Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/PlatformPei: Skip PlatformInitEmuVariableNvStore in SEV guest

Fri, 14 Apr 2023 03:21:01 -0700 

  Hi,

>    -drive 
> if=pflash,format=raw,unit=0,file=/root/kernels/qemu-install/OVMF_CODE.fd,readonly=on
>    -drive if=pflash,format=raw,unit=1,file=./fedora.fd

>  In this case, only OVMF_CODE.fd will be encrypted.
>  The fedora.fd (OVMF_VARS.fd) will be unencrypted.

>    -drive 
> if=pflash,format=raw,unit=0,file=/root/kernels/qemu-install/OVMF.fd,readonly=on

>  In this case, OVMF.fd will be encrypted, which includes the now memory
>  backed variable store.

> > Can AmdSevInitialize() setup the mappings?
> 
> Is there a way to tell when OVMF.fd vs OVMF_VARS.fd/OVMF_CODE.fd is used?

Hmm, good question.  Can the guest figure what memory ranges are part
of the launch measurement?

I have a patch here (attached below) which refines flash detection and
can detect whenever varstore flash is writable or not.  I suspect that
doesn't help much though as flash probing requires mappings already
being correct.

take care,
  Gerd

commit fdab276a9f8a25f505b083b5e15180d093f515e3
Author: Gerd Hoffmann <kra...@redhat.com>
Date:   Tue Apr 4 11:25:37 2023 +0200

    OvmfPkg/QemuFlashFvbServicesRuntimeDxe: refine flash detection

diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c 
b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
index 82b2b70441bf..c088d560f829 100644
--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
+++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
@@ -118,8 +118,17 @@ QemuFlashDetected (
       *Ptr = OriginalUint8;
     } else if (ProbeUint8 == CLEARED_ARRAY_STATUS) {
       DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as FLASH\n"));
-      FlashDetected = TRUE;
-      *Ptr          = READ_ARRAY_CMD;
+      *Ptr = WRITE_BYTE_CMD;
+      *Ptr = OriginalUint8;
+      *Ptr = READ_STATUS_CMD;
+      ProbeUint8 = *Ptr;
+      if (ProbeUint8 & 0x10 /* programming error */) {
+        DEBUG ((DEBUG_INFO, "QemuFlashDetected => FLASH is readonly\n"));
+      } else {
+        DEBUG ((DEBUG_INFO, "QemuFlashDetected => FLASH is writable\n"));
+        FlashDetected = TRUE;
+      }
+      *Ptr = READ_ARRAY_CMD;
     }
   }
 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102994): https://edk2.groups.io/g/devel/message/102994
Mute This Topic: https://groups.io/mt/97922617/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to