a quick patch, I'll test it out.
Thanks,
Tom
Thanks
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102628): https://edk2.groups.io/g/devel/message/102628
Mute This Topic: https://groups.io/mt/97922617/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
