Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest

Wed, 12 Apr 2023 08:24:01 -0700 

On 4/12/23 02:24, Gerd Hoffmann wrote:

On Tue, Apr 11, 2023 at 01:03:28PM -0500, Tom Lendacky wrote:

On 4/11/23 05:04, Gerd Hoffmann wrote:

On Fri, Apr 07, 2023 at 12:00:46PM -0500, Tom Lendacky wrote:


Thanks for the quick turn-around, but that patch didn't work for me. I've
update the bugzilla.


Can you try the patch below?


That doesn't work either.

Specifying both OVMF_CODE.fd and OVMF_VARS.fd generates an ASSERT.


Both as pflash I assume?  Which assert?


Yes, both as pflash. I've never attempted to run an SEV guest using the
-bios option.

The assert is:
ASSERT [PlatformPei] 
/root/kernels/ovmf-build-X64/OvmfPkg/Library/PlatformInitLib/Platform.c(930): 
((BOOLEAN)(0==1))

That happens for SEV and SEV-ES.

For SEV-SNP, it causes a VMRUN failure with a strange exit code - but
I believe it is because of accessing a page marked as shared in the RMP,
but accessed as private by the guest.

 



Specifying just OVMF_CODE.fd causes VMRUN failure (triple fault)


That's not a valid configuration anyway.


Right, but it has worked in the past. IIUC, it effectively ends up
creating a memory based variable store.

An SEV guest triple faults.

An SEV-ES and SEV-SNP guest asserts:
Invalid MMIO opcode (AF)
ASSERT [SecMain] 
/root/kernels/ovmf-build-X64/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c(507): 
((BOOLEAN)(0==1))




Specifying just OVMF.fd boots successfully


pflash or -bios or both?


Just pflash. We don't support running OVMF under SEV using the -bios
option. If I try to run an SEV guest with -bios OVMF.fd, both SEV and
SEV-ES hang, while SEV-SNP returns an -EFAULT on a launch update.

I believe none of the mappings are setup properly at this point. I
think just eliminating the call for an SEV guest is fine.

Thanks,
Tom



For which cases does the patch change behavior?

take care,
   Gerd




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102890): https://edk2.groups.io/g/devel/message/102890
Mute This Topic: https://groups.io/mt/97922617/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-





























					Reply via email to